githubixx.peervpn

Panoramica Versioni Approfondimenti

role-peervpn

This Ansible role helps set up PeerVPN for Ubuntu 16.04/18.04 (and likely works for other Linux systems using systemd). PeerVPN allows you to create a fully connected VPN across different data centers and nodes. You need at least one host with a public interface (default: Port 7000, protocol UDP). You can configure this public host for the peervpn_conf_initpeers setting. PeerVPN will automatically discover the other hosts on your VPN.

PeerVPN creates its own TAP interface, called tap0. If you want to change the name, set a different value for the peervpn_conf_interface variable.

To create a strong secret password for your PeerVPN preshared key, you can use:

openssl rand -base64 382 | tr -d '\n' && echo

This preshared key must be used on all hosts where you install PeerVPN and share the same network name. The default preshared key is default and should be changed.

Versions

I tag every release and follow semantic versioning. It’s best to use the latest tag. The master branch is for development, while the tags indicate stable versions. A tag like 1.0.0+r044 means it is release 1.0.0 of this role using PeerVPN version r044. If the role changes, X.Y.Z increases. If PeerVPN version changes, rXXX increases, and role patch level increases (e.g., 1.0.0 to 1.0.1). This allows tagging of bug fixes and new major versions.

Requirements

Make sure to allow traffic on port 7000 using UDP if you have a firewall. You MUST add the peervpn_conf_initpeers variable as there is no default! IPv6 is ENABLED by default; to disable it, set peervpn_conf_enableipv6: no.

Role Variables

You mostly need to change a few variables, but check templates/etc/peervpn/peervpn.conf.j2 for examples and full descriptions.

Variables without default values:

peervpn_conf_initpeers
peervpn_conf_engine
peervpn_conf_ifconfig6
peervpn_conf_upcmd
peervpn_conf_chroot

Variables with default values:

peervpn_version: "peervpn-0-044"
peervpn_install_directory: "/opt/{{peervpn_version}}"
peervpn_dest: "/usr/local/sbin"
peervpn_conf_networkname: "peervpn"
peervpn_conf_psk: "default"
peervpn_conf_enabletunneling: "yes"
peervpn_conf_interface: "tap0"
peervpn_conf_local: "0.0.0.0"
peervpn_conf_port: 7000
peervpn_conf_ifconfig4: "10.0.0.1/24"
peervpn_conf_sockmark: 0
peervpn_conf_enableipv4: "yes"
peervpn_conf_enablenat64clat: "no"
peervpn_conf_enablerelay: "no"
peervpn_conf_enableprivdrop: "yes"
peervpn_conf_user: "nobody"
peervpn_conf_group: "nogroup"

You MUST specify peervpn_conf_initpeers to use PeerVPN (either in host_vars or group_vars). For example, if you set peervpn_conf_initpeers: "host.example.net 7000", PeerVPN tries to connect to that host on port 7000 via UDP.

You should at least update these variables:

  • peervpn_conf_initpeers: Hostname and port PeerVPN connects to for the VPN.
  • peervpn_conf_networkname: Name of your VPN.
  • peervpn_conf_psk: Preshared key. See above for generating a good key.
  • peervpn_conf_ifconfig4: IP address of the node and subnet in CIDR notation, to be specified for each host.

Example Playbook

- hosts: webservers
  roles:
    - peervpn

License

GNU GENERAL PUBLIC LICENSE Version 3

Author Information

http://www.tauceti.blog

Informazioni sul progetto

Installes PeerVPN on a node

role networking peervpn security vpn
Installa
ansible-galaxy install githubixx.peervpn
GitHub repository
7 stelle
1 fork
0 problemi aperti
Licenza
gpl-3.0
Download
142
Proprietario
Robert Wimmer
Senior System Engineer - Python, Go, Cloud, Kubernetes, Commodore, Retro, 80's ;-)