Install OpenVPN server using Ansible over AWS VPC

In this tutorial, we’ll use this blog post as a base and use the below scenario in which we’ll configure the custom NAT instance to OpenVPN as well using Ansible to access the resources inside the private subnet(s).

Please modify the following things for the above mentioned post:

– Open the UDP port 1194 inside the NAT instance Security Group

– Allow the desired traffic inside the desired desination server(s) Security Group for NAT instance

If you want manual step by step procedure to install the OpenVPN server on Ubuntu, please refer this post.

First, download this Repository from the GitHub:

git clone https://github.com/arbabnazar/ansible-openvpn-aws-vpc.git

Note: If git is not installed then you can simply download the zip file.

Move inside the cloned repo and then edit the variable file openvpn/vars/main.yml as per your requirement, I have added the necessary detail as comments:

	---
	openvpn_key_country: "PK"
	openvpn_key_province: "Punjab"
	openvpn_key_city: "Lahore"
	openvpn_key_org: "Tendo Pvt ltd"
	openvpn_key_ou: "IT Department"
	openvpn_days_valid: "1825"
	openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
	openvpn_key_size: "2048"
	openvpn_cipher: "BF-CBC"
	openvpn_auth_digest: "SHA1"
	openvpn_path: "/etc/openvpn"
	openvpn_ca: "{{ openvpn_path }}/ca"
	openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"
	openvpn_hmac_firewall: "{{ openvpn_path }}/ta.key"
	openvpn_server: "tendo.local"
	openvpn_port: "1194"
	openvpn_protocol: "udp"
	# It assume that the subnet mask is /24
	openvpn_network: "10.8.0.0"
	# Private Subnet(s) in VPC that you want to reach through OPENVPN, it assume that the subnet mask is /24
	private_networks:
	- 10.10.20.0
	- 10.10.30.0
	# Please mentioned the clients' name at this location
	openvpn_clients:
	- laptop
	- phone
	- table

view raw openvpn-var.yml hosted with ❤ by GitHub

Note: The most import parameters is private_networks, these are the networks to which you want to give access to your OpenVPN clients through OpenVPN server.

After that edit the hosts file, mentioned the public ip address of your instance which you want to make as OpenVPN server and login username:

[openvpn]
52.18.167.161 ansible_ssh_user=ubuntu

Once you will be done with the editing, then run this command:

ansible-playbook -i hosts site.yml

After successful completion of all the tasks, it will show you the summary, something like this:

It will create the directory named “clients” inside the directory(i.e: cloned repo) from where we have run the playbook.

Move inside the “clients” directory which contains the files for OpenVPN clients, please give these files to your clients (one per client):

Download free OpenVPN client for windows from here, and install it. Once it done, then move the openvpn client file to the following directory:

C:\Program Files\OpenVPN\config

After that run the OpenVPN client with Administrator privileges. Right click on the openvpn icon at System Tray and click on “Connect“:

Once it will be connected, will show you the similar detail:

Check the routing table on client machine:

netstat -r

Ping to the EC2 instance inside the private subnet:

Enjoy 

Hope this will help you!

Please Remember me in your prayers!

Name(required)

Email(required)

Website

Comment(required)

Submit

Δ