Get started
Solutions

Creating a VPN connection using OpenVPN

This scenario describes how to configure an OpenVPN instance to access Yandex.Cloud VMs over an encrypted connection. It considers the option to configure an OpenVPN gateway with username and password-based access.

To set up a VPN tunnel:

  1. Before you start.
  2. Create subnets and a test VM.
  3. Create an OpenVPN instance.
  4. Set the administrator password.
  5. Create an OpenVPN user.
  6. Connect to the VPN.

If you no longer need the OpenVPN instance, delete it.

Before you start

Before deploying the server, you need to sign up for Yandex.Cloud and create a billing account:

  1. Go to the management console. Then log in to Yandex.Cloud or sign up if don't already have an account.
  2. On the billing page, make sure you linked a billing account, and it has the ACTIVE or TRIAL_ACTIVE status. If you don't have a billing account, create one.

If you have an active billing account, you can create or select a folder to run your VM in from the Yandex.Cloud page.

Learn more about clouds and folders.

The cost of infrastructure support for OpenVPN includes:

Create subnets and a test VM

To connect cloud resources to the internet, make sure you have networks and subnets.

Create a test VM without a public IP and connect it to the subnet.

Create an OpenVPN instance

Create a VM in Yandex.Cloud to serve as a gateway for a VPN tunnel.

  1. Open your folder and click Create resource. Select Virtual machine.

  2. Enter a name for the VM, for example, openvpn-instance.

  3. Select the subnet availability zone to connect the OpenVPN instance to and where the test VM is already located.

  4. Under Images from Cloud Marketplace, click Select and choose the OpenVPN image.

  5. In the Network settings section, choose the required network and subnet and assign a public IP to the VM either by selecting it from the list or automatically.

    Only use static public IP addresses from the list or make the IP address static. Dynamic IP addresses may change after the VM reboots and the connections will no longer work.

  6. In the Access field, enter the login and SSH key to access the VM.

  7. Click Create VM.

Set the administrator password

The openvpn user with administrator privileges was created on the OpenVPN server in advance. To access the admin panel, set a password for this user.

  1. Connect to the virtual machine over SSH:

    $ ssh <VM public IP>

  2. Run the command:

    $ sudo passwd openvpn
Enter new UNIX password:

    Enter a new password.

    You can then log in to the OpenVPN admin panel.

Create an OpenVPN user

To establish an OpenVPN connection, enter the username and password of the user on the client machine. Create a new user:

  1. In the browser, open a URL like https://<VM public IP address>:943/admin/.
  2. Specify the openvpn username and the password created in the previous step.
  3. Click Agree. This opens the main screen of the OpenVPN admin panel.
  4. Go to the User management tab and select User permissions.
  5. In the list of users, enter the name of the new user in the New Username field, like test-user.
  6. Click the pencil icon in the More Settings column and set the new user's password in the Password field.
  7. Click Save settings.
  8. Click Update running server.

You can then connect to the VPN using OpenVPN Connect.

Connect to the VPN

To check that a connection is established and working properly, connect to the VPN and run the ping command for the test VM internal address:

  1. Start the OpenVPN Connect Client.
  2. Create a new connection. Type the VM IP address, enter test-user as the user, and enter the user's password.
  3. Enable the created connection.
  4. Open the terminal and run the command ping <internal IP address of the test VM>. If the command is executed, the VM can be accessed via OpenVPN.

Delete the created resources

If you no longer need the OpenVPN instance, delete the openvpn-instance VM and the test VM.

If you reserved a public static IP address, delete it.

In this article: