aws install openvpn and its comparison

Overview

很多时候需要vpn(virtual private network)来保护网络privacy, 以及跨越一些restriction. 所以记录openvpn的安装过程及其对比,

使用aws安装openvpn的主要流程
列举安装后的openvpn与其他vpn之间的speedtest 对比

How vpn works

利用encryption key在vpn-client与vpn-server之间加密/解密网络数据.

Only your computer and the VPN server know this key.

vpn diff, credits drsoft

Install openvpn on aws

这里采用aws的ec2 作为server, 当然可以采用更轻量级的lightsail.

这里需要用到真实信用卡, 并临时扣除$1. 否则虽然可以login, 但是有很多restrictions, e.g., 不能launch ec2.

aws account homepage

launch ec2 with openvpn AMI

choose openvpn AMI
choose suitable ec2 instance
create a new key pair (you can only download from the web once)

choose AMI

choose instance

create & download key pair

ps.

有需求的话, 这里可以使用shadowsocks 来替换openvpn.

这次采用openvpn是因为aws free tier集成了它, 使得安装一键化.

当然如果是shadowsocks 的话, 就是在linux下pip/wget来安装.

configure openvpn server using SSH

here ip1 is your Public IPv4 address, ip2 is your Private IPv4 address,

ssh to ec2 from local with root
- ssh -i somepath/your-key-pair.pem root@ec2-ip1.amazonaws.com
- if the pem are too open, then chmod 400 somepath/your-key-pair.pem to make it private
- initial openvpn access server config
ssh to ec2 from local with openvpnas
- ssh -i somepath/your-key-pair.pem openvpnas@ec2-ip1.amazonaws.com
setup password used by openvpn UI
- sudo passwd openvpn
login openvpn web UI(optional)
- type ip1 in chrome

ip1 and ip2 in aws web

openvpn web UI login

openvpn web UI

connect to openvpn server using its client

我的设备是mac和iPhone,

mac

import profile in mac

login

ios

import profile in ios

current usage check

two users surfing

aws free tier limit

如果经常使用刚搭建的vpn上传out/下载in YouTube, 那么流量会飞快消耗. 此时很可能需要额外支付超过每月15GB 的流量

check ec2 network usage

Comparison

details

vpn	no vpn	openvpn	Hotspot Shield	VPN - Super Unlimited Proxy
snapshot

summary

comparison

可以看出,

normally多了一层vpn会慢一些(encrypt, etc.)
openvpn较快
hotspot shield较慢

Reference

v2ray(2022-10-10)

compare to openvpn, v2ray seems more stable

Steps

准备一个vpc(lightsail/ec2/gce)

安装server(v2ray)

注意设置时区
- sudo su
- timedatectl set-timezone Asia/Shanghai
generate userID
- cat /proc/sys/kernel/random/uuid
docker安装

# install docker
mkdir -p /home/ubuntu/wall/v2ray && cd /home/ubuntu/wall/v2ray
curl -fsSL https://get.docker.com -o get-docker.sh
sh ./get-docker.sh

# pull image
docker pull v2fly/v2fly-core:v4.45.2
docker pull v2fly/v2fly-core:v5.4.1

# conf
mkdir -p /etc/v2ray
cat >> /etc/v2ray/config.json << EOF
{
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "warning"
    },
    "inbound": {
        "port": 65423,
        "protocol": "vmess",
        "settings": {
            "clients": [
                {
                    "id": "xxx",
                    "level": 1,
                    "alterId": 100
                }
            ]
        }
    },
    "outbound": {
        "protocol": "freedom",
        "settings": {}
    },
    "inboundDetour": [],
    "outboundDetour": [
        {
            "protocol": "blackhole",
            "settings": {},
            "tag": "blocked"
        }
    ],
    "routing": {
        "strategy": "rules",
        "settings": {
            "rules": [
                {
                    "type": "field",
                    "ip": [
                        "0.0.0.0/8",
                        "10.0.0.0/8",
                        "100.64.0.0/10",
                        "127.0.0.0/8",
                        "169.254.0.0/16",
                        "172.16.0.0/12",
                        "192.0.0.0/24",
                        "192.0.2.0/24",
                        "192.168.0.0/16",
                        "198.18.0.0/15",
                        "198.51.100.0/24",
                        "203.0.113.0/24",
                        "::1/128",
                        "fc00::/7",
                        "fe80::/10"
                    ],
                    "outboundTag": "blocked"
                }
            ]
        }
    }
}
EOF


# start docker
docker run --log-opt max-size=10m --log-opt max-file=3 --name v2ray -d -e TZ="Asia/Shanghai" -v /etc/v2ray:/etc/v2ray -v /etc/v2ray/config.json:/etc/v2ray/config.json -p 65423:65423 v2fly/v2fly-core:v4.45.2
docker run --log-opt max-size=10m --log-opt max-file=3 --name v2ray -d -e TZ="Asia/Shanghai" -v /etc/v2ray:/etc/v2ray -v /etc/v2ray/config.json:/etc/v2ray/config.json -p 65423:65423 v2fly/v2fly-core:v5.4.1 run -c /etc/v2ray/config.json


# start v2ray
docker container start v2ray
docker container stop v2ray
docker container restart v2ray


# log
docker logs -f v2ray
docker container logs v2ray

安装client(V2rayU for mac & Shadowrocket for IOS)

V2rayU, 注意address填写的是ec2的公有IPv4地址

Shadowrocket directly scan config via V2rayU’s Share QR Code

监控vpc使用量

ec2的network实时量与累积量

从console直接查看用量, https://us-east-1.console.aws.amazon.com/billing/home#/bills?year=2024&month=4

speed test result

v2ray(2024-04-12, v5.15.1)

login aws
new security group
- in,
- out,
launch a new ec2
connect to ec2

generate config

 {
     "log": {
         "access": "/var/log/v2ray/access.log",
         "error": "/var/log/v2ray/error.log",
         "loglevel": "warning"
     },
     "inbounds": [{
       "port": xxx,
       "protocol": "vmess",
       "settings": {
         "clients": [
           {
             "id": "xxx",
             "alterId": 0,   
             "level": 0
           }
         ]
       }
     }],
     "outbounds": [{
       "protocol": "freedom",
       "settings": {}
     }]
 }    

bootstrap server

docker run --log-opt max-size=10m --log-opt max-file=3 --name v2ray -d -v /etc/localtime:/etc/localtime:ro -v /etc/v2ray:/etc/v2ray -v /etc/v2ray/config.json:/etc/v2ray/config.json -p xxx:xxx v2fly/v2fly-core:v5.15.1 run -c /etc/v2ray/config.json

config client with server PublicIPs
enjog

v2ray(2025-04-05)

sudo su
timedatectl set-timezone Asia/Shanghai

# install docker
mkdir -p /home/ubuntu/wall/v2ray && cd /home/ubuntu/wall/v2ray
curl -fsSL https://get.docker.com -o get-docker.sh
sh ./get-docker.sh

# pull image
docker pull v2fly/v2fly-core:v5.30.0

# conf
mkdir -p /etc/v2ray
vi /etc/v2ray/config.json

{
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "warning"
    },
    "inbound": {
      "port": 65423,
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "5b1c1dae-713b-45fb-aca5-ed10036b3082",
            "level": 0,
            "alterId": 0
          }
        ]
      }
    },
    "outbound": {
      "protocol": "freedom",
      "settings": {}
    }
}


# start docker
docker run --log-opt max-size=1m --log-opt max-file=1 --name v2ray -d -v /etc/localtime:/etc/localtime:ro -v /etc/v2ray:/etc/v2ray -v /etc/v2ray/config.json:/etc/v2ray/config.json -p 65423:65423 v2fly/v2fly-core:v5.30.0 run -c /etc/v2ray/config.json

# start v2ray
docker container start v2ray
docker container stop v2ray
docker container restart v2ray

# log
docker logs --since=6h -f v2ray

configure ipv6 SecurityGroups

in,
out,

config tianyiyunpan

ubuntu install nodejs & npm
git clone & edit .env(pwd)
append crontab
- 7 8 * * * cd /home/ubuntu/tianyiyunpan/Cloud189Checkin && /usr/bin/npm start >> /home/ubuntu/tianyiyunpan/cron.log 2>&1

us

create vpc: enable ipv6
edit Security Groups
assign ipv6 to ecs

Reference

PREVIOUSdatalake关注点

NEXTfrom SG to GZ during COVID-19

Overview

How vpn works

Install openvpn on aws

sign up aws account

launch ec2 with openvpn AMI

configure openvpn server using SSH

connect to openvpn server using its client

mac

ios

current usage check

aws free tier limit

Comparison

details

summary

Reference

v2ray(2022-10-10)

Steps

准备一个vpc(lightsail/ec2/gce)

安装server(v2ray)

安装client(V2rayU for mac & Shadowrocket for IOS)

监控vpc使用量

speed test result

v2ray(2024-04-12, v5.15.1)

v2ray(2025-04-05)

config tianyiyunpan

us

Reference