This playbook gives you handy OpenVPN servers including a local DNS cache (via unbound), fail2ban, unattended upgrades, and possibly a few other niceties.
The actual OpenVPN installation is done by openvpn-install.
You will need one or more preferrably virgin Debian Jessie (other distros: ymmv) based server(s). It can be a minimal install. It needs to be connected to the Internet. You don't need to set up any keys, just have the root password handy.
On first run, the playbook will login, install your current public key (found in ~/.ssh/id_rsa.pub) and then disable password authentication to make it more secure.
Ansible 2 is required. It's still quite new, so your favorite package manager might not have it yet. If that's the case, you'd have to run it form source.
If your package manager has Ansible 2, using that is preferred, obviously.
- Copy
production.exampletoproductionand adapt your inventory (servers). - Run the playbook using
ansible-playbook --ask-pass site.yml. - Profit!
In its last step, the playbook will try to download your .ovpn client configuration file(s) to ~/Downloads. Be sure this folder exists.
The .ovpn files can be used with openvpn on the command line or imported into tools like Tunnelblick or the OpenVPN clients for Android and iOS.
MIT.
I built this. By myself. On my computer.