A way to deploy kylmanna/docker-openvpn in AWS EC2 using Terraform and Puppet.
docker-openvpn is a great project that defines a Docker container that runs OpenVPN. If you're looking for a way to set up your own VPN, this is a really good option.
Running OpenVPN in a container is just a great idea.
This project deploys a Fedora Cloud server. I've configured firewall rules and SELinux to secure things as much as possible.
Terraform is a cool project from Hashicorp that allows you to define a stack of infrastructure in code, then CRUD that infrastructure. Download and install it.
The point of this project is to set up an OpenVPN box in AWS, so obviously you need an AWS account. For this project, you will also need
- access keys.
- EC2 key pair. This is just a regular SSH key pair, but you have to upload the public key to AWS.
While you don't technically need a 'friendly' name for your VPN, this project depends on your having one. You could work your way around this, but I didn't think it too burdensome to require one. You'll need to be able to assign the IP address of your VPN to this FQDN after you're assigned one during provisioning.
I've also included managing this FQDN in Route53, if you go your own way you'll have to comment out this stuff.
First, you need to edit a couple of text files. I included examples in the project; just edit these and rename them.
- aws_access_key - Your Access Key ID.
- aws_secret_key - Your Secret Access Key.
- region - AWS region to deploy to.
- route53_domain_name - The domain your FQDN will be in.
- base_image - AMI ID of the Fedora Cloud image in your region. The included ID is Fedora 29 in us-east-1.
- instance_type - EC2 instance type. t2.micro is probably fine for personal use.
- ssh_key - Path to your local secret EC2 (SSH) Key.
- ssh_key_name - Name of the Key Pair in EC2.
- vpn_url - The FQDN you'll assign to your VPN.
- clients - A list of client configs you want to generate. This could be a single client config if that's what you want.
Note! yaml is very sensitive to syntax, so watch your spaces and indents.
terraform planThis will tell you what Terraform is going to do.
terraform applyThis will deploy your VPN in AWS. At the end of the run, it will output the IP address of your EC2 instance.
ssh -i /path/to/your_private_key.pem [email protected]
sudo /opt/docker-openvpn/quickstart.shAnswer the prompts and configure your VPN.
Note that the CA setup phase can take a long time. Be patient.
Client configs for each of the clients you defined will be on your EC2 instance. Retrieve them
scp -i /path/to/your_private_key.pem [email protected]:your_client.ovpn .and set up your client.