Automatic deployment of OpenVPN on a virtual machine provisioned by Vagrant.
Clone the repository.
git clone https://github.com/mdnfiras/ovpn.git
Change directory.
cd ovpn
Install Vagrant on the host server along with all the required packages and plugins (KVM & LibVirt).
sudo chmod u=x vagrantinstall.sh
sudo ./vagrantinstall.sh
Change "<host_private/public_ip>" from ./Vagrantfile to match the IP address of the host server's interface from which connections will be recieved on port 1194.
...
vmachine.vm.network "forwarded_port", guest: 1194, host: 1194, host_ip: "<host_private/public_ip>", protocol: "tcp"
...
Start the Vagrant ovpn virtual machine, provision it to install OpenVPN and expose the service on <host_private/public_ip>:1194
sudo chmod u=x ovpn_vm.sh
sudo ./ovpn_vm.sh
Run the following command in the project's directory:
sudo vagrant destroy ovpn
ovpn_vm.sh script will first check if there is any other service listening on port 1194 of the host machine.
The VM will start with 1 CPU, 512 MB of RAM and hostname ovpn. Vagrant should automatically tie it with its own virtual network which can access the host's private networks and the Internet.
The TCP requests on the host's <host_private/public_ip>:1194 will be forwarded to the VM's eth0 interface. Vagrant is not capable of forwarding UDP paquets using LibVirt as provider.
The VM's OS will be Ubuntu Server 18.04.
The provisioning script will:
-
Select the first available network interface's IPv4 address for paquets INPUT/OUTPUT.
-
Check if that interface is behind a NAT, and detect the public IP address using the online service http://ip1.dynupdate.no-ip.com/
-
Check for an existing IPv6 and select the first available network interface's IPv6 address for paquets INPUT/OUTPUT.
-
Select TCP as protocol.
-
Select current system resolvers as DNS server.
-
Select "client" as the first client's name.
-
Proceed to install OpenVPN server (check comments in initscript/openvpn-install.sh for more details).
-
Output the steps to follow on the client machine to set up OpenVPN client.