Gotweb

Tree

Tree:: f0bd225059fa3e0bbbe8815ee4e7d33084a26e7d
Date:: Wed Jul 25 23:43:31 2018 UTC
Message:: initial ansible-role-openvpn
.travis.yml	commits \| blame
LICENSE	commits \| blame
README.md	commits \| blame
defaults/
handlers/
meta/
tasks/
templates/
tests/
vars/
README.md

Ansible role for a VPN with OpenVPN & OpenBSD
=============================================

Ansible role to create a VPN server on OpenBSD (>6.0) with OpenVPN.

Requirements
------------

OpenBSD, Python 2.7 (on client machine) and 5 minutes.

Example pf.conf
---------------

The VPN port on this playbook is 443 udp, so you need something like
this:

```
...
# openvpn
pass in quick log on egress proto udp from any \
        to (egress) port 443
pass in quick on tun0
pass out quick on egress from 10.100.0.0/24 to any nat-to (egress)
...
```

Example Ansible
---------------

This example is for a remote setup, so ,,test'' is your future vpn server, you
already put your ssh key on ,,test'' and this server already have python2.7 
installed.

```
$ doas pkg_add ansible
...
$ cd /tmp && mkdir ansible && cd ansible
$ git clone https://github.com/gonzalo-/ansible-role-openvpn
Cloning into 'ansible-role-openvpn'...
remote: Counting objects: 143, done.
remote: Compressing objects: 100% (35/35), done.
remote: Total 143 (delta 26), reused 42 (delta 18), pack-reused 86
Receiving objects: 100% (143/143), 28.24 KiB | 148.00 KiB/s, done.
Resolving deltas: 100% (53/53), done.
$ mv ansible-role-openvpn gonzalo-.openvpn
$ cat hosts
test ansible_python_interpreter=/usr/local/bin/python2.7
$ cat openvpn.yml
---
- hosts: test
  roles:
     - role: gonzalo-.openvpn
  become: yes
  become_method: doas

  vars:
   client: 'client'
   server_vpn: 'vpn.fucknsa.org'
   openvpn_dir: '/etc/openvpn'
   release: '6.3'
   arch: 'amd64'
   installurl_mirror: 'https://fastly.cdn.openbsd.org/pub/OpenBSD/'
   pkg_path: 'https://fastly.cdn.openbsd.org/pub/OpenBSD/{{ release }}/packages/{{ arch }}/'
   packages_list:
    - openvpn
    - easy-rsa
$ ansible-playbook -i hosts openvpn.yml
...MAGIC...
$
```

Client .ovpn
------------

If the playbook succeed, you might find the client.ovpn for your devices on ,,/etc/openvpn/client''

```
# ls -al /etc/openvpn/client
-rw-r--r--  1 root  wheel  5971 Apr 18 18:03 /etc/openvpn/client/client.ovpn
```

You can copy this file to your devices and import it on your openvpn client.

You can create later more clients by running:

```
# /etc/openvpn/client/create-client
Enter a name for a new client (Ex.: iphone): android
Generating a 2048 bit RSA private key
.........................................+++
............................................+++
writing new private key to '/usr/local/share/easy-rsa/pki/private/android.key.aZVsBL43mm'
-----
Using configuration from ./openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'android'
Certificate is to be certified until Apr 20 08:45:38 2028 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
```

And the final ,,.ovpn'' file is on /etc/openvpn/client/.


Example Playbook
----------------
```
---
- hosts: test
  roles:
     - role: gonzalo-.openvpn
  become: yes
  become_method: doas

  vars:
   client: 'client'
   server_vpn: 'vpn.fucknsa.org'
   openvpn_dir: '/etc/openvpn'
   release: '6.3'
   arch: 'amd64'
   installurl_mirror: 'https://fastly.cdn.openbsd.org/pub/OpenBSD/'
   pkg_path: 'https://fastly.cdn.openbsd.org/pub/OpenBSD/{{ release }}/packages/{{ arch }}/'
   packages_list:
    - openvpn
    - easy-rsa
```

License
-------

ISC

Author Information
------------------

https://x61.sh/