https://github.com/base2services/aws-client-vpn

Manages the resources required to create a client vpn in AWS
https://github.com/base2services/aws-client-vpn

aws aws-client-vpn client-vpn openvpn

Last synced: 11 months ago
JSON representation

Manages the resources required to create a client vpn in AWS

• Host: GitHub
• URL: https://github.com/base2services/aws-client-vpn
• Owner: base2Services
• License: other
• Created: 2019-06-18T11:04:13.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2019-06-21T06:05:26.000Z (almost 7 years ago)
• Last Synced: 2024-12-01T03:13:25.761Z (over 1 year ago)
• Topics: aws, aws-client-vpn, client-vpn, openvpn
• Language: Python
• Homepage:
• Size: 4.88 KB
• Stars: 3
• Watchers: 5
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# aws-client-vpn

## Requirements

- python 3

- boto3

- docker

## Scripts

### client-vpn.py

- generate the certicates using OpenVPN easy-rsa in the output directory

- uploads the certificates to ACM and tags them

- creates the vpn endpoint required resources using cloudformation

```bash

usage: client-vpn.py [-h] [--verbose] --server-cn SERVER_CN

                     [--client-cn CLIENT_CN] --name NAME --subnet-id SUBNET_ID

                     [--cidr CIDR]

optional arguments:

  -h, --help            show this help message and exit

  --verbose             increase output verbosity

  --server-cn SERVER_CN

                        common name for the server certificate

  --client-cn CLIENT_CN

                        common name for the server certificate

  --name NAME           stack and environment name the vpn

  --subnet-id SUBNET_ID

                        SubnetId to which the vpn will assocate with

  --cidr CIDR           CIDR the vpn will give to the clients

```

### get-vpn-config.py

- gets the id of the client vpn endpoint

- downloads the client config file into the output directory

- alters the hostname in the config with a random string

```bash

usage: get-vpn-config.py [-h] [--verbose] --name NAME [--region REGION]

optional arguments:

  -h, --help       show this help message and exit

  --verbose        increase output verbosity

  --name NAME      stack and environment name the vpn

  --region REGION  aws region the vpn exists

```

## Setup

1. Clone the repo

2. Get the id of the subnet you wish to associate the vpn with

3. Run the `client-vpn.py` script with the following required options

  ```bash

  ./client-vpn.py --server-cn=vpn.domain.tld --name ciinabox --subnet-id ${SubnetId}

  ```

4. Run the `get-vpn-config.py` script to download the config file

5. copy the config file and the client certificate and key to a local secure directory

6. modify the config paths for the `cert` and `key`

7. open the config in your favourite vpn client