git clone https://github.com/OpenVPN/easy-rsa
cd easy-rsa/easyrsa3
./easyrsa init-pki
./easyrsa build-ca nopass
./easyrsa build-server-full server nopass
./easyrsa build-client-full client1.domain.tld nopass
mkdir ../../certificates
cp pki/ca.crt ../../certificates
cp pki/issued/server.crt ../../certificates
cp pki/private/server.key ../../certificates
cp pki/private/client1.domain.tld.key ../../certificates
cp pki/issued/client1.domain.tld.crt ../../certificates Upload Certificates to AWS ACM cd ~ /company/vpn/certificates
aws acm import-certificate \
--certificate fileb://server.crt \
--private-key fileb://server.key \
--certificate-chain fileb://ca.crt \
--region < YOUR_REGION>
aws acm import-certificate \
--certificate fileb://client1.domain.tld.crt \
--private-key fileb://client1.domain.tld.key \
--certificate-chain fileb://ca.crt \
--region < YOUR_REGION>
Open Client VPN on AWS Console and click "Create Client VPN Endpoint"
Name Tag: clientvpn
Client IPv4 CIDR: 10.20.20.0/22
Server certificate ARN: server
Use mutual authentication: YES
Client certificate ARN: client1.domain.tld
Do you want to log the details on client connections?: NO
Enable DNS Servers: YES
DNS Server 1 IP address: 10.0.0.2 (AWS DNS - second IP in network)
Enable split-tunnel: YES
Go to Associations
Go to Authorization
Destination network to enable access: 10.0.0.0/16 (whole VPC network or specific subnets)
[Download Client Configuration and AWS Client VPN
open it
add <cert>Contents of client1.domain.tld.crt</cert>
add <key>Contents of client1.domain.tld.key</key>
Original DNS name: cvpn-endpoint-0102bc4c2eEXAMPLE.prod.clientvpn.us-west-2.amazonaws.com
Modified DNS name: asdfa.cvpn-endpoint-0102bc4c2eEXAMPLE.prod.clientvpn.us-west-2.amazonaws.com
