PiVPN

This guide helps you set up OpenVPN on a Raspberry Pi running Raspbian.

Requirements

To use this guide, you need:

• Ansible version 2.0 or later
• A clean installation of Raspbian
• Eth0 should have a static IP address.

Role Variables

Here are the variables you can set, along with brief descriptions:

(defaults/main.yml)

certificate:
  key_size: 1024 # Change to 2048 if you're very cautious
  key_country: "ES" # Two-letter country code
  key_province: "Seville" # Full name of the state or province
  key_city: "" # Name of the city or locality
  key_org: "ACME Ltd." # Name of your organization
  key_email: "" # Your email address
  key_ou: "" # Name of your department or section


openvpn:
  protocol: udp # Using UDP is recommended; you can switch to TCP if needed
  port: 1194 # Default OpenVPN port; make sure to open this port on your router for VPN access
  server_subnet: 10.8.0.0 # Subnet for OpenVPN clients
  server_netmask: 255.255.255.0 # Netmask for the client subnet
  server_tun0: 10.8.0.1 # IP address for the OpenVPN tunnel
  server_tun0_ptp: 10.8.0.2 # Point-to-point alias for the tunnel
  local_subnet: 192.168.0.0 # Local subnet for the Raspberry Pi
  local_netmask: 255.255.255.0 # Local netmask for the Raspberry Pi subnet
  dns_ip: 192.168.0.1 # Use your router's IP for DNS; otherwise, use Google DNS (8.8.8.8)

(defaults/credentials.yml)

# Consider using Ansible Vault to encrypt this credentials file and set permissions to 0600
#   ansible-vault encrypt <role_path>/defaults/credentials.yml

# Fill in these values to create an initial client
client:
  username: "" # Username for OpenVPN client
  password: "" # Password for OpenVPN client

Dependencies

None

Example Playbook

If you encrypt the credentials.yml file, use the flag '--ask-vault-pass' when running your playbook.

- hosts: pi
  role: pipoe2h.pivpn

License

MIT License

Author Information

• Jose Gomez | Website | Twitter