{"id":20730393,"url":"https://github.com/kriansa/vpn","last_synced_at":"2026-05-04T22:32:19.274Z","repository":{"id":141848702,"uuid":"188065191","full_name":"kriansa/vpn","owner":"kriansa","description":"My OpenVPN setup","archived":false,"fork":false,"pushed_at":"2019-07-08T03:05:33.000Z","size":28,"stargazers_count":2,"open_issues_count":2,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-11T09:55:09.657Z","etag":null,"topics":["ansible","aws","openvpn","terraform","vpn"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kriansa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-05-22T15:23:38.000Z","updated_at":"2019-09-23T15:52:25.000Z","dependencies_parsed_at":null,"dependency_job_id":"2b66144e-8114-4300-b98b-cfd7ffd129b5","html_url":"https://github.com/kriansa/vpn","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/kriansa/vpn","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kriansa%2Fvpn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kriansa%2Fvpn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kriansa%2Fvpn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kriansa%2Fvpn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kriansa","download_url":"https://codeload.github.com/kriansa/vpn/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kriansa%2Fvpn/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268378806,"owners_count":24240896,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-02T02:00:12.353Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","aws","openvpn","terraform","vpn"],"created_at":"2024-11-17T05:11:25.705Z","updated_at":"2026-05-04T22:32:19.239Z","avatar_url":"https://github.com/kriansa.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenVPN Setup\n\nThis is a easy, _deploy-and-forget_ split-tunneling OpenVPN setup deployable at AWS. Traffic that\ngoes through it is only the one within its IP range (`10.0.2.0/24`).\n\nIt's configured to use PKI for authentication, so every user must have a valid certificate signed by\nthe CA.\n\nYou'll hardly need any maintenance, except when your server certificates expire. The OS is\nconfigured to auto-update.\n\n## Development dependencies\n\n* Ansible\n* Terraform\n* AWS CLI\n* gettext (for `envsubst`)\n\n### AWS dependencies\n\n* A S3 bucket containing PKI data, and having the following certificates:\n  - ca/root-ca-cert.pem\n  - certs/\u003c$VPN_SUBDOMAIN\u003e.\u003c$BASE_DOMAIN_NAME\u003e-cert.pem\n  - keys/\u003c$VPN_SUBDOMAIN\u003e.\u003c$BASE_DOMAIN_NAME\u003e-key.pem\n  - keys/openvpn_tls_auth.key\n\nThese certificates/keys are supposed to be created, and this project does not automatically creates\nnor manages their renewall process. See OpenVPN docs to know how to create them.\n\n## Setup\n\n**IMPORTANT:** This is a deployment-wise setup and should be done just once, when you're creating\nthe VPN infrastructure from scratch. It's **not needed** to be run for each developer machine.\n\n1. Create the certificates/keys mentionend above, as well as a S3 bucket to store them;\n2. Edit the `.env` according to your needs. You **MUST** edit lines that has subshells in it because\n   those are programs that does not exist on your computer;\n3. Ensure that you have a valid AWS authentication set and run `$ ops/bin/setup`\n\n## Deploying\n\nYou just need to run `$ bin/deploy` whenever you make changes to your VPN setup.\n\nPay attention to the logs, there are some actionable items that needs to be done on the first\ndeploy, such as subscribing your email to the SNS mail list for alarms.\n\n## Adding new users\n\nIf you need to add new users to the setup, you will need to issue and sign a certificate using the\nsame CA that you configured on your PKI S3 bucket.\n\nOnce you have that, you can either configure it manually for each new user, or create a `.ovpn` file\nthat bundles together all the needed client configuration to connect to your server, and can even be\nused for mobile clients. To create this file, you will first need to have locally the following\nfiles:\n\n- The CA certificate\n- The TLS-Crypt certificate\n- The client certificate\n- The client key\n\nAnd then you can just run the following command:\n\n```sh\n$ bin/create-client-config \u003cCA-CERT_PATH\u003e \u003cTLS-CRYPT-CERT_PATH\u003e \u003cCLIENT-CERT_PATH\u003e \u003cCLIENT-KEY_PATH\u003e \u003cCONFIG_NAME\u003e \n```\n\nThen, the `.ovpn` file will be created at the `output` folder. Now, just move it to the client!\n\n## License\n\nThis project is licensed under the BSD 3-Clause License - see the [LICENSE.md](LICENSE.md) file for\ndetails.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkriansa%2Fvpn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkriansa%2Fvpn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkriansa%2Fvpn/lists"}