{"id":16779791,"url":"https://github.com/petermosmans/ansible-role-openvpn","last_synced_at":"2025-10-07T04:24:39.898Z","repository":{"id":75894898,"uuid":"96489871","full_name":"PeterMosmans/ansible-role-openvpn","owner":"PeterMosmans","description":"An ansible role to install, configure and harden OpenVPN","archived":false,"fork":false,"pushed_at":"2017-07-17T05:13:19.000Z","size":28,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-16T19:50:46.521Z","etag":null,"topics":["ansible-role","openvpn","openvpn-server","ufw","vpn","vpn-server"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PeterMosmans.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-07-07T02:14:51.000Z","updated_at":"2024-11-02T23:41:39.000Z","dependencies_parsed_at":"2023-07-12T00:16:14.079Z","dependency_job_id":null,"html_url":"https://github.com/PeterMosmans/ansible-role-openvpn","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/PeterMosmans/ansible-role-openvpn","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Fansible-role-openvpn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Fansible-role-openvpn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Fansible-role-openvpn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Fansible-role-openvpn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PeterMosmans","download_url":"https://codeload.github.com/PeterMosmans/ansible-role-openvpn/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Fansible-role-openvpn/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259804839,"owners_count":22913901,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible-role","openvpn","openvpn-server","ufw","vpn","vpn-server"],"created_at":"2024-10-13T07:32:23.313Z","updated_at":"2025-10-07T04:24:34.849Z","avatar_url":"https://github.com/PeterMosmans.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"Ansible Role: openvpn\n=========\n\nBuild status for this\nrole:\n[![Build Status](https://travis-ci.org/PeterMosmans/ansible-role-openvpn.svg)](https://travis-ci.org/PeterMosmans/ansible-role-openvpn)\n\nThis role installs and configures (hardens) an OpenVPN service, including a\nfirewall (ufw). It does *not* generate keys and certificates, but it can and\nwill deploy those.\n\n\nRequirements\n------------\n\nYou'll need a Certificate Authority certificate (`ca.crt`), a server private key\n(`server.key`) and corresponding certificate (`server.crt`), and a\nDiffie-Hellman parameter file (`dh2048.pem`) for this role.\n\nIt is highly recommended to generate those 'offline', and not use tools like\ne.g. `easy-rsa` to generate those on the OpenVPN server itself.\n\nThe role will **fail** without those files.\n\n\nRole Variables\n--------------\n\nAvailable variables are listed below, along with default values\n\n**openvpn_interface**: Default networking interface. The default value can be\nfound in `defaults/main.yml`:\n\n```\nopenvpn_interface: enp0s3\n```\n\n\n**openvpn_ipv6_server**: Private ipv6 server address. By default, it is\nnot configured, and ipv6 will not be used/tunneled. If set, then **all** ipv6 traffic\nwill be tunneled over the OpenVPN tunnel.\n\nExample:\n```\nopenvpn_ipv6_server: fdaa:bbbb:cccc:dddd:eeee:/64\n\n```\n\n\n**openvpn_path**: Path where OpenVPN expects its configuration. The default\nvalue can be found in `defaults/main.yml`:\n\n```\nopenvpn_path: /etc/openvpn\n```\n\n\n**openvpn_port**: Port where OpenVPN server will listen on. The default value\ncan be found in `defaults/main.yml`:\n\n```\nopenvpn_port: 1194\n```\n\n\n**openvpn_proto**: Protocol being used by OpenVPN. The default value can be\nfound in `defaults/main.yml`:\n\n```\nopenvpn_proto: udp\n```\n\n### Optional:\n\n**openvpn_static_key**: If this parameter is defined, then a static key will be\nused by the server. The static key will be expected as `tls-auth.key`, and\nshould be accessible by this role (e.g. by locating it in the `files` folder).\n\n\n**openvpn_use_crl**: If this parameter is defined, then a certificate\nrevocation list (CRL) will be deployed to the server, and the server will be\nconfigured to use it. The CRL will be expected as `crl.pem`, and should be\naccessible by this role (e.g. by locating it in the `files` folder).\n\n\n## Templates\n\nThe openvpn server configuration can be found under\n``templates/server.conf.j2``. All variables mentioned earlier are automatically\nbeing templated.\n\nDependencies\n------------\n\nNote that the role expects keys, certificates and Diffie-Hellman parameters in\nthe/a `files` directory, e.g. from where this playbook is invoked. Currently the\nnames of the files are hardcoded in ``server.conf.j2``:\n\n```\nca.crt\nserver.crt\nserver.key\ndh2048.pem\n```\n\nThis role will also install uncomplicated firewall (ufw). This **could** lead to\ndropped connections.\n\nExample Playbook\n----------------\n```\n- hosts: all\n  become: yes\n  become_method: sudo\n  roles:\n  - role: PeterMosmans.openvpn\n```\n\nThis example will install and configure OpenVPN.\n\n\nLicense\n-------\n\nGPLv3\n\n\nAuthor Information\n------------------\n\nCreated by Peter Mosmans.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpetermosmans%2Fansible-role-openvpn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpetermosmans%2Fansible-role-openvpn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpetermosmans%2Fansible-role-openvpn/lists"}