![]() Warning: Journal has been rotated since unit was started. Status: "Initialization Sequence Completed"ĬGroup: /usr/sbin/openvpn -daemon ovpn-udp-1194 -status /run/openvpn/udp-1194.status 10 -cd /etc/openvpn -script-security 2 -config /etc/openvpn/nf -writepid /run/openvpn/udp-1194.pid Loaded: loaded indirect vendor preset: enabled)Īctive: active (running) since Thu 12:20:22 UTC 3 days ago $ systemctl status - OpenVPN connection to udp-1194 Now you can try and run the install playbook by issuing this command: However, when applying to the existing installation consider checking the playbooks/roles/openvpn/templates/etc_iptables_rules.v4.j2 file first. If you apply install.yml playbook to the freshly installed system I recommend setting this option to true. Please, refer to the openvpn man page for details about the -client-config-dir option. I use ccd to define networks behind the Mikrotik router with iroute option. To add any custom options for a particular client specify ccd parameter. You must at least set the name parameter to define a user. This list of users is read by sync_clients.yml playbook to add and remove clients. For example, you can set a DNS server for clients to use with dhcp-option DNS option. Use this to pass extra options to the clients configs. For example, you can use route option to add a route to the server's routing table or push route to propagate static routes to the clients. This can be used to supply extra options to the server config. Also, remote clients behind restrictive firewalls also can use TCP instance. I use this to create two separate instances: one listening on UDP/1194 for remote clients, and the other listening on TCP/443 for Mikrotik router which doesn't support UDP. You can describe several OpenVPN instances here which will run simultaneously on the same host. Will be generated automatically if not defined. However, some parameters demand a more comprehensive explanation. Almost all options are well commented in the file itself. Setting variablesīefore running any of the playbooks you need to edit inventories/my_project/group_vars/all.yml file. The .x/24 networks are used for tunnel interfaces. ![]() Both subnets should be accessible by remote users. I have an OpenVPN server attached to 10.5.0.0/16 subnet and 172.16.0.0/12 subnet behind the Mikrotik router. To illustrate what I was trying to achieve with OpenVPN I drew this simple network topology. Please, consider using Ansible Vault to avoid storing user passwords in cleartext. You also need to supply ansible_become_pass which Ansible “enters” when sudoing. Ssh-copy-id ansible_user is the username Ansible runs as on the target host. The easiest way to do it is ssh-copy-id utility. You need to copy your public key to the target host in order for Ansible to work. Edit inventories/my_project/hosts.ini to target your desired host.Īnsible uses SSH keys for authentication. (I will use my_project as an example for the rest of this post)Ĭp -r inventories/sample inventories/my_project
0 Comments
Leave a Reply. |