ansible-openvpn

OpenVPN with PKI for Ubuntu/Debian

Requirements

None

Role Variables

Certificate details:

• openvpn_domainComponent_tld: "com"
• openvpn_domainComponent_domain: "example"
• openvpn_organizationName: "ACME Inc"

Create a list of users who will access the VPN server:

• openvpn_users:
  • { username: 'fred', fullname: 'Fred Flintstone', email: 'fred@example.com' }
  • { username: 'john', fullname: 'John Example', email: 'john@example.com' }

To revoke certificates:

Do not remove a user from openvpn_users. Instead, create a list of usernames whose certificates need to be revoked:

• openvpn_revocation_list:
  • fred

Server Pool configuration:

Simple method: Use OpenVPN's --server option:

openvpn_server_full_pool: "10.8.0.0 255.255.255.0"

Advanced method: For more control, set openvpn_server_full_pool to an empty string and configure the following:

openvpn_server_full_pool: ''
openvpn_ifconfig: "10.8.8.1 255.255.252.0"
openvpn_push_route_gateway: "10.8.8.1"
openvpn_ifconfig_pool: "10.8.8.2 10.8.8.199 255.255.255.0"

Renew certificates via command line

To renew certificates, run the ansible-playbook command with the extra variable simplepki_renew_certificates. This variable should only be included as a command line argument:

ansible-playbook --extra-vars '{"simplepki_renew_certificates": ["fred","john"]}'

Revoke certificates via command line

To revoke certificates, run the ansible-playbook command with the extra variable simplepki_revocation_list:

ansible-playbook --extra-vars '{"simplepki_revocation_list": ["fred","john"]}'

Dependencies

• Use netzwirt.simple-pki in the playbook

Example Playbook

---  
- hosts: openvpn
  become: true
  roles:
  - netzwirt.simple-pki
  - netzwirt.openvpn

License

BSD

Author Information

netzwirt