Yandex.Cloud
  • Services
  • Why Yandex.Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Use cases
  • Web service
    • All use cases
    • Static website in Object Storage
    • Website on LAMP or LEMP stack
    • Fault-tolerant website with load balancing from Yandex Network Load Balancer
    • Fault-tolerant website using DNS load balancing
    • Joomla-based website with PostgreSQL
    • WordPress website
    • WordPress website on a MySQL database
    • 1C-Bitrix website
  • Online stores
    • All use cases
    • 1C-Bitrix online store
    • Opencart online store
  • Data archive
    • All use cases
    • Single-node file server
    • Configuring an SFTP server on Centos 7
    • Backup to Object Storage via Acronis Backup
    • Backup to Object Storage via CloudBerry Desktop Backup
    • Backup to Object Storage via Duplicati
    • Backup to Object Storage via Bacula
    • Digitizing archives in Yandex Vision
  • Test environment
    • All use cases
    • Testing applications with GitLab
    • Creating test VMs using GitLab CI
    • High-performance computing on preemptible VMs
  • Infrastructure management
    • All use cases
    • Getting started with Terraform
    • Uploading Terraform states to Object Storage
    • Getting started with Packer
    • VM images building automation using Jenkins
    • Continuous deployment of containerized applications using GitLab
    • Creating a cluster of 1C:Enterprise Linux servers with a Managed Service for PostgreSQL cluster
    • Creating a cluster of 1C:Enterprise Windows servers with MS SQL Server
    • Migrating to Yandex.Cloud using Hystax Acura
    • Emergency recovery in Yandex.Cloud using Hystax Acura
    • Configuring a fault-tolerant architecture in Yandex.Cloud
  • Windows in Yandex.Cloud
    • All use cases
    • Deploying Active Directory
    • Deploying Microsoft Exchange
    • Deploying Remote Desktop Services
    • Deploying an Always On availability group
    • Deploying an Always On availability group with an internal network load balancer
  • Network routing
    • All use cases
    • Routing through a NAT instance
    • Creating a VPN tunnel
    • Installing a Cisco CSR1000v virtual router
    • Installing a Mikrotik CHR virtual router
    • Creating a VPN connection using OpenVPN
  • Data visualization and analytics
    • All use cases
    • Visualizing data from a CSV file
    • Visualizing data from a ClickHouse database
    • Visualizing data from Yandex.Metrica
    • Visualizing data from Yandex.Metrica Logs API
    • Publishing a chart with a map from a CSV file to DataLens Public
    • Visualizing data from AppMetrica
    • Visualizing geodata from a CSV file
  • Internet of things
    • Use cases for the internet of things
    • Status monitoring of geographically distributed devices
    • Monitoring sensor readings and event notifications
  1. Network routing
  2. Creating a VPN connection using OpenVPN

Creating a VPN connection using OpenVPN

  • Before you start
    • Required paid resources
  • Create subnets and a test VM
  • Create an OpenVPN instance
  • Set the administrator password
  • Create an OpenVPN user
  • Connect to the VPN
  • Delete the created resources

This scenario describes how to configure an OpenVPN instance to access Yandex.Cloud VMs over an encrypted connection. It considers the option to configure an OpenVPN gateway with username and password-based access.

To set up a VPN tunnel:

  1. Before you start.
  2. Create subnets and a test VM.
  3. Create an OpenVPN instance.
  4. Set the administrator password.
  5. Create an OpenVPN user.
  6. Connect to the VPN.

If you no longer need the OpenVPN instance, delete it.

Before you start

Before deploying the server, you need to sign up for Yandex.Cloud and create a billing account:

  1. Go to the management console. Then log in to Yandex.Cloud or sign up if don't already have an account.
  2. On the billing page, make sure you linked a billing account, and it has the ACTIVE or TRIAL_ACTIVE status. If you don't have a billing account, create one.

If you have an active billing account, you can create or select a folder to run your VM in from the Yandex.Cloud page.

Learn more about clouds and folders.

Required paid resources

The cost of infrastructure support for OpenVPN includes:

  • A fee for continuously running VMs (see pricingYandex Compute Cloud).
  • A fee for using a dynamic external IP address (see pricing Yandex Virtual Private Cloud).

Create subnets and a test VM

To connect cloud resources to the internet, make sure you have networks and subnets.

Create a test VM without a public IP and connect it to the subnet.

Create an OpenVPN instance

Create a VM in Yandex.Cloud to serve as a gateway for a VPN tunnel.

  1. Open your folder and click Create resource. Select Virtual machine.

  2. Enter a name for the VM, for example, openvpn-instance.

  3. Select the subnet availability zone to connect the OpenVPN instance to and where the test VM is already located.

  4. Under Images from Cloud Marketplace, click Select and choose the OpenVPN image.

  5. In the Network settings section, choose the required network and subnet and assign a public IP to the VM either by selecting it from the list or automatically.

    Only use static public IP addresses from the list or make the IP address static. Dynamic IP addresses may change after the VM reboots and the connections will no longer work.

  6. In the Access field, enter the login and SSH key to access the VM.

  7. Click Create VM.

Set the administrator password

The openvpn user with administrator privileges was created on the OpenVPN server in advance. To access the admin panel, set a password for this user.

  1. Connect to the virtual machine over SSH:

    $ ssh <VM public IP>
    
  2. Run the command:

    $ sudo passwd openvpn
    Enter new UNIX password:
    

    Enter a new password.

    You can then log in to the OpenVPN admin panel.

Create an OpenVPN user

To establish an OpenVPN connection, enter the username and password of the user on the client machine. Create a new user:

  1. In the browser, open a URL like https://<VM public IP address>:943/admin/.
  2. Specify the openvpn username and the password created in the previous step.
  3. Click Agree. This opens the main screen of the OpenVPN admin panel.
  4. Go to the User management tab and select User permissions.
  5. In the list of users, enter the name of the new user in the New Username field, like test-user.
  6. Click the pencil icon in the More Settings column and set the new user's password in the Password field.
  7. Click Save settings.
  8. Click Update running server.

You can then connect to the VPN using OpenVPN Connect.

Connect to the VPN

To check that a connection is established and working properly, connect to the VPN and run the ping command for the test VM internal address:

  1. Start the OpenVPN Connect Client.
  2. Create a new connection. Type the VM IP address, enter test-user as the user, and enter the user's password.
  3. Enable the created connection.
  4. Open the terminal and run the command ping <internal IP address of the test VM>. If the command is executed, the VM can be accessed via OpenVPN.

Delete the created resources

If you no longer need the OpenVPN instance, delete the openvpn-instance VM and the test VM.

If you reserved a public static IP address, delete it.

In this article:
  • Before you start
  • Required paid resources
  • Create subnets and a test VM
  • Create an OpenVPN instance
  • Set the administrator password
  • Create an OpenVPN user
  • Connect to the VPN
  • Delete the created resources
Language
Careers
Privacy policy
Terms of use
© 2021 Yandex.Cloud LLC