Almost free Netflix VPN on Amazon EC2 set up in 30 minutes using Ansible

This is a hacker/developer/sysadmin oriented guide to set up on demand VPN on Amazon EC2 server. Amazon EC2 t2.micro instance costs 0.013 USD per hour, so the deal is very light for your purse, beating commercial VPN pricing by an order of magnitude. Further, Amazon provides 750 hours of free of t2.micro instance usage for new users.

We automatize the cumbersome server configuration tasks using Ansible automatization tool. With Ansible, you’ll get your own VPN service up’n’running in 30 minutes. The instructions work on OSX and Linux systems and Ansible won’t run on Windows.


We set up PPTP VPN. The VPN is good for watching Netflix where US region enjoys wider availability of entertainment. The VPN is also good defeating other US geofencing services and protecting your privacy on open Wi-Fi hotspots. Android, iOS (iPhone / iPad), OSX, Linux and Windows all support PPTP protocol out of the box, so no additional software is needed on your device.


Setting up EC2

Go to AWS and sign up for an account. The payment options include all common credit cards.

Sign up for t2.micro on demand instance using Ubuntu 14.04 image. Pick an instance from US East Coast (N. Virginia) availability zone for the maximum speed from Europe. AWS prompts yoy to download SSH keys to access the instance. Store them safely. Below we assume you download keys named amazon and store them in your SSH folder:

mv ~/Downloads/amazon.pem ~/.ssh
chmod 400 ~/ssh/amazon.pem

By default, EC2 instances are firewalled. In your EC2 instance list, click Security Group for the instance (Security group name should be like launch-wizard-1). Go to Inboud > Edit and choose All traffic. This allows access to PPTP service and Squid proxy which will be installed on the server.

Screen Shot 2015-04-12 at 19.03.25

Installing PPTP using Ansible

Install Ansible. Packages available for Ubuntu, OSX Homebrew and others. Ansible is a tool installed on your local computer and it will connect the server over SSH.

Clone the Ansible playbook which automates PPTP installation on your server.:

git clone

Replace hosts file in the playbook. Change the IP address to your instance IP address as shown in Amazon AWS console:

[amazon] ansible_ssh_user=ubuntu ansible_sudo=true ansible_ssh_private_key_file=~/.ssh/amazon.pem

You need to wait until instance state says Running in AWS console. Then proceed to install and configure PPTP on the server using Ansible:

ansible-playbook -i hosts site.yml --extra-vars '{"hosts":"","username":"vpn","password":"changeme"}'

Now you can connect to your VPN using the instance IP address, username vpn and password changeme.

Connecting to VPN with Android

Test your VPN on Android by going to menu Settings > Wireless & networks > More > VPN. Hit + to add new entry. Choose PPTP, enter your server IP, username and password. Choose the created entry to connect. In few seconds you should see Connected status and a key icon appears in Android status bar.

Please note that the instance IP address changes on every start and stop. You can update the VPN IP address by doing a long press on the entry in Android VPN menu.

Starting and stopping EC2 instance on demand

Download AWS Console app from Google Play Store or from App Store for your mobile. The app takes your AWS credentials and allows you to start and stop the EC2 instances  with a single click.

After starting you’ll see the new IP address of the instance in Public IP field of AWS Console app.



Please note that PPTP does not work on cheap OpenVZ virtual machines due to lack of kernel support – a full virtual machine is required. The Ansible playbook is kindly provided by Liang Shan.

\"\" Subscribe to RSS feed Follow me on Twitter Follow me on Facebook Follow me Google+

4 thoughts on “Almost free Netflix VPN on Amazon EC2 set up in 30 minutes using Ansible

  1. Great tutorial and setup worked like a charm. Unfortunately, netflix even chased down the tech savvy ones and shut off AWS it seems. Does anybody have experiences with AWS regions that might work? or di they shut off all of AWS?

  2. Hi Dirk!

    Very good question. I don’t know myself, but please let me know answer if you find any VPS providers who are not banned yet.

  3. indeed it looks like Netflix shut off AWS IPs, at least I’m getting timeout from N.Virginia

Leave a Reply

Your email address will not be published. Required fields are marked *