Skip to content

vlamios/sakkut

BranchesTags

Repository files navigation

OpenVPN Server in Yandex Cloud

I have no public IP. And sometimes I want to play PC games by local net with my friends. Well this pack of scripts can quickly build virtual machine in Yandex Cloud and configure simple OpenVPN server with authentication. Ansible Role generates .ovpn-files for every client and sends them by email or telegram.

YaCloud Preparation

Useful video tutorial

  1. Create folder in YaCloud for our resources (use web-interface)

  2. Create S3 bucket for terraform state:

yc storage bucket create --name sakkut-terraform-state --folder-name sakkut --default-storage-class standard --max-size 2147484672
  1. Create YDB for storing tf-state lock:
yc ydb database create sakkut-tfstate-lock --folder-name sakkut --serverless

  1. Create table in YDB: Creating Table

  2. Create service account for managing resources in folder & working with terraform state (one SA to rule them all!):

yc resource-manager folder add-access-binding <folder-ID> --role admin --subject serviceAccount:<serviceAccount-ID>
yc resource-manager folder add-access-binding <folder-ID> --role ydb.editor --subject serviceAccount:<serviceAccount-ID>
yc resource-manager folder add-access-binding <folder-ID> --role storage.editor --subject serviceAccount:<serviceAccount-ID>
yc resource-manager folder add-access-binding <folder-ID> --role postbox.sender --subject serviceAccount:<serviceAccount-ID>
yc iam access-key create --service-account-name sa-sakkut-subadmin --folder-name sakkut

Output of last command must be like:

access_key:
  id: <access_key_ID>
  service_account_id: <serviceAccount-ID>
  created_at: "2024-02-04T02:04:24.000000000Z"
  key_id: <key_id>
secret: <secret>
  1. Create SA key for YaCloud CLI:
yc iam key create --service-account-id <serviceAccount-ID> --folder-name sakkut --algorithm rsa-4096 --output ~/.config/yandex-cloud/key.json
yc config set service-account-key ~/.config/yandex-cloud/key.json
yc config set cloud-id <cloud-id>
yc config set folder-id <folder-ID>
  1. Configure SA for terraform via AWS CLI:
aws configure

and enter values for AWS Access Key ID & AWS Secret Access Key:

AWS Access Key ID [None]: <key_id>
AWS Secret Access Key [None]: <secret>
Default region name [None]: ru-central1
Default output format [None]:
  1. Build up virtual infrastructure for VPN Server:
terraform validate
terraform plan
terraform apply
  1. Configure OpenVPN:

Add necessary parameters to ansible inventory and run:

ansible-playbook -i inventories/sandbox/hosts applyRole.yaml --vault-password-file ../vault.key

Client .ovpn-files stored in /etc/openvpn/client/vpnClients.clientName/client.ovpn

  1. Tear down infrastructure after all:
terraform destroy

About

Tools and experiments

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages