gavika.openvpn
gavika.openvpn
=========
Install and set up OpenVPN. Create and manage your own OpenVPN server.
For more information, visit: Tech Chorus Guide to OpenVPN
Also, check the examples folder.
Requirements
This role needs to be used together with gavika.easy_rsa.
Role Variables
| Variable | Default Value | Description | Required? |
|---|---|---|---|
| easy_rsa_local_pool_directory | /tmp/ca_openvpn_pool | Temporary directory to store certificate requests and certificates. | Yes |
| openvpn_client_users | [] | List of OpenVPN client usernames (use only letters and numbers). | No |
| openvpn_port | 1194 | The port where the OpenVPN server operates. | Yes |
| openvpn_protocol | Default: udp (Options: tcp or udp) | The network protocol to be used. | Yes |
| openvpn_server_ip_address | (Your OpenVPN server IP) | The IP address assigned in the generated client certificates. | Yes |
| openvpn_generated_configurations_local_pool | false (Boolean) | Whether to copy the generated client configurations to the local pool directory. | Yes |
| openvpn_route_all_traffic | True (Boolean) | Whether to route all internet traffic through the OpenVPN server. | Yes |
| openvpn_use_opendns_public_dns | True (Boolean) | Whether to use OpenDNS servers for clients. | Yes |
| openvpn_additional_configs | [] | Additional configurations for OpenVPN. Each entry is a key-value pair. | Yes |
| openvpn_default_firewalld_zone | public | The zone name for the Firewalld configuration (only for EL). | Yes |
Instructions for Building Servers
To create a CA and an OpenVPN server using gavika.easy_rsa and gavika.openvpn, you will run the roles multiple times as per your needs. You need to run them in the correct order, as specified in the documentation. Typically, you'll run openvpn-playbook.yml twice and easy-rsa-playbook.yml once.
Playbook Execution Flow:
Click here for the full-size flowchart
Example Commands to Run Playbooks:
# Set up OpenVPN and create server/client requests
ansible-playbook -i my-inventory.yml openvpn-playbook.yml
# Build the CA server and process requests
ansible-playbook -i my-inventory.yml easy-rsa-playbook.yml
# Set up OpenVPN and generate client configurations
ansible-playbook -i my-inventory.yml openvpn-playbook.yml
Dependencies
- The
gavika.openvpnrole works withgavika.easy_rsa. - Requires the following collections:
community.aws
- The
boto3Python library is necessary.
Example Playbook for CA Server: easy-rsa-playbook.yml
---
- hosts: ca_server
become: true
vars:
easy_rsa_req_country: "IN"
easy_rsa_req_province: "KA"
easy_rsa_req_city: "Bangalore"
easy_rsa_req_org: "Gavika"
easy_rsa_req_email: "[email protected]"
easy_rsa_req_ou: "Gavika"
easy_rsa_local_pool_directory: /tmp/ca_openvpn_pool
easy_rsa_server_request_to_import: "server.req"
easy_rsa_ca_server_mode: true
roles:
- role: gavika.easy_rsa
Example Playbook for OpenVPN Server: openvpn-playbook.yml
---
- hosts: openvpn_server
become: true
vars:
openvpn_client_users:
- janedoe
- johndoe
easy_rsa_req_country: "IN"
easy_rsa_req_province: "KA"
easy_rsa_req_city: "Bangalore"
easy_rsa_req_org: "My Organization"
easy_rsa_req_email: "[email protected]"
easy_rsa_req_ou: "My Organization Unit"
roles:
- role: gavika.easy_rsa
- role: gavika.openvpn
Example Inventory: my-inventory
all:
hosts:
placeholder
children:
ca_server:
hosts:
dev-ca-01.example.com:
ansible_become: true
ansible_user: ubuntu
ansible_host: 192.168.3.5
easy_rsa_ca_server_mode: true
ansible_python_interpreter: /usr/bin/python3
openvpn_server:
hosts:
dev-vpn-01.example.com:
ansible_python_interpreter: /usr/bin/python3
ansible_become: true
ansible_user: ubuntu
ansible_host: 192.168.3.6
openvpn_server_ip_address: 192.168.3.6
License
Apache License, Version 2.0
Author Information
Sudheera Satyanarayana
- Gavika: www.gavika.com
- Blog: Tech Chorus Blog
- Twitter: @bngsudheer
- GitHub: bngsudheer
Informazioni sul progetto
Role to install and configure OpenVPN server and generate client configurations
Installa
ansible-galaxy install gavika.openvpnLicenza
other
Download
286
Proprietario