Skip to main content

1️⃣ Prepare your Ubuntu jump server

  • Make sure your EC2 instance:
    • Is in a public subnet with an Elastic IP.
    • Has Security Group rules allowing:
      • UDP 1194 (OpenVPN default)
      • TCP 22 (for SSH)
      • Optional: Restrict source IPs to your office/home IP for security.

2️⃣ Install OpenVPN

SSH into the server: 
ssh ubuntu@<JUMP_SERVER_PUBLIC_IP>
Run: 
sudo apt update && sudo apt install -y curl
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
sudo ./openvpn-install.sh

3️⃣ Answer the prompts

The script will ask:
  • Public IP → accept default (Elastic IP of EC2)
  • ProtocolUDP
  • Port1194
  • DNS → choose 1 for current system resolvers
  • Client name → e.g. ahmad-laptop
  • Extra security → you can skip for speed
It will then generate: 
/root/ahmad-laptop.ovpn

4️⃣ Copy the .ovpn file to your laptop

On your laptop: 
scp ubuntu@<JUMP_SERVER_PUBLIC_IP>:/root/ahmad-laptop.ovpn .

5️⃣ Connect from your laptop

  • Linux/Mac: 
    sudo openvpn --config ahmad-laptop.ovpn
  • Windows:
    • Install OpenVPN GUI.
    • Import the .ovpn file and connect.

6️⃣ Test connection

Once connected, you should be able to hit the EKS API endpoint directly: 
aws eks describe-cluster \
  --name tracemypods-premium \
  --query "cluster.endpoint" \
  --output text
Then: 
curl -vk $(aws eks describe-cluster --name tracemypods-premium --query "cluster.endpoint" --output text) \
  --header "Authorization: Bearer $(aws eks get-token --cluster-name tracemypods-premium --query 'status.token' --output text)" \
  --cacert <(aws eks describe-cluster --name tracemypods-premium --query "cluster.certificateAuthority.data" --output text | base64 -d)
If that returns JSON with Kubernetes version info → VPN works ✅.
Do you want me to add IP forwarding & route config so that only EKS traffic goes through the VPN instead of all your internet traffic? That’ll make it faster and less disruptive while working.