Overview
TurnKey VPN - built on open source OpenVPN® Community Edition helps save you time and money by providing a ready-to-run OpenVPN® solution that is secure, supported and easy to maintain. The system auto-updates itself with security fixes and is built in a transparent 100% open source process free of hidden backdoors.
OpenVPN® Community Edition provides a full-featured open source SSL/TLS Virtual Private Network (VPN). TurnKey VPN leverages the open source 'openvpn-server', 'openvpn-client' and 'easy-rsa' software (developed by OpenVPN® Inc.) to support 'site-to-site' or 'gateway' access.
'Site-to-site' can link 2 otherwise unconnected LANs; suitable for multi-site enterprise networks &/or linkage to an Amazon VPC. 'Gateway' configuration can secure traffic across public and/or insecure wifi connections and/or provide a secure solution for remote work scenarios.
Note: OpenVPN® is a registered trademark of OpenVPN® Inc. Neither TurnKey GNU/Linux nor this software appliance are affiliated with or endorsed by OpenVPN® Inc.
Highlights
- Secure, supported and easy to maintain: auto-updated daily with latest security patches. Bundled support for no extra charge.
- Free from hidden backdoors and vendor lock-in: transparent 100% opensource build of Debian GNU/Linux with no proprietary components or secret sauce.
- Free 1-click backup, restore and migrate: bundled backup software saves changes to files, databases and package management to encrypted storage which servers can be automatically restored from.
Details
Typical total price
$0.043/hour
Features and programs
Financing for AWS Marketplace purchases
Pricing
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
---|---|---|---|
t2.nano | $0.00 | $0.006 | $0.006 |
t2.micro AWS Free Tier | $0.02 | $0.012 | $0.032 |
t2.small Recommended | $0.02 | $0.023 | $0.043 |
t2.medium | $0.02 | $0.046 | $0.066 |
t2.large | $0.02 | $0.093 | $0.113 |
m3.medium | $0.02 | $0.067 | $0.087 |
m3.large | $0.02 | $0.133 | $0.153 |
m3.xlarge | $0.02 | $0.266 | $0.286 |
m3.2xlarge | $0.02 | $0.532 | $0.552 |
m4.large | $0.02 | $0.10 | $0.12 |
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
90 day money back guarantee if you are not fully satisfied.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Please see https://www.turnkeylinux.org/updates/openvpn for release notes.
Additional details
Usage instructions
System Initialization:
After creating an EC2 instance with 1-Click, browse to http://<Public_DNS>/ for system initialization instructions.
Alternatively, log in via SSH as user 'admin' to the running instance. Be sure to use the SSH keypair selected during launch.
This inital step is required to set sensitive passwords & install security updates. You may also be asked to set a domain name for your server. If this is required, then it must be a valid domain name (i.e. have DNS configured).
Accessing the software main web app
http://<Public_DNS>/
This may redirect to https and/or the domain set at initialisation.
OS commands via SSH
Log into the running instance via SSH as user 'admin', using the SSH keypair set at launch time. Use sudo to run commands requiring root access.
Web based System Admin control panel
https://<Public_DNS>:12321
Remove scary browser warnings
By default TurnKey AMIs ship with randomly generated self signed SSL/TLS certifcates. This will cause scary warning in your web browser When accessing https.
To remove the browser warnings, you will need to get a SSL/TLS certificate signed by an authorized Certificate Authority (CA). The recommended way to do that is to get a free Let's Encrypt SSL certificate. TurnKey comes with a built in tool to do that within your instance:
-
Ensure that you have your chosen domain DNS records configured and your domain resolves to your instance.
-
Access your instance via SSH.
-
Run 'sudo confconsole'.
-
Select:
Advanced >> Lets Encrypt >> Gen cert
For more info see: https://www.turnkeylinux.org/docs/confconsole
More info
For more info specific to this instance, visit the product homepage:
Support
Vendor support
E-mail support is provided through the TurnKey Hub at no additional cost. Once you sign up to the TurnKey Hub, your AWS marketplace subscription will be automatically identified. https://hub.turnkeylinux.org/ support@turnkeylinux.org
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Works by fixing server.conf
After a fresh install, when you generate the client profile, you normally get timeouts. For this to fix, add the following lines in your server.conf file which is located as /etc/openvpn/server.conf,
The lines are,
cipher AES-256-CBC
auth SHA256
After adding these lines, restart the openvpn servive by using,
systemctl restart openvpn
Also, reboot the instance for any unknown changes to be applied.
Works in 2022
This is not as easy as the official OpenVPN AMI but it is much easier than rolling an image your self.
The instructions at Github leave something to be desired, but if you're setting up a VPN into an AWS VPC you can use the instructions here https://aws.amazon.com/marketplace/pp/prodview-vtdzptnsownow?ref=cns_srchrow#pdp-overview to get it up and running.
Doesn't workk
The first step of instructions don't work as the server seems to be completely unreachable. Can't ssh into it using cert nominated in setup.