Skip to content
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
Cannot retrieve contributors at this time

VPN Raspberry Pi Ansible Playbook

Setup VPN IKEv2 Road Warrior with private/public key authentication for local side, username/password for Road Warrior client.

What does the playbook do?

  • Create private/public keys using Let's Encrypt for your domain.
  • Automatic renewal of the keys.
  • Install VPN IKEv2 Road Warrior using strongSwan.
  • Configure Raspberry Pi firewall to allow VPN work properly.


  • Ansible installed on your local machine.
  • A Dynamic DNS that points to your home. Only if your internet service provider assigns a dynamic IP to you.
  • Your firewall router:
    • should forward VPN ports to your Raspberry Pi
      UDP *:500 -> Raspberry Pi:500
      UDP *:4500 -> Raspberry Pi:4500
    • should forward port 80 (or 443) to allow Let's Encrypt to verify your domain ownership.
      TCP *:80 (or 443) -> Raspberry Pi:80 (or 443)
    • should allow incoming VPN packets from outside.
      From any host in wan, ESP protocol -> ALLOW
      From any host in wan, AH protocol -> ALLOW
      You can find more information about firewall here.
  • A Raspberry Pi with Raspbian (Debian) Stretch.


Getting Started

I assume that you know how to use Ansible.

  • Rename hosts.example to hosts, replace YOUR-HOST-HERE with your Raspberry Pi. More info here.
  • In host_vars, rename the file name replacing YOUR-HOST-HERE with your Raspberry Pi. In that file, replace UPPERCASE variables with your data. You can find more variables to customize in ansible-role-certbot.
  • ansible-playbook -vv -i hosts vpn.yml to start it.

Support my work

Everything I made is open source. If you like what I'm doing and you want to support me, you can help me 😄!