{"id":16777306,"url":"https://github.com/githubixx/ansible-role-peervpn","last_synced_at":"2025-04-10T20:41:34.047Z","repository":{"id":74013064,"uuid":"73750526","full_name":"githubixx/ansible-role-peervpn","owner":"githubixx","description":"Ansible role for PeerVPN on Ubuntu","archived":false,"fork":false,"pushed_at":"2019-01-12T20:03:52.000Z","size":23,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-24T18:12:01.864Z","etag":null,"topics":["ansible","ansible-role","networking","peervpn","security","tap-interfaces","vpn"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/githubixx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-11-14T21:57:03.000Z","updated_at":"2023-03-04T08:39:17.000Z","dependencies_parsed_at":null,"dependency_job_id":"10aed5fb-eec4-464e-b4db-4d2ea35b067e","html_url":"https://github.com/githubixx/ansible-role-peervpn","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubixx%2Fansible-role-peervpn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubixx%2Fansible-role-peervpn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubixx%2Fansible-role-peervpn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubixx%2Fansible-role-peervpn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/githubixx","download_url":"https://codeload.github.com/githubixx/ansible-role-peervpn/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248292878,"owners_count":21079533,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","networking","peervpn","security","tap-interfaces","vpn"],"created_at":"2024-10-13T07:24:20.540Z","updated_at":"2025-04-10T20:41:34.040Z","avatar_url":"https://github.com/githubixx.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"role-peervpn\n============\n\nThis Ansible role is used in [Kubernetes the not so hard way with Ansible (at Scaleway) - Part 3 - PeerVPN](https://www.tauceti.blog/post/kubernetes-the-not-so-hard-way-with-ansible-at-scaleway-part-3/). Used to setup [PeerVPN](https://peervpn.net/) for Ubuntu 16.04/18.04 (but should basically work with all Linux OS that use systemd). With PeerVPN you can easily setup a fully meshed VPN across datacenter and all nodes you like. You only need at least one host with a public reachable interface (default is Port `7000` protocol `UDP`). One simple configration could be that you use this public reachable host for your `peervpn_conf_initpeers` setting. Finding the other hosts on your VPN will be automagically done by PeerVPN.\n\nPeerVPN installes it's own TAP interface for it's purpose. The default name of that TAP interface is `tap0`. To change the name specify a different value for `peervpn_conf_interface` variable.\n\nTo generate a strong secret password for your PeerVPN preshared key you can use:\n\n```\nopenssl rand -base64 382 | tr -d '\\n' \u0026\u0026 echo\n```\nSince it's a preshared key this key MUST be used on all hosts where you install PeerVPN and use the same network name. Otherwise connection won't work. The default preshared key is `default` which you want to change of course ;-)\n\nVersions\n--------\n\nI tag every release and try to stay with [semantic versioning](http://semver.org). If you want to use the role I recommend to checkout the latest tag. The master branch is basically development while the tags mark stable releases. But in general I try to keep master in good shape too. A tag `1.0.0+r044` means this is release `1.0.0` of this role and it uses PeerVPN `r044`. If the role itself changes `X.Y.Z` will increase. If the PeerVPN version changes `rXXX` will increase and also the role patch level will increase (e.g. `1.0.0` -\u003e `1.0.1`). This allows to tag bugfixes and new major versions of the role while it's still developed for a specific PeerVPN release.\n\nRequirements\n------------\n\nAllow traffic on port 7000 protocol UDP (default) if you have firewall rules installed. You also NEED to add `peervpn_conf_initpeers` variable. There is no default for this variable! IPv6 is ENABLED by default. If you don't want to use it add a variable `peervpn_conf_enableipv6: no`.\n\nRole Variables\n--------------\n\nBasically you only need to change very few variables (see below). But have a look at `templates/etc/peervpn/peervpn.conf.j2` for examples and full description of the variables.\n\nVariables with NO default values:\n```\npeervpn_conf_initpeers\npeervpn_conf_engine\npeervpn_conf_ifconfig6\npeervpn_conf_upcmd\npeervpn_conf_chroot\n```\nVariables with default values:\n\n```\npeervpn_version: \"peervpn-0-044\"\npeervpn_install_directory: \"/opt/{{peervpn_version}}\"\npeervpn_dest: \"/usr/local/sbin\"\npeervpn_conf_networkname: \"peervpn\"\npeervpn_conf_psk: \"default\"\npeervpn_conf_enabletunneling: \"yes\"\npeervpn_conf_interface: \"tap0\"\npeervpn_conf_local: \"0.0.0.0\"\npeervpn_conf_port: 7000\npeervpn_conf_ifconfig4: \"10.0.0.1/24\"\npeervpn_conf_sockmark: 0\npeervpn_conf_enableipv4: \"yes\"\npeervpn_conf_enablenat64clat: \"no\"\npeervpn_conf_enablerelay: \"no\"\npeervpn_conf_enableprivdrop: \"yes\"\npeervpn_conf_user: \"nobody\"\npeervpn_conf_group: \"nogroup\"\n```\n\nYou MUST specify a value for `peervpn_conf_initpeers` to make any use of PeerVPN (either per host in Ansible `host_vars` directory or per host group in `group_vars` directory. E.g. if you specify `peervpn_conf_initpeers: \"host.example.net 7000\"` PeerVPN tries to connect to `host.example.net` on port `7000` via UDP to setup a connection.\n\nYou should at least change the following variables:\n\n`peervpn_conf_initpeers`: The hostname and port PeerVPN should connect to become part of the VPN.\n`peervpn_conf_networkname`: The name of your VPN.\n`peervpn_conf_psk`: Preshared key. How to generate a good preshared key password see introduction above.\n`peervpn_conf_ifconfig4`: The IP address of the node and subnet in CIDR notation. This variables needs to be specified per host of course.\n\nExample Playbook\n----------------\n\n```\n- hosts: webservers\n  roles:\n    - peervpn\n```\n\nLicense\n-------\n\nGNU GENERAL PUBLIC LICENSE Version 3\n\nAuthor Information\n------------------\n\n[http://www.tauceti.blog](http://www.tauceti.blog)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithubixx%2Fansible-role-peervpn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgithubixx%2Fansible-role-peervpn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithubixx%2Fansible-role-peervpn/lists"}