Skip to content

arbabnazar/ansible-openvpn-aws-vpc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
openvpn
openvpn
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
hosts
hosts
 
 
site.yml
site.yml
 
 

Repository files navigation

Install OpenVPN server using Ansible over AWS VPC

There's a blog post that I wrote to go along with this. Check it out!

We'll use the below scenario in which we’ll configure the custom NAT instance to OpenVPN as well using Ansible to access the resources inside the private subnet(s). Please refer this AWS VPC scenario

Please modify the following things for the above mentioned post:

– Open the UDP port 1194 inside the NAT instance Security Group

– Allow the desired traffic inside the desired desination server(s) Security Group for NAT instance

Edit the variable file openvpn/defaults/main.yml as per your requirement, I have added the necessary detail as comments:

---
ubuntu_openvpn_pkgs:
  - openvpn
  - iptables-persistent
  - udev
  - dnsmasq

openvpn_key_country:  "PK"
openvpn_key_province: "Punjab"
openvpn_key_city: "Lahore"
openvpn_key_org: "Tendo Pvt ltd"
openvpn_key_ou: "IT Department"
openvpn_days_valid: "1825"
openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
openvpn_key_size: "2048"
openvpn_cipher: "BF-CBC"
openvpn_auth_digest: "SHA1"
openvpn_path: "/etc/openvpn"
openvpn_ca: "{{ openvpn_path }}/ca"
openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"
openvpn_hmac_firewall: "{{ openvpn_path }}/ta.key"
openvpn_server: "tendo.local"
openvpn_port: "1194"
openvpn_protocol: "udp"

# It assume that the subnet mask is /24
openvpn_network: "10.8.0.0" 

# Private Subnet(s) in VPC that you want to reach through OPENVPN, it assume that the subnet mask is /24
private_networks:
  - 10.10.20.0
  - 10.10.30.0
 
# Please mentioned the clients' name at this location
openvpn_clients:
  - laptop
  - phone
  - tablet

# OPENVPN rules for iptables
iptables_openvpn_rules:
  - /sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  - /sbin/iptables -A FORWARD -s {{ openvpn_network }}/24 -j ACCEPT
  - /sbin/iptables -A FORWARD -j REJECT
  - /sbin/iptables -t nat -A POSTROUTING -s {{ openvpn_network }}/24 -o {{ ansible_default_ipv4.interface }} -j MASQUERADE

# Please mentioned the clients' name at this location
openvpn_clients:
  - laptop
  - phone
  - tablet

After that edit the hosts file, mentioned the public ip address of your instance which you want to make as OpenVPN server and login username:

[openvpn]
52.18.167.161 ansible_ssh_user=ubuntu

After editing the vars and hosts file as per requirements, run this command:

ansible-playbook -i hosts site.yml

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

22 stars

Watchers

4 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •