This vagrantfile spins up an Ubuntu 14.04 x86 droplet in DigitalOcean's cloud. It then configures the droplet using ssh provisioners to serve as an OpenVPN server. Finally it creates an ovpn client config file for easy importing into an OpenVPN client.
-
By default this vagrantfile uses DigitalOcean as the provider of choice. As such it requires the vagrant-digitalocean plugin. It can be installed by:
vagrant plugin install vagrant-digitalocean
-
~/.docredentialsA DigitalOcean personal access token is required. By default the vagrantfile looks for a one line file with the access token at
~/.do. Either create the~/.dofile or modify theTOKENconstant variable in theVagrantfile. -
[OPTIONAL] vagrant-rsync-back
This plugin is used to sync the client ovpn and cert files back to the host from the droplet.
vagrant plugin install vagrant-rsync-back
Modify the vagrantfile as needed for user specific cases. The most
common changes are to the provider.region and provider.size
variables. Note that some constants are exposed at the top of the
Vagrantfile to assist in configuration. These options include:
- CLIENTS :: Number of client ovpn config files to create
- FORCE :: If set to true all client ovpn config files will be destroyed and recreated.
- REGION :: DigitalOcean region in which to create the server instance. A list of regions and their current status can be found at https://status.digitalocean.com/.
- SIZE :: Size of the server instance. This setting directly correlates with the memory size at https://www.digitalocean.com/pricing/. WARNING: Changing this value will have a direct effect on the fees paid to DigitalOcean.
- SSH_KEY :: Path to the local ssh key
- TOKEN :: The path to the file containing the DigitalOcean access token. Can also be the access token itself. See prerequisites above.
vagrant up
vagrant rsync-back #optional- The droplet is created and configured with the
vagrant upcommand. - Once the vagrant provisioning is complete, client certs and
configuration files can be found in the
/vagrant/client_certsdirectory ON THE DROPLET. They can be retrieved by either remote copying the file back to the host or via the following step... - If the
vagrant-rsync-backplugin was installed, the/vagrant/client_certsdirectory can be synced back to the host by running thevagrant rsync-backcommand on the local host. The configs and certs can then be found in the./client_certsdirectory on the local host.
Once the client.ovpn file has been acquired by either of the
mechanisms described above it can be imported into most OpenVPN client
softwares. A short, incomplete list follows:
- When doing a vagrant up occasionally the command will hang. Though
there could be several reasons for this the most likely is that a
vagrantssh key-pair already exists in your DigitalOcean account. You can either delete the offending key from your DigitalOcean account as described here or you can edit theprovider.ssh_key_namevariable from theVagrantfile. - After a vagrant destroy be sure to delete the contents of the
./client_certsdirectory before running vagrant up again.