Post

OpenVPN for Azure

ARM template for adding VM with a fully automated bootstrap script to create a VPN that automatically creates SSL certificates and allows easy management of users.

Video

Creation Process:

  1. Create a Resource groups
  2. Run Azure OpenVPN ARM template
  3. Edit VM Networking to create a user - Add inbound security rule for SSH port 22

Resources creation for VPN:

  • Resource group
  • Virtual network
  • Network Interface
  • Network security group
  • Virtual machine
  • Public IP address
  • Disk

Running ARM temp from Azure CLI

  1. Log in to Azure

    1
    
    az login
    
  2. Set the right subscription

    1
    
    az account set --subscription "your subscription id"
    
  3. Create the Resource group

    1
    2
    
    az account list-locations
    az group create --name "resource-group" --location "your location"
    
  4. Deploy the ARM template

    1
    
    az group deployment create --name "name of your deployment" --resource-group "resource-group" --template-file "./azuredeploy.json"
    
  5. In Azure CLI fill in “Linux OS Password” parameter

  • At least 12 characters
  • A mixture of both uppercase and lowercase letters
  • A mixture of letters and numbers
    1. Open SSH port for managing users
  • Visit VM Network
  • Enable SSH connection for the VM and after the managment is over disable it.

  1. Create or remove a VPN user Connect with SSH to the VM and use scripts to manage users. go to the /root folder and use:
    • Create user:
      1
      
      ./create_vpn_user firstname-lastname
      
    • Remove user:
      1
      
      ./revoke_vpn_user firstname-lastname
      
    • Fix network issues:
      1
      
      ./repair-net
      
    • Check who is connected to the VPN
      1
      
      cat /var/log/openvpn/openvpn-status.log | sed '/ROUTING/q' | head -n -1
      

      After the user is created send the one-time link to the user

This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.