forked from evolix/ansible-roles
.. | ||
defaults | ||
files | ||
handlers | ||
tasks | ||
templates | ||
README.md |
OpenVPN
Install and configure OpenVPN, based on our HowtoOpenVPN wiki
Tasks
Everything is in the tasks/main.yml
file.
Some manual actions are requested at the end of the playbook, to do before finishing the playbook.
Here is a copy of what is requested :
- You have to manually create the CA on the server with
shellpki init server.example.com
. The command will ask you to create a password, and will ask you again to give the same one several times. - You have to manually generate the CRL on the server with
openssl ca -gencrl -keyfile /etc/shellpki/cakey.key -cert /etc/shellpki/cacert.pem -out /etc/shellpki/crl.pem -config /etc/shellpki/openssl.cnf
. The previously created password will be asked. - You have to manually create the server's certificate with
shellpki create server.example.com
. - You have to adjust the config file
/etc/openvpn/server.conf
for the following parameters :local
(to check),cert
(to check),key
(to add),server
(to check),push
(to complete if needed). - Finally, you can (re)start the OpenVPN service with
systemctl restart openvpn@server.service
on Debian, orrcctl restart openvpn
on OpenBSD.
Then, you can use shellpki
to generate client certificates.
Variables
openvpn_lan
: network to use for OpenVPNopenvpn_netmask
: netmask of the network to use for OpenVPNopenvpn_netmask_cidr
: automatically generated prefix length of the netmask, in CIDR notation
Dependencies
- Files in
files/shellpki/*
are gotten from the upstream shellpki and must be updated when the upstream is.