GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → marblecodes → openvpn-aws-tf-ansible

marblecodes / openvpn-aws-tf-ansible

Licence: MIT license
OpenVPN with Terraform and Ansible on AWS

Programming Languages

Jinja
831 projects
HCL
1544 projects

Labels

awsansibleopenvpnterraformdnsmasq

Projects that are alternatives of or similar to openvpn-aws-tf-ansible

Config
Various program configuration files and scripts
Stars: ✭ 173 (+917.65%)
Mutual labels:  openvpn, dnsmasq
Piadvanced
This started as a custom install for my pihole!
Stars: ✭ 144 (+747.06%)
Mutual labels:  openvpn, dnsmasq
Adblocking Vpn
🔒 Create your own VPN server that blocks malicious domains to enhance your security and privacy
Stars: ✭ 139 (+717.65%)
Mutual labels:  openvpn, dnsmasq
ceil
Helmut Hoffer von Ankershoffen experimenting with auto-provisioned RPi cluster running K8S on bare-metal
Stars: ✭ 42 (+147.06%)
Mutual labels:  openvpn, dnsmasq
desktop-app-ui
Official IVPN Desktop app (legacy version)
Stars: ✭ 23 (+35.29%)
Mutual labels:  openvpn
alpine-qbittorrent-openvpn
qBittorrent docker container with OpenVPN client running as unprivileged user on alpine linux
Stars: ✭ 230 (+1252.94%)
Mutual labels:  openvpn
openvpn-status-web
Small Rack (Ruby) application serving OpenVPN status file
Stars: ✭ 14 (-17.65%)
Mutual labels:  openvpn
SmartGW
Domain based VPN Gateway/Proxy for all devices
Stars: ✭ 49 (+188.24%)
Mutual labels:  dnsmasq
ShadowOVPN
ShadowOVPN bridges shadowsocks and OpenVPN based on Docker. You can now connect to OpenVPN servers with any shadowsocks compatible client.
Stars: ✭ 17 (+0%)
Mutual labels:  openvpn
lokole
Source code for the Lokole project. Lokole enables communities in the Congo DRC to pool resources to access efficient communication via email at an affordable price.
Stars: ✭ 37 (+117.65%)
Mutual labels:  dnsmasq
MySB
MySB (MySeedBox) is more than a simplified installation script of a multi-users Seedbox. There are many solutions to install a Seedbox, but we never talk about safety and regular operations. MySB could be renamed MySSB (MySecuredSeedBox).
Stars: ✭ 105 (+517.65%)
Mutual labels:  openvpn
openvpn-status
Parse OpenVPN status logs in Python
Stars: ✭ 79 (+364.71%)
Mutual labels:  openvpn
2cca
2-cent Certification Authority
Stars: ✭ 27 (+58.82%)
Mutual labels:  openvpn
openvpn-shapeshifter
This script will automatically guide you to install and configure your OpenVPN server with Shapeshifter Dispatcher (obfuscation) which will allow you to bypass the DPI blockage on OpenVPN. This setup will offer the users the freedom to choose between regular OpenVPN connection or obfuscated one, they actually can use both! OpenVPN is the VPN pro…
Stars: ✭ 59 (+247.06%)
Mutual labels:  openvpn
vpnman
A web-based frontend for OpenVPN server management
Stars: ✭ 32 (+88.24%)
Mutual labels:  openvpn
docker-dns-ad-blocker
A lightweight dnsmasq DNS server to block traffic to known ad servers with optional DNSCrypt support. Supports x86_64 and Raspberry Pi (armhf).
Stars: ✭ 78 (+358.82%)
Mutual labels:  dnsmasq
split-vpn
A split tunnel VPN script for Unifi OS routers (UDM, UXG, UDR) with policy based routing.
Stars: ✭ 589 (+3364.71%)
Mutual labels:  openvpn
Cybernet-VPN
Android Cybernet VPN App
Stars: ✭ 28 (+64.71%)
Mutual labels:  openvpn
open-balena-vpn
openBalena VPN
Stars: ✭ 50 (+194.12%)
Mutual labels:  openvpn
OpenVpnManagement
C# OpenVPN interface
Stars: ✭ 42 (+147.06%)
Mutual labels:  openvpn
View All Similar Projects ➔

OpenVPN with Terraform and Ansible on AWS

This repository is an example of an Infrastructure as Code devOps project. It provides fully automatic deployment of a private VPN on your AWS account using Terraform and Ansible.

Prerequisites

1) Install AWS CLI

  • On MacOS: brew install awscli

For other Operating Systems see https://docs.aws.amazon.com/cli/latest/userguide/installing.html

2) Configure an admin user

  1. Go to https://console.aws.amazon.com/iam/home#/home
  2. Choose a username (e.g. terraform-vpn) and give programmatic access.
  3. Add exiting policy: AdministratorAccess
  4. Download the credentials and configure a profile in aws-cli
aws configure --profile terraform-vpn
aws iam get-user --profile terraform-vpn

3) Create a ssh key-pair to access the OpenVPN instance

ssh-keygen -t rsa -C "[email protected]" -b 4096 `
chmod 600 ~/.ssh/vpn

Configuration

1) Modify the config file as you wish /config.json

{
  "REGION": "eu-west-1",
  "PROFILE": "terraform-vpn",

  "VPN_INSTANCE_TYPE": "t3.micro",
  "VPN_AMI": "ami-00035f41c82244dab",
  "VPN_SSH_PUBLIC_KEY": "~/.ssh/vpn.pub",
  "VPN_SSH_PRIVATE_KEY": "~/.ssh/vpn",
  "OVPN_PORT": "1194",

  "VPC_CIDR": "172.20.0.0/16",
  "VPC_CIDRS": {
    "public": "172.20.3.0/24",
    "private": "172.20.1.0/24"
  }
}

2) Modify the default vars of the openvpn ansible role as you wish /ansible/roles/openvpn/default/main.yml

ovpn_cidr: 10.3.0.0/24
ovpn_network: 10.3.0.0 255.255.255.0
ovpn_push_routes:
  - 172.20.0.0 255.255.0.0

ca_dir: /home/ubuntu/ca

ca_key_country: BE
ca_key_province: BR
ca_key_city: Brussels
ca_key_org: MyOrganization
ca_key_email: [email protected]
ca_key_org_unit: MyOrganizationalUnit
ca_key_name: vpn_server

Setup

1) Add the AWS credentials to your environment

export AWS_ACCESS_KEY_ID="YOUR_AWS_KEY_ID"
export AWS_SECRET_ACCESS_KEY="YOUR_AWS_SECRET"
export AWS_DEFAULT_REGION="YOUR_AWS_REGION"

2) Bootstrap the infrastructure

cd terraform
terraform init
terraform plan --var-file ../config.json
terraform apply --var-file ../config.json

3) Wait till the EC2 is ready

4) Install OpenVPN on the EC2 Instance

This will download a zip file with client openvpn configuration and keys to your host.

cd ansible

# This will also add a client
ansible-playbook -i inventory openvpn_install.yml -e "username=john" -e "output=/tmp/john_vpn.zip"

4) Add an additional client to the VPN

This will download a zip file with client openvpn configuration and keys to your host.

cd ansible
ansible-playbook -i inventory openvpn_add_client.yml -e "username=john" -e "output=/tmp/john_vpn.zip"

Reprovision the EC2

If you want to recreate the vpn server with a new IP adress and new correct configuration, run these commands:

# taint the ec2 instance and ansible inventory generation script, this means it will be destroyed and recreated

cd terraform
terraform taint aws_instance.vpn
terraform apply --var-file ../config.json -auto-approve

# wait till the instance get up ...

# provision again with ansible
cd ../ansible
ansible-playbook -i inventory openvpn_install.yml -e "username=john" -e "output=/Users/brmm/Desktop/john_vpn.zip"

DNS Problems:

  • If you use tunnelblick on Mac on Sierra or higher you might have DNS issues with allowChangesToManuallySetNetworkSettings see this github issue
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].