Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Install OpenVPN server using Ansible over AWS VPC

There's a blog post that I wrote to go along with this. Check it out!

We'll use the below scenario in which we’ll configure the custom NAT instance to OpenVPN as well using Ansible to access the resources inside the private subnet(s). Please refer this AWS VPC scenario

Please modify the following things for the above mentioned post:

– Open the UDP port 1194 inside the NAT instance Security Group

– Allow the desired traffic inside the desired desination server(s) Security Group for NAT instance

Edit the variable file openvpn/defaults/main.yml as per your requirement, I have added the necessary detail as comments:

  - openvpn
  - iptables-persistent
  - udev
  - dnsmasq

openvpn_key_country:  "PK"
openvpn_key_province: "Punjab"
openvpn_key_city: "Lahore"
openvpn_key_org: "Tendo Pvt ltd"
openvpn_key_ou: "IT Department"
openvpn_days_valid: "1825"
openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
openvpn_key_size: "2048"
openvpn_cipher: "BF-CBC"
openvpn_auth_digest: "SHA1"
openvpn_path: "/etc/openvpn"
openvpn_ca: "{{ openvpn_path }}/ca"
openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"
openvpn_hmac_firewall: "{{ openvpn_path }}/ta.key"
openvpn_server: "tendo.local"
openvpn_port: "1194"
openvpn_protocol: "udp"

# It assume that the subnet mask is /24
openvpn_network: "" 

# Private Subnet(s) in VPC that you want to reach through OPENVPN, it assume that the subnet mask is /24
# Please mentioned the clients' name at this location
  - laptop
  - phone
  - tablet

# OPENVPN rules for iptables
  - /sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  - /sbin/iptables -A FORWARD -s {{ openvpn_network }}/24 -j ACCEPT
  - /sbin/iptables -A FORWARD -j REJECT
  - /sbin/iptables -t nat -A POSTROUTING -s {{ openvpn_network }}/24 -o {{ ansible_default_ipv4.interface }} -j MASQUERADE

# Please mentioned the clients' name at this location
  - laptop
  - phone
  - tablet

After that edit the hosts file, mentioned the public ip address of your instance which you want to make as OpenVPN server and login username:

[openvpn] ansible_ssh_user=ubuntu

After editing the vars and hosts file as per requirements, run this command:

ansible-playbook -i hosts site.yml
You can’t perform that action at this time.