UPDATE 3/28 We now have a video too. Watch it on our YouTube channel.
This is a quick guide for a basic VNS3 Controller setup and connecting a single EC2 based client instance. We’ll start from an AWS Marketplace VNS3:vpn Free Edition Controller step through basic configurations, then launch and connect to an Ubuntu 16.04 LTS client server.
This is the minimum needed to establish an overlay network, but a core use case for our long-term VNS3 users. Assuming you’ll need a quick and easy solution, we’ll demo VNS3 on an AWS EC2 t2.medium instance and a free-tier t2.small Ubuntu 16.04. You can always scale up to more VNS3 Controllers, add storage or upgrade instance sizes as needs grow.
Launch VNS3 from the AWS Marketplace
Grab your new Public DNS name, and open a new tab to https://address:8000 (in my case https://ec2-52-14-8-98.us-east-2.compute.amazonaws.com:8000). You’ll see the VNS3 Controller interface. The browser will complain about the SSL certificate used, but persist.
Your first time login is vnscubed and the password is the instance ID. Log in, then change your passwords immediately.
Since this is the free edition, the easiest and most obvious way to get a license is to click the Free Edition License button. Enter your name and email (there’s a limit of 2 free editions per email, FYI). You’ll get an email right away with the license and instructions.
Click Upload License in the upper left menu and paste the license in.
You have the option to specify a custom network address here. For simplicity you can just use the preconfigured default and hit ‘Submit and reboot’.
After the reboot, you’ll create unique X509 creds – clientpacks – by clicking Generate New from the left side menu. Enter a name for your topo and create a security token (password).
Last step for config! After the reboot with keys, click on Controller Peering. With Free Edition you’ve got 1 choice: set Controller #1 to this instance. Voilà!
Set up an OpenVPN client on Ubuntu 16.04 LTS
Back in AWS, we’ll go through a similar launch with Ubuntu 16.04 LTS. This time, we can use a t2.mico to get free tier savings.
As you click through the steps, make sure it’s in your same VPC as VNS3. This time you can use different security groups – like the vns3-client option in our AWS guides on cohesive.net/docs – but make sure you have SSH access and a keypair.
Launch that little server and SSH into it. We’ll first add OpenVPN
sudo apt-get install -y openvpn
Add a clientpack to the server
Now is the fun part! On your VNS3 Controller, click on Clientpacks on the left menu.
Click the Linux link under the Config Files column to view it.
From your terminal, you can create a new file and paste the full text of the config file. Name the clientpack as you create the file. I went with the very original cp1.conf
Insert the full text of the conf page, then write and quit. Next, we’ll move the clientpack file to the directory where OpenVPN is stored:
mv cp1.conf /etc/openvpn
And finally, we’ll start OpenVPN to make sure the Overlay Network is working:
systemctl start firstname.lastname@example.org
The tun0 connection should now be visible in
ifconfig, and a client connection can be seen on the Runtime Status page:
Next steps: Get more out of the Overlay Network by adding more clients (and clients outside of AWS) to see how they join the network together.
Don’t leave the lights on: AWS Free Tier gives 750hrs per month for a Linux t2.micro instance. That’s more than enough to leave the Ubuntu server running full time, but if you also leave the client running it will start to incur charges outside of free tier.Notes
 There is nothing that can be done to prevent this warning. SSL was designed for certificates to be issued to a given named site, but it’s impossible to provide a certificate (from a trusted CA) that will correspond to the EC2 name (or any DNS name you might choose to give it).
 We use the instance ID as the initial password as this should only be known to the person that just launched the instance (or others within an administrative circle of trust).
 For more nuance, see the full process in the VNS3 Config guide
New: watch the guide as a video: