- Description:
- ansible playbook for openvpn (deprecated)
- Owner:
- gonzalo
- Last Change:
- Clone URL:
Commit Briefs
initial ansible-role-openvpn (master)
Branches
Tree
| .travis.yml | commits | blame |
| LICENSE | commits | blame |
| README.md | commits | blame |
| defaults/ | |
| handlers/ | |
| meta/ | |
| tasks/ | |
| templates/ | |
| tests/ | |
| vars/ | |
README.md
Ansible role for a VPN with OpenVPN & OpenBSD
=============================================
Ansible role to create a VPN server on OpenBSD (>6.0) with OpenVPN.
Requirements
------------
OpenBSD, Python 2.7 (on client machine) and 5 minutes.
Example pf.conf
---------------
The VPN port on this playbook is 443 udp, so you need something like
this:
```
...
# openvpn
pass in quick log on egress proto udp from any \
to (egress) port 443
pass in quick on tun0
pass out quick on egress from 10.100.0.0/24 to any nat-to (egress)
...
```
Example Ansible
---------------
This example is for a remote setup, so ,,test'' is your future vpn server, you
already put your ssh key on ,,test'' and this server already have python2.7
installed.
```
$ doas pkg_add ansible
...
$ cd /tmp && mkdir ansible && cd ansible
$ git clone https://github.com/gonzalo-/ansible-role-openvpn
Cloning into 'ansible-role-openvpn'...
remote: Counting objects: 143, done.
remote: Compressing objects: 100% (35/35), done.
remote: Total 143 (delta 26), reused 42 (delta 18), pack-reused 86
Receiving objects: 100% (143/143), 28.24 KiB | 148.00 KiB/s, done.
Resolving deltas: 100% (53/53), done.
$ mv ansible-role-openvpn gonzalo-.openvpn
$ cat hosts
test ansible_python_interpreter=/usr/local/bin/python2.7
$ cat openvpn.yml
---
- hosts: test
roles:
- role: gonzalo-.openvpn
become: yes
become_method: doas
vars:
client: 'client'
server_vpn: 'vpn.fucknsa.org'
openvpn_dir: '/etc/openvpn'
release: '6.3'
arch: 'amd64'
installurl_mirror: 'https://fastly.cdn.openbsd.org/pub/OpenBSD/'
pkg_path: 'https://fastly.cdn.openbsd.org/pub/OpenBSD/{{ release }}/packages/{{ arch }}/'
packages_list:
- openvpn
- easy-rsa
$ ansible-playbook -i hosts openvpn.yml
...MAGIC...
$
```
Client .ovpn
------------
If the playbook succeed, you might find the client.ovpn for your devices on ,,/etc/openvpn/client''
```
# ls -al /etc/openvpn/client
-rw-r--r-- 1 root wheel 5971 Apr 18 18:03 /etc/openvpn/client/client.ovpn
```
You can copy this file to your devices and import it on your openvpn client.
You can create later more clients by running:
```
# /etc/openvpn/client/create-client
Enter a name for a new client (Ex.: iphone): android
Generating a 2048 bit RSA private key
.........................................+++
............................................+++
writing new private key to '/usr/local/share/easy-rsa/pki/private/android.key.aZVsBL43mm'
-----
Using configuration from ./openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'android'
Certificate is to be certified until Apr 20 08:45:38 2028 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
```
And the final ,,.ovpn'' file is on /etc/openvpn/client/.
Example Playbook
----------------
```
---
- hosts: test
roles:
- role: gonzalo-.openvpn
become: yes
become_method: doas
vars:
client: 'client'
server_vpn: 'vpn.fucknsa.org'
openvpn_dir: '/etc/openvpn'
release: '6.3'
arch: 'amd64'
installurl_mirror: 'https://fastly.cdn.openbsd.org/pub/OpenBSD/'
pkg_path: 'https://fastly.cdn.openbsd.org/pub/OpenBSD/{{ release }}/packages/{{ arch }}/'
packages_list:
- openvpn
- easy-rsa
```
License
-------
ISC
Author Information
------------------
https://x61.sh/