1️⃣ Prepare your Ubuntu jump server
-
Make sure your EC2 instance:
-
Is in a public subnet with an Elastic IP.
-
Has Security Group rules allowing:
UDP 1194(OpenVPN default)TCP 22(for SSH)- Optional: Restrict source IPs to your office/home IP for security.
-
2️⃣ Install OpenVPN
SSH into the server:
ssh ubuntu@<JUMP_SERVER_PUBLIC_IP>Run:
sudo apt update && sudo apt install -y curl
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
sudo ./openvpn-install.sh3️⃣ Answer the prompts
The script will ask:
- Public IP → accept default (Elastic IP of EC2)
- Protocol →
UDP - Port →
1194 - DNS → choose
1for current system resolvers - Client name → e.g.
ahmad-laptop - Extra security → you can skip for speed
It will then generate:
/root/ahmad-laptop.ovpn4️⃣ Copy the .ovpn file to your laptop
On your laptop:
scp ubuntu@<JUMP_SERVER_PUBLIC_IP>:/root/ahmad-laptop.ovpn .5️⃣ Connect from your laptop
-
Linux/Mac:
sudo openvpn --config ahmad-laptop.ovpn -
Windows:
- Install OpenVPN GUI (opens in a new tab).
- Import the
.ovpnfile and connect.
6️⃣ Test connection
Once connected, you should be able to hit the EKS API endpoint directly:
aws eks describe-cluster \
--name tracemypods-premium \
--query "cluster.endpoint" \
--output textThen:
curl -vk $(aws eks describe-cluster --name tracemypods-premium --query "cluster.endpoint" --output text) \
--header "Authorization: Bearer $(aws eks get-token --cluster-name tracemypods-premium --query 'status.token' --output text)" \
--cacert <(aws eks describe-cluster --name tracemypods-premium --query "cluster.certificateAuthority.data" --output text | base64 -d)If that returns JSON with Kubernetes version info → VPN works ✅.
Do you want me to add IP forwarding & route config so that only EKS traffic goes through the VPN instead of all your internet traffic? That’ll make it faster and less disruptive while working.