Inventory: <div class="snippet-clipboard-content notranslate position-relative ove

Results: All Fedora versions needed

Also, official Fedora ami list is on <a href="https://alt.fedoraproject.org/cloud/" re

Test latest changes on AWS about ansible-role-openvpn HOT 7 CLOSED

kyl191 commented on May 24, 2024

Test latest changes on AWS

from ansible-role-openvpn.

Comments (7)

robvadai commented on May 24, 2024 1

I can confirm this role works fine on an EC2 instance running Debian 10 Buster. Networking, everything is working fine.

from ansible-role-openvpn.

kyl191 commented on May 24, 2024

Ubuntu 14.04 installs 2.3.2, which doesn't support tls-min-version:

root@ip-172-30-0-175:/etc/openvpn# openvpn --config openvpn_udp_1194.conf
Options error: Unrecognized option or missing parameter(s) in openvpn_udp_1194.conf:15: tls-version-min (2.3.2)
Use --help for more information.
root@ip-172-30-0-175:/etc/openvpn# openvpn --version
OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <[email protected]>
Compile time defines: .. elided ..
root@ip-172-30-0-175:/etc/openvpn# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.5 LTS
Release:        14.04
Codename:       trusty

from ansible-role-openvpn.

kyl191 commented on May 24, 2024

Fedora 25 (Fedora-Cloud-Base-25-20170214.0.x86_64-us-east-1-HVM-gp2-0 (ami-ef70bff9)) works fine, as does Ubuntu 16.04 with the UFW changes in #27

Ubuntu 16.10 is fighting against being run in docker, systemd is somehow not installed.

from ansible-role-openvpn.

kyl191 commented on May 24, 2024

14.04 doesn't work with CI, but works on AWS.

16.10 added to CI.

from ansible-role-openvpn.

kyl191 commented on May 24, 2024

Inventory:

overarch["fedora"] = {
    "hosts": ["52.90.230.44", "174.129.77.124", "54.89.14.38"],
    "vars": {
        "ansible_user": "fedora",
        "ansible_become": True,
        "remote_user": "root",
        "ansible_python_interpreter": "/usr/bin/python3"
    }
}

overarch["debian"] = {
    "hosts": ["54.161.120.124", "54.157.27.185"],
    "vars": {
        "ansible_user": "admin",
        "ansible_become": True,
        "remote_user": "root",

    }
}

overarch["ubuntu"] = {
    "hosts": ["52.90.65.247", "52.55.26.20"],
    "vars": {
        "ansible_user": "ubuntu",
        "ansible_become": True,
        "remote_user": "root"
    }
}

overarch["ubuntu3"] = {
    "hosts": ["54.152.63.131", "52.203.77.150"],
    "vars": {
        "ansible_user": "ubuntu",
        "ansible_become": True,
        "remote_user": "root",
        "ansible_python_interpreter": "/usr/bin/python3"
    }
}

overarch["vpn"] = {"children": ["ubuntu", "ubuntu3", "debian", "fedora"], "hosts":[]}

Playbook:

- hosts: vpn
  become: yes
  pre_tasks:
    - name: Install firewalld for Fedora
      package:
        name: firewalld
        state: present
      when: ansible_distribution == "Fedora"

    - name: Install ufw for Debian
      package:
        name: ufw
        state: present
        update_cache: yes
      when: ansible_distribution == "Debian"

    - name: Install python2 for Ubuntu >=16.*
      package:
        name: python
        state: present
      when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int >= 16

    - name: Reset python interpreter for Ubuntu >=16.*
      set_fact:
        ansible_python_interpreter: /usr/bin/python
      when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int >= 16

    - name: Disable modern TLS on Ubuntu <= 14.04 and Debian 7
      set_fact:
        openvpn_use_modern_tls: false
      when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int <= 14 or ansible_distribution == "Debian" and ansible_distribution_major_version|int == 7

    - name: Disable verify CN on Ubuntu 12.04 and Debian 7
      set_fact:
        openvpn_verify_cn: false
      when: ansible_distribution_release == "precise" or ansible_distribution == "Debian" and ansible_distribution_major_version|int == 7

  roles:
    - {role: kyl191.openvpn,
      clients: [desktop],
      openvpn_generate_unified_client_conf: true}

from ansible-role-openvpn.

kyl191 commented on May 24, 2024

Results:

All Fedora versions needed "ansible_python_interpreter": "/usr/bin/python3" set as Python 2 isn't installed. They also needed firewalld installed, but that's likely due to stripped down cloud images. Other than that, playbook was successful.
Ubuntu 16.* also needed the python interpreter set as Python 2 isn't installed. However, the blockinfile module isn't Py3 ready, necessitating installing Python 2, then switching the interpreter.
The version of OpenVPN in Ubuntu <=14.04 isn't compatible with the tls-version-min configuration option. Workaround is setting openvpn_use_modern_tls to false.
The version of OpenVPN in Ubuntu 12.04 and Debian 7 isn't compatible with the verify-x509-name configuration option either. Workaround is setting openvpn_verify_cn to false.
Debian doesn't appear to have a firewall installed by default. Chalking this one up to cloud images (and old ones at that). Workaround: Installing ufw, but after updating the apt cache.
The CentOS images on AWS are questionable.

from ansible-role-openvpn.

kyl191 commented on May 24, 2024

Also, official Fedora ami list is on https://alt.fedoraproject.org/cloud/, have to click 'deploy' then copy the ami ID

from ansible-role-openvpn.

Test latest changes on AWS about ansible-role-openvpn HOT 7 CLOSED

Comments (7)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent