First, follow the instructions in this post to build a firewall host.

In AWS EC2, launch the OpenVPN Access Server openvpn instance.

Attach 1 interface eth0 to the openvpn instance.

Subnet Interface Address
DMZ eth0

The openvpn instance will use for its default gateway.

From the firewall instance, you should be able to login to the openvpn instance using your ssh key.

ssh -i key.pem openvpnas@

Configure the firewall to redirect specific network connections to the openvpn instance

Modify /etc/pf.conf

------------------------------ cut here ------------------------------
rdr on $int_if inet proto tcp from <trusted> to $int_address port 224 -> port 22
rdr on $int_if inet proto tcp from <trusted> to $int_address port 444 -> port 443
rdr on $int_if inet proto tcp from <trusted> to $int_address port 943 -> port 943
rdr on $int_if inet proto udp from <trusted> to $int_address port 1194 -> port 1194
------------------------------ cut here ------------------------------

Configure the OpenVPN Access Server

Connect to the OpenVPN Access Server Web UI using http://elastic-ip-address:943/admin

VPN Mode

Select OSI layer for VPN tunneling : Layer 3 (routing/NAT)

VPN Setting

Should VPN clients have access to private subnets : Yes, using NAT

Specify the private subnets to which all clients should be given access :

Should client Internet traffic be routed through the VPN? : No

Should clients be allowed to access network services on the VPN gateway IP address? : Yes

DNS Settings : Do not alter clients’ DNS server settings

Advanced VPN Settings

Should clients be able to communicate with each other on the VPN IP Network? : No

Default Compression Settings : Support compression on client VPN connections

User Permissions

New username : pfsense

Allow Auto-login

Select IP Addressing : Use Dynamic

Select addressing method : Use NAT

Allow Access To these Networks :

Set up pfSense as OpenVPN Client

Follow the instructions