This project is meant to quickly spin up an optimally configured OpenVPN server with downloadable, sane client configs. It performs the following functions:
- This vagrantfile spins up an Ubuntu 16.04 x86 server in a user selected cloud provider.
- It then configures the server using ssh provisioners to serve as an OpenVPN server.
- Finally it creates an ovpn client config file for easy importing into any OpenVPN client.
-
Install vagrant
-
Install vagrant plugins
-
vagrant-rsync-back Used to sync the client ovpn and cert files back to the host from the droplet.
vagrant plugin install vagrant-rsync-back
-
vagrant-digitalocean Only required if using the DigitalOcean cloud provider.
vagrant plugin install vagrant-digitalocean
-
vagrant-lightsail Only required if using the Amazon Lightsail cloud provider.
vagrant plugin install vagrant-lightsail
-
-
Create an account with a supported cloud provider and acquire credentials.
-
After creating an account, a Personal Access Token is required.
-
After creating an account, a set of Access Keys is required.
All configuration options are stored in the file config.yaml. Each
config option has an accompanying comment. Modify the config.yaml
file as needed for user specific cases. The only required options are
the cloud provider authentication tokens or keys. Only one cloud
provider needs to be configured.
vagrant up
vagrant rsync-back- The server is created and configured with the
vagrant upcommand. - Using the
vagrant rsync-backcommand will retrieve the generated client configs. These configs and certs can then be found in the./client-configsdirectory on the local host.
Once the client.ovpn file has been acquired by either of the
mechanisms described above it can be imported into most OpenVPN client
softwares. A short, incomplete list follows:
- After a vagrant destroy be sure to delete the contents of the
./client-configsdirectory before running vagrant up again.
- When doing a vagrant up occasionally the command will hang. Though
there could be several reasons for this the most likely is that a
vagrantssh key-pair already exists in your DigitalOcean account. You can either delete the offending key from your DigitalOcean account as described here or you can edit theprovider.ssh_key_namevariable from theVagrantfile.