A CloudFormation template for adding an EC2 instance with a fully automated bootstrap script to create a VPN that automatically creates SSL certificates and allows easy management of users.
Description
- CloudFormation template
- Ec2 instance
- Vpc Selection
- Subnet selection
- Security group
- IAM Profile
- Role
- Policy
- S3 Bucket
- SES
- FlowLog
- ENI
- EIP
- VPN bootstrap script for installing and running OpenVPN
- Log in to the AWS account
- Open CloudFormation and create a stack with new resources
- Load the template and fill in the parameters
- Connect to the EC2 instance and use scripts to manage users.
- The bootstrap script can run for up to 30 minutes because of the key encryption process.
Navigate to the /root folder and use:
- Create user:
./create_vpn_user firstname-lastname
- Remove user:
./revoke_vpn_user firstname-lastname
- Fix network issues:
./repair-net
- Check who is connected to the VPN
cat /var/log/openvpn/openvpn-status.log | sed '/ROUTING/q' | head -n -1
- Check out the list of created users
ll /root/pki/issued/
- After the user is created send the one-time link to the user
To streamline and simplify the process of creating a larger number of users requiring access, you can utilize a GitHub Action found in the repository. One prerequisite for its usage is that during the deployment of the CloudFormation template, you have provided a verified email address for SES.
Here's a step-by-step guide:
-
Create a new private repository and add secrets for actions to establish a connection with AWS.
-
Create an action to synchronize the user list with OpenVPN.
-
Generate a new user list in the email address format, with each user listed on a separate line. Save the file as:
./users/vpn_user_list
mail1@example.com mail2@example.com mail3@example.com
-
Once the changes are pushed to GitHub, your OpenVPN will create new users and send them an email containing the configuration file. Please note that the configuration file will expire within 24 hours of receiving the email.
By following these steps, you can efficiently generate OpenVPN users and automate the process using GitHub Actions.
Video
AWS.VPN.mp4
ARM template for adding VM with a fully automated bootstrap script to create a VPN that automatically creates SSL certificates and allows easy management of users.
Description
- Resource group
- Virtual network
- Network Interface
- Network security group
- Virtual machine
- Public IP address
- Disk
-
Log in to Azure
az login
-
Set the right subscription
az account set --subscription "your subscription id"
-
Create the Resource group
az account list-locations az group create --name "resource-group" --location "your location"
-
Deploy the ARM template
az group deployment create --name "name of your deployment" --resource-group "resource-group" --template-file "./azuredeploy.json"
-
In Azure CLI fill in "Linux OS Password" parameter
- At least 12 characters
- A mixture of both uppercase and lowercase letters
- A mixture of letters and numbers
- Create or remove a VPN user Connect with SSH to the VM and use scripts to manage users.
- The bootstrap script can run for up to 30 minutes because of the key encryption process.
Navigate to the /root folder and use:
- Create user:
./create_vpn_user firstname-lastname
- Remove user:
./revoke_vpn_user firstname-lastname
- Fix network issues:
./repair-net
- Check who is connected to the VPN
cat /var/log/openvpn/openvpn-status.log | sed '/ROUTING/q' | head -n -1
- Check out the list of created users
ll /root/pki/issued/
- After the user is created send the one-time link to the user
Video
azure_arm_vpn.mp4
Repository info
The maintainer for the repository: senad.dizdarevic@valcon.com If you are cloning this repository and creating a new one make sure to change the git clone command in the user-data section of the template.