Easy-RSA

This Ansible role sets up and configures EasyRSA. Use this role to create your Public Key Infrastructure (PKI). This could be your first step if you're setting up your own OpenVPN server.

https://www.techchorus.net/blog/run-your-own-openvpn-server/

Requirements

For CentOS, you need to enable the EPEL repository. You can do this using bngsudheer.centos_base or another method.

To build a Certificate Authority (CA) server and an OpenVPN server using gavika.easy_rsa and gavika.openvpn, you have to run the roles several times based on your needs. It’s your responsibility to execute them the right number of times and in the right order. Examples can be found in the gavika.openvpn documentation.

Example contents of ca_open_vpn_extra_vars.yml

---
easy_rsa_server_request_to_import: server.req

Role Variables

easy_rsa_ca_server_mode: true
easy_rsa_req_country: ""
easy_rsa_req_province: ""
easy_rsa_req_city: ""
easy_rsa_req_org: ""
easy_rsa_req_email: ""
easy_rsa_req_ou: ""
easy_rsa_dn: ""

Dependencies

EPEL must be enabled on CentOS. There are no dependencies for Ubuntu.

Example Playbook

---
  - hosts: my_ca_server
    vars:
      easy_rsa_req_country: "IN"
      easy_rsa_req_province: "KA"
      easy_rsa_req_city: "Bangalore"
      easy_rsa_req_org: "My Organization"
      easy_rsa_req_email: "[email protected]"
      easy_rsa_req_ou: "My Organization Unit"
      easy_rsa_dn: "vpn.example.com"
      easy_rsa_build_ca: true
    roles:
      - role: gavika.easy_rsa

License

Apache License, Version 2.0

Author Information

Sudheera Satyanarayana

• Gavika: https://www.gavika.com

• Blog: https://www.techchorus.net

• Twitter: https://www.twitter.com/bngsudheer

• Github: https://github.com/bngsudheer