Skip to content

opsgang/terraform-aws-pritunl-vpn-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits

templates

templates

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

main.tf

main.tf

 
 

outputs.tf

outputs.tf

 
 

variables.tf

variables.tf

 
 

Repository files navigation

Overview

This module setups a VPN server for a VPC to connect to instances.

Before you start to use the module you have to make sure you've created resources below

  • healthchecks.io account and cron entry for monitoring the backup script

After provisioning, don't forget to run commands below:

  • Pritunl setup
    • sudo pritunl setup-key

Input variables

  • aws_key_name: SSH Key pair for VPN instance
  • vpc_id: The VPC id
  • public_subnet_id: One of the public subnets to create the instance
  • ami_id: Amazon Linux AMI ID
  • instance_type: Instance type of the VPN box (t2.small is mostly enough)
  • ebs_optimized: Create EBS optimized EC2 instance. Default: false
  • whitelist: List of office IP addresses that you can SSH and non-VPN connected users can reach temporary profile download pages
  • whitelist_http: List of IP addresses that you can allow HTTP connections.
  • internal_cidrs: List of CIDRs that will be whitelisted to access the VPN server internally.
  • tags: Map of AWS Tag key and values
  • resource_name_prefix: All the resources will be prefixed with the value of this variable
  • healthchecks_io_key: Health check key for healthchecks.io
  • s3_bucket_name: Optional bucket name for Pritunl backups

Outputs

  • vpn_instance_private_ip_address: Private IP address of the instance
  • vpn_public_ip_address: EIP of the VPN box
  • vpn_management_ui: URL for the management UI

Usage

provider "aws" {
  region  = "eu-west-2"
}

module "app_pritunl" {
  source = "github.com/opsgang/terraform_pritunl?ref=2.0.0"

  aws_key_name         = "org-eu-west-2"
  vpc_id               = "${module.vpc.vpc_id}"
  public_subnet_id     = "${module.vpc.public_subnets[1]}"
  ami_id               = "ami-403e2524"
  instance_type        = "t2.nano"
  resource_name_prefix = "opsgang-pritunl"
  healthchecks_io_key  = "NNNNNNNN-NNNN-NNNN-NNNN-NNNNNNNNNNN"
  s3_bucket_name       = "i-want-to-override-generated-bucket-name"

  whitelist = [
    "8.8.8.8/32",
  ]

  tags {
    "role" = "vpn"
    "env"  = "prod"
  }
}

P.S. : Yes, AMI id is hardcoded! This module meant to be used in your VPC template. Presumably, no one wants to destroy the VPN instance and restore the configuration after terraform apply against to VPC. There is no harm to manage that manually and keep people working during the day.

There will be wiki link about initial setup of Pritunl

About

Pritunl VPN Server for your public/private like VPC on AWS

Topics

openvpn terraform vpn openvpn-server vpn-server pritunl terraform-modules

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

43 stars

Watchers

6 watching

Forks

33 forks
Report repository

Releases 6

Custom bucket name Latest
Jun 3, 2018
+ 5 releases

Packages

No packages published

Contributors 6

Languages