diff --git a/terraform-aws/nat-server-2.tf b/terraform-aws/nat-server-2.tf
new file mode 100644
index 0000000..9c45734
--- /dev/null
+++ b/terraform-aws/nat-server-2.tf
@@ -0,0 +1,30 @@
+/* NAT/VPN server */
+resource "aws_instance" "nat2" {
+  ami = lookup(var.aws_amis, "0")
+  instance_type = "t2.micro"
+  subnet_id = aws_subnet.public.id
+  security_groups = [aws_security_group.allow_all.id, aws_security_group.nat.id]
+  key_name = aws_key_pair.deployer.key_name
+  source_dest_check = false
+  tags = {
+    Name = "nat server"
+  }
+  connection {
+    user = "ubuntu"
+    private_key = "ssh/insecure-deployer"
+    host = self.public_ip
+  }
+  provisioner "remote-exec" {
+    inline = [
+      "sudo iptables -t nat -A POSTROUTING -j MASQUERADE",
+      "echo 1 | sudo tee /proc/sys/net/ipv4/conf/all/forwarding > /dev/null",
+      /* Install docker */
+      "curl -sSL https://get.docker.com/ubuntu/ | sudo sh",
+      /* Initialize open vpn data container */
+      "sudo mkdir -p /etc/openvpn",
+      "sudo docker run --name ovpn-data -v /etc/openvpn busybox",
+      /* Generate OpenVPN server config */
+      "sudo docker run --volumes-from ovpn-data --rm gosuri/openvpn ovpn_genconfig -p ${var.vpc_cidr} -u udp://${aws_instance.nat.public_ip}"
+    ]
+  }
+}