Skip to content
This repository has been archived by the owner on Feb 11, 2024. It is now read-only.

hayata-yamamoto/client-vpn-terraform-demo

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Client VPN Terraform Demo

Terraform Version

$ terraform --version
Terraform v0.12.2
+ provider.aws v2.16.0

Disclaimer

THIS IS NOT OFFICIAL DOCUMENT.

THE PURPOSE OF THIS DOCUMENT IS TO UNDERSTAND WHAT CLIENT VPN WORKS AND HOW TO SET UP THIS.

Certification

This document is following AWS official document. Official document adopts easy-rsa to make certification. Details

$ git clone https://github.com/OpenVPN/easy-rsa.git
$ cd easy-rsa/easyrsa3
$ ./easyrsa init-pki
$ ./easyrsa build-ca nopass
$ ./easyrsa build-server-full server nopass
$ ./easyrsa build-client-full client1.domain.tld nopass

$ cp pki/ca.crt /custom_folder/
$ cp pki/issued/server.crt /custom_folder/
$ cp pki/private/server.key /custom_folder/
$ cp pki/issued/client1.domain.tld.crt /custom_folder
$ cp pki/private/client1.domain.tld.key /custom_folder/
$ cd /custom_folder/

ACM

# Import server certification
$ aws acm import-certificate --certificate file://server.crt --private-key file://server.key --certificate-chain file://ca.crt --region region

# Import client certification
$ aws acm import-certificate --certificate file://client1.domain.tld.crt --private-key file://client1.domain.tld.key --certificate-chain file://ca.crt --region region

Create VPN endpoint and demo network

First of all, you just execute following commands. After that, terraform ask you your CIDR block and ssh keyname. If you've not make ssh key yet, I recommend you to create a ssh key before doing below.

$ terraform init
$ terraform plan 
$ terraform apply 

Set authorization and route table

The above commands realize AWS entities (VPC, Subnet, EC2 and Client VPN endpoint). However, Terraform doesn't a few resources although issues are open. So, we have to add two actions on the console.

  1. Authorize subnet CIDR block.
  2. Add Internet route (= add 0.0.0.0/32 on route table)

OpenVPN Setting

After finishing the above, you can donwload configuration file from ClientVPN.

Open your configuration file, and add two sentences like below,

# your-configuration-file.vpn
...

cert /path/to/client1.domain.tld.crt
key /path/to/client1.domain.tld.key

Read configuration file by VPN client

ex.) OpenVPN, Tunnelblick

Connect Jupyter Server

Connect your instance. you can check global ip adress on Terraform outputs.

$ ssh -i keyname ubuntu@instance-global-ip

Since instance you created is Deep Learning AMI, all you have to do is launch jupyter server. In this document, we allow all users to connect this. However, you have to consider your workspace configurations if you use.

$ jupyter notebook --no-browser --NotebookApp.token=""
$ ssh -i keyname ubuntu@instance-private-ip -L 8888:localhost:8888 -N 

You can look jupyter UI on localhost:8888/tree

Reference

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages