Skip to content

martoc/vpn-client

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.github
.github
 
 
docs
docs
 
 
src
src
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

vpn-client

checks License: MIT slack

An Infrastructure-as-Code (IaC) solution for deploying AWS Client VPN endpoints with mutual TLS authentication. This project provides CloudFormation templates and scripts to establish secure remote access to your AWS VPCs.

Features

  • Mutual TLS Authentication: Certificate-based authentication for enhanced security
  • Infrastructure as Code: Fully automated deployment using AWS CloudFormation
  • Optional VPC Creation: Use an existing VPC or create a new one with secure defaults
  • Split Tunneling Support: Configure partial or full VPN routing
  • Multi-Client Support: Works with AWS VPN Client, OpenVPN Connect, and iOS devices

Quick Start

  1. Clone the repository

    git clone https://github.com/martoc/vpn-client.git cd vpn-client

  2. Generate certificates

    git clone https://github.com/OpenVPN/easy-rsa.git src/scripts/generate.sh

  3. Import server certificate to AWS ACM

    aws acm import-certificate \ --certificate fileb://workdir/server.crt \ --private-key fileb://workdir/server.key \ --certificate-chain fileb://workdir/ca.crt \ --region <your-region>

  4. Deploy the VPN client stack

    aws cloudformation create-stack \ --stack-name vpn-client \ --template-body file://src/cloudformation/vpn-client.yaml \ --parameters \ ParameterKey=ServerCertificateArn,ParameterValue=<certificate-arn> \ --region <your-region>

See the full documentation for detailed setup instructions and configuration options.

Prerequisites

  • AWS CLI configured with appropriate credentials
  • An AWS account with permissions to create VPC, EC2, and ACM resources
  • Git (for cloning easy-rsa)

Project Structure

vpn-client/ ├── src/ │ ├── cloudformation/ │ │ ├── vpn-client.yaml # VPN endpoint CloudFormation template │ │ └── vpn-vpc.yaml # Optional VPC CloudFormation template │ └── scripts/ │ └── generate.sh # Certificate generation script └── docs/ # Documentation

Documentation

Security

This project uses certificate-based mutual TLS authentication, which provides stronger security than username/password authentication. For security concerns, please see SECURITY.md.

Contributing

Contributions are welcome! Please read our Contributing Guidelines before submitting pull requests.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

AWS VPN client configuration

Topics

aws aws-vpc-vpn-client

Resources

Readme

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 5

v0.1.4 Latest
Dec 12, 2025
+ 4 releases

Contributors

Languages