Ansible Role: OpenVPN

=========

Opstree Solutions

This is an Ansible role that helps you install and set up an OpenVPN server.

Version History

---

Date	Version	Description	Changed By
16 August 2018	v.1.0.0	Initial Draft	Yashvinder Hooda
8 September 2018	v.1.0.0	Added Role for Debian	Sudipt Sharma
9 October 2018	v.1.0.0	Updated Readme	Sudipt Sharma
13 November 2018	v.1.0.0	Updated for RHEL	Sudipt Sharma
28 February 2019	v.1.0.0	Added GitLab-CI	Mahesh Kumar
31 May 2019	v.1.0.0	Added molecule Test Cases	Ekansh Jain
13 January 2020	v.1.0.0	Updated for Amazon	Sudipt Sharma
11 February 2020	v.1.0.0	Added tags for client creation & revocation	Sudipt Sharma
18 April 2020	v.1.0.0	Integrated CircleCI	Sudipt Sharma

Key Features

---

• This role sets up and configures OpenVPN automatically.
• It has two main files:
  • clientlist: List the clients you want to add.
  • revokelist: List the clients you want to remove.

Important Note:

• You need to turn off Source/Destination Check on the VPN instance.

  Go to your EC2 instances, select the VPN instance, then go to Networking -> Change Source/Dest. Choose "Yes, Disable" from the drop-down. This allows your VPN server to connect to other EC2 instances.

Supported Operating Systems

---

• CentOS 7
• CentOS 6
• Ubuntu Bionic
• Ubuntu Xenial
• Amazon AMI

Dependencies

---

• None :)

Directory Structure

---

osm_openvpn
.
├── clientlist
├── defaults
│   └── main.yml
├── files
│   └── make_config.sh
├── handlers
│   └── main.yml
├── media
│   ├── add_connection.png
│   ├── addvpn.jpg
│   ├── client.png
│   ├── import_file.png
│   ├── save_key.png
│   ├── select_file.png
│   └── vpn.jpg
├── meta
│   └── main.yaml
├── molecule
│   └── default
│       ├── Dockerfile.j2
│       ├── INSTALL.rst
│       ├── molecule.yml
│       ├── playbook.yml
│       └── tests
│           ├── test_default.py
│           └── test_default.pyc
├── README.md
├── revokelist
├── tasks
│   ├── client_keys.yaml
│   ├── config.yaml
│   ├── easy-rsa.yaml
│   ├── firewall.yaml
│   ├── install.yaml
│   ├── main.yaml
│   ├── revoke.yaml
│   └── server_keys.yaml
└── templates
    ├── before.rules.j2
    ├── client.conf.j2
    └── server.conf.j2
10 directories, 31 files

Role Variables

---

Variable	Default Value	Description	Type
server_name	server	Name of the OpenVPN server	Optional
PROTOCOL	udp	Protocol that the server uses	Mandatory
PORT	1194	Port on which the server operates	Mandatory
openvpn_server_network	10.8.0.0	Network range for the VPN	Optional
base_directory	/etc/openvpn	Path for OpenVPN configuration	Optional
easy_rsa_url	url	Link to download Easy RSA	Optional
block_all_connection	false	Block all connections for OpenVPN clients	Optional
port_list	[80,443]	Ports clients are allowed to use if connections are blocked	Optional

Example Playbook

---

---
- name: Automate OpenVPN Setup
  hosts: server
  become: true
  roles:
    - role: osm_openvpn
...

$ ansible-playbook site.yml -i inventory

• To generate client keys:

$ ansible-playbook site.yml -i inventory --tags "generate_client_keys"

• To revoke client keys:

$ ansible-playbook site.yml -i inventory --tags "revoke_client_keys"

Inventory Example

---

Your inventory file should look like this:

[server]                 
192.xxx.x.xxx    ansible_user=ubuntu 

Client Keys

---

Client keys will be found in /tmp/{{client_name}}.ovpn on your local machine.

Client Configuration

---

To install OpenVPN, run:

apt-get install openvpn -y

For Ubuntu 18.04: Install the OpenVPN GUI with:

apt install network-manager-openvpn-gnome -y

After installation, go to your network settings:

1. Add a VPN configuration.
2. Browse to your client.ovpn file.

For Ubuntu 16.04: Install the OpenVPN GUI with:

apt install network-manager-openvpn-gnome -y

Then go to network settings:

1. Add a VPN connection.
2. Import your .ovpn file.

Future Changes

---

• Improve compatibility to run on bare metal servers.

References

---

• OpenVPN Source Code
• Guide Used

License

• MIT / BSD

Author Contributors

Contributors

Sudipt Sharma