How to eliminate 5 manual config steps for routing and vpn gateway for an open source 3d rendering project.

Post Reply
queglay
OpenVpn Newbie
Posts: 4
Joined: Tue Jan 15, 2019 2:34 am

How to eliminate 5 manual config steps for routing and vpn gateway for an open source 3d rendering project.

Post by queglay » Mon Jan 21, 2019 5:40 am

Hey everyone!

I'd love to get some pointers on eliminating 5 manual config steps for routing and setting up a vpn gateway on the access server, and how to do them in the CLI instead of manually.

I'm working on an open source project to automate batch 3d rendering infrastructure with Terraform in AWS.
https://github.com/firehawkvfx/firehawk-compute-batch

I'm using open vpn as a router for traffic on an openvpn client ubuntu vm on the client side subnet (192.169.0.0/24), and also as a router on the server side subnets on AWS using the openvpn access server AMI (10.0.101.0/24 public, 10.0.1.0/24 private).

I've been able to configure auto connect to happen entirely through the terraform script that handles provisioning and its working, but I need some pointers on the next steps to remove some manual configuration steps in the Access Server GUI to fully automate it.

These are the manual steps I'm doing to get both private subnets to connect, and I'd love to figure out the equivalent commands that I can drop in when I'm provisioning the access server.

1.0 Should VPN clients have access to private subnets
(non-public networks on the server side)?

Yes, enable routing

2.0 Specify the private subnets to which all clients should be given access (one per line):
10.0.101.0/24
10.0.1.0/24
(these subnets are in aws, the open vpn access server resides in the 10.0.101.0/24 subnet)

3.0 Allow access from these private subnets to all VPN client IP addresses and subnets : on

4.0 in user permissions / user
configure vpn gateway:
yes

5.0 Allow client to act as VPN gateway
for these client-side subnets:

192.169.0.0/24

Thanks if anyone can help!

novaflash
I should be on the dev team.
Posts: 950
Joined: Fri Apr 13, 2012 8:43 pm

Re: How to eliminate 5 manual config steps for routing and vpn gateway for an open source 3d rendering project.

Post by novaflash » Mon Jan 21, 2019 8:04 am

See this page:
https://openvpn.net/vpn-server-resources/
And then command line

queglay
OpenVpn Newbie
Posts: 4
Joined: Tue Jan 15, 2019 2:34 am

Re: How to eliminate 5 manual config steps for routing and vpn gateway for an open source 3d rendering project.

Post by queglay » Mon Jan 28, 2019 11:47 am

Thanks for the reply novaflash, I'll have a read!

Post Reply