There's a blog post that I wrote to go along with this. Check it out!
We'll use the below scenario in which we’ll configure the custom NAT instance to OpenVPN as well using Ansible to access the resources inside the private subnet(s).
Please modify the following things for the above mentioned post:
– Open the UDP port 1194 inside the NAT instance Security Group
– Allow the desired traffic inside the desired desination server(s) Security Group for NAT instance
Edit the variable file openvpn/defaults/main.yml as per your requirement, I have added the necessary detail as comments:
---
ubuntu_openvpn_pkgs:
- openvpn
- iptables-persistent
- udev
- dnsmasq
openvpn_key_country: "PK"
openvpn_key_province: "Punjab"
openvpn_key_city: "Lahore"
openvpn_key_org: "Tendo Pvt ltd"
openvpn_key_ou: "IT Department"
openvpn_days_valid: "1825"
openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
openvpn_key_size: "2048"
openvpn_cipher: "BF-CBC"
openvpn_auth_digest: "SHA1"
openvpn_path: "/etc/openvpn"
openvpn_ca: "{{ openvpn_path }}/ca"
openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"
openvpn_hmac_firewall: "{{ openvpn_path }}/ta.key"
openvpn_server: "tendo.local"
openvpn_port: "1194"
openvpn_protocol: "udp"
# It assume that the subnet mask is /24
openvpn_network: "10.8.0.0"
# Private Subnet(s) in VPC that you want to reach through OPENVPN, it assume that the subnet mask is /24
private_networks:
- 10.10.20.0
- 10.10.30.0
# Please mentioned the clients' name at this location
openvpn_clients:
- laptop
- phone
- tablet
# OPENVPN rules for iptables
iptables_openvpn_rules:
- /sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
- /sbin/iptables -A FORWARD -s {{ openvpn_network }}/24 -j ACCEPT
- /sbin/iptables -A FORWARD -j REJECT
- /sbin/iptables -t nat -A POSTROUTING -s {{ openvpn_network }}/24 -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
# Please mentioned the clients' name at this location
openvpn_clients:
- laptop
- phone
- tabletAfter that edit the hosts file, mentioned the public ip address of your instance which you want to make as OpenVPN server and login username:
[openvpn]
52.18.167.161 ansible_ssh_user=ubuntuAfter editing the vars and hosts file as per requirements, run this command:
ansible-playbook -i hosts site.yml
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent