This is an ansible scirpt to setup a vpn server on a remote machine. Mainly for the purpose of allowing access to a machine that doesn't have a public IP address.
Only tested on Ubuntu
There is a terraform file open-vpn.tf
to create a server if you want.
- Make sure that you have ssh access to a remote machine (Digital Ocean Droplet for example)
- Install python on the remote server
git clone git@github.com:mogwai/vpn-server
sudo apt install ansible openvpn
- Edit the
dev
file to include your remote server's ip address - In the
vpnserver/files/base.conf
, add your server's ip address afterremote IP_ADDRESS
- ansible-playbook site.yml
- Connect to your vpn-server with sudo openvpn --config client1.ovpn
- Uncommment the
push redirect-gateway def
in/etc/openvpn/sever.conf
- Restart the server
- Determine egress network interface
eth0
- iptables on the server need to be setup
# Masquerade outgoing traffic
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
# Allow return traffic
iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Forward everything
iptables -A FORWARD -j ACCEPT
install openresolv
- Check the index.txt for serial
- delete line from ca_server/easyrsa/pki/index.txt
- delete ca_server/certs_by_serial/serial.pem
https://kifarunix.com/assign-static-ip-addresses-for-openvpn-clients/
- You must set up the iptables to forward traffic correctly after restarting