Skip to content

GregVes/openv-vpn-ansible-playbook

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OpenVPN Ansible playbook

A playbook to manage a PKI for OpenVPN

ansible-playbook \
    -i inventory.yml \
    playbook.yml \
    --extra-vars="variable_host=<host-ip> variable_user=<host-user> variable_private_key=<ssh-private-key-location>"

What does this playbook do?

NOTE: for commodity, we create the whole PKI on the same server. You should rather have dedicated CA (validating and signing certs) and the vpn (run openvpn) servers

This playbook creates the PKI allowing clients to tunnel their traffic to an OpenVPN server (variable_host, variable_user and variable_private_key). When a client referenced in clients list is not registered on the VPN server, it is automatically created.

  • install easyrsa 3.0.8 in a dedicated easyrsa home dir
  • init the PKI
  • generate ca.crt and ca.key
  • generate server.key and server.req
  • sign server.req and create server.crt
  • generated pre-shared ta.key
  • template server.conf and client.base.conf
  • (optional) if ufw is installed, allow traffic through openvpn_port, set DEFAULT_FORWARD_POLICY and IP masquerading
  • start openvpn server systemd service
  • generate <client>.req and <client>.key for non already existing clients
  • sign <client>.req create <client>.cert for non already existing clients
  • generate client config files
  • copy client config files to localhost's openvpn_client_configs_dest