Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS


Autovpn is a script that allows the easy creation of OpenVPN endpoints in any AWS region. Creating a VPN endpoint is done with a single command that takes ~3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once the instance is configured an OpenVPN configuration file is downloaded and ready to use. There is also functionality to see which instances are running in which region and the ability to terminate the instance when done. Additional functionality includes specifying instance type, generate ssh keypairs, specify custom AMI, change login users, and more to come.

Use Case

  • Create on-demand OpenVPN Endpoints in AWS that can easily be destroyed after done only pay for what you use.


  1. Create a virtualenv:
mkvirtualenv -p python3 env/
source env/bin/activate
  1. Install dependencies by running pip install -r requirements.txt
  2. Ensure that you have an AWS .credentials file by running:
vi ~/.aws/credentials

Then type in the following and add your keys (remove the parenthesis):

aws_access_key_id = (your_access_key_here)
aws_secret_access_key = (your_secret_key_here)
  1. Install OpenVPN client (if needed)


  1. Ensure dependencies are all installed.
  2. Clone repo to the system.
git clone
  1. To create SSH keypair execute autovpn with -G and -r options for AWS region of choice. (optional) NOTE: Make sure to add a new key to your ssh-agent.
./autovpn -G -r us-east-1
  1. Execute autovpn with -C -k and -r options to deploy to AWS:
./autovpn -C -r us-east-1 -k us-east-1_vpnkey
  1. OpenVPN config files are downloaded to the current working directory.
  2. Import the OpenVPN config file and connect:
sudo openvpn us-east-1_aws_vpn.ovpn

Main page

    autovpn - On Demand AWS OpenVPN Endpoint Deployment Tool.
	Project found at
       -C    Create VPN endpoint.
       -D    Delete keypair from region.
       -G    Generate new keypair.
       -S    Get all running instances in a given region.
       -T    Terminate a OpenVPN endpoint.
       -d    Specify custom DNS server. (ex.
       -h    Displays this message.
       -i    AWS Instance type (Optional, Default is t2.micro)
	     t2.nano t2.micro t2.small t2.medium t2.large.**
       -k    Specify the name of AWS keypair (Required)
       -m    Allow multiple connections to same endpoint.
       -r    Specify AWS Region (Required)
	     us-east-1 us-west-1 us-east-2 us-west-2 eu-west-1 eu-west-2
	     eu-west-3 eu-central-1 eu-north-1 ap-southeast-1 ap-northeast-1
	     ap-northeast-2 ap-northeast-3 ap-southeast-2 sa-east-1
       ap-east-1 ca-central-1 me-south-1
       -p    Specify custom OpenVPN UDP port
       -u    Specify custom ssh user.***
       -y    Skip confirmations
       -z    Specify instance id.
  Create OpenVPN endpoint:
	autovpn -C -r us-east-1 -k us-east-1_vpnkey
  Generate keypair in a region.
	autovpn -G -r us-east-1
  Get running instances
	autovpn -S -r us-east-1
  Terminate OpenVPN endpoint
	autovpn -T -r us-east-1 -z i-b933e00c
  Using custom options
    autovpn -C -r us-east-1 -k us-east-1_vpnkey -a ami-fce3c696 -u ec2_user -i m3.medium
        * - Custom AMI may be needed if changing instance type.
        ** - Any instance size can be given but the t2.micro is more than enough.
        *** - Custom user might be need if using a custom ami.
	**** - AWS IAM user must have EC2 or Administrator permissions set.

To Do

  • Continue to update documentation
  • Add deletion of Security Group if it is no longer in use.
  • Add the ability to create more client configs for one endpoint.
  • Pull Requests are welcome.


September 8, 2020


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023