Initial Openvpn setup (!5) · Merge requests · leap / Container Platform / lilypad

micah requested to merge micah/lilypad:openvpn into master Nov 26, 2019

The 'create test openvpn credentials' is just the output of running ./float/float run --config=config.yml playbooks/init-credentials

The subrepo clone is to pull the latest version of float, which fixed some unnecessary restrictions in x509ca

The initial openvpn configuration sets up the float service for openvpn:

firewall configs to open udp/tcp ports 1194
installation of the global dhparams <-- this part can be duplicated for vpnweb
installation of the ca, cert, key bits that are generated with init-credentials (todo: check the permissions on that key) <-- this part can be duplicated for vpnweb
installation via template of the openvpn configs for udp, tcp, and shapeshifter (todo: we need to resolve the resolver)

The initialize the openvpn ca/key/cert during init-credentials phase commit makes an override that will have us explicitly pass the playbook/init-credentials to run at that initial environment setup phase (./float/float run --config=config.yml playbooks/init-credentials), instead of just doing what one normally does in initial environment setup (/float/float run --config=config.yml init-credentials). This playbook will generate locally the cert/key/ca bits needed for openvpn and store them in credentials/openvpn. It will then include the float-specific init-credentials playbook.

Edited Nov 26, 2019 by micah

Initial Openvpn setup

Merge request reports