Install OpenVPN server using Ansible over AWS VPC

In this tutorial, we’ll use this blog post as a base and use the below scenario in which we’ll configure the custom NAT instance to OpenVPN as well using Ansible to access the resources inside the private subnet(s).


Please modify the following things for the above mentioned post:

– Open the UDP port 1194 inside the NAT instance Security Group

– Allow the desired traffic inside the desired desination server(s) Security Group for NAT instance

If you want manual step by step procedure to install the OpenVPN server on Ubuntu, please refer this post.

First, download this Repository from the GitHub:

git clone

Note: If git is not installed then you can simply download the zip file.

Move inside the cloned repo and then edit the variable file openvpn/vars/main.yml as per your requirement, I have added the necessary detail as comments:

Note: The most import parameters is private_networks, these are the networks to which you want to give access to your OpenVPN clients through OpenVPN server.

After that edit the hosts file, mentioned the public ip address of your instance which you want to make as OpenVPN server and login username:

[openvpn] ansible_ssh_user=ubuntu

Once you will be done with the editing, then run this command:

ansible-playbook -i hosts site.yml


After successful completion of all the tasks, it will show you the summary, something like this:


It will create the directory named “clients” inside the directory(i.e: cloned repo) from where we have run the playbook.


Move inside the “clients” directory which contains the files for OpenVPN clients, please give these files to your clients (one per client):


Download free OpenVPN client for windows from here, and install it. Once it done, then move the openvpn client file to the following directory:

C:\Program Files\OpenVPN\config


After that run the OpenVPN client with Administrator privileges. Right click on the openvpn icon at System Tray and click on “Connect“:


Once it will be connected, will show you the similar detail:


Check the routing table on client machine:

netstat -r


Ping to the EC2 instance inside the private subnet:


Enjoy :-)

Hope this will help you!

Please Remember me in your prayers!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: