Then we create the second AMI, which has Pritunl installed and partially configured: The first user is accessing the web UI on Port 443 and the second is connecting to the VPN.īelow are diagrams which describe the process of building the AMIs and deploying the VPN on AWS using Terraform. There are two users in the diagram below. ![]() While HTTP is allowed from all IPs, it redirects to HTTPs so I don’t believe that this is much of an issue. 0.0.0.0/0 -> TCP 80 (required for LetsEncrypt cert generation).The security group allows the following ingress traffic by default: If high availability is desired, you could create an Autoscaling Group containing Pritunl nodes spanning across mutlitple Availability Zones and have two MongoDB hosts instead of everything on a single node. If your requirements for a VPN contain high availability, then you may want to look elsewhere as this blog post covers a single node deployment. This is the primary reason why it is not highly available. Pritunl requires a paid subscription for clusters so this is limited to a single node. This deployment is not highly available and not suitable in a production environment. There are a few things to note about the example deployment: How it worksīelow is a diagram of the AWS resources for an example single-node deployment of Pritunl on AWS. With this we can achieve near fully-automated, reproducible deployments of Pritunl VPN on AWS. In this blog post I’ll be going over how I automated the deployment and configuration of a VPN to AWS achieving Infrastructure As Code using Terraform, Packer, Ansible and Amazon Machine Images (AMIs). ![]() When deploying software or infrastructure in the cloud it is a best practice to secure access behind a VPN. Deploying the infrastructure on AWS using Terraform.Configuring the Ansible playbooks and roles.Creating an Ansible Vault and variables.If you don’t wish to read the entire blog post you can take a look in the GitHub repository. This article is meant to demonstrate one possible way of integrating Packer, Ansible, Terraform and Pritunl (an open-source enterprise VPN) to deploy a VPN on AWS.īefore we continue, all the sources used in this blog post are available in this GitHub repository.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |