Preface

OpenVPN is an open-source commercial software that implements Virtual Private Network (VPN) techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License.

Use Case

Some times you need to connect to your Virtual Datacenter over a Secured network. The commercial applications like, Palo Alto are very expensive. OpenVPN is an opensource implementation of IP/VPN server. You can install OpenVPN in your VDC and bring all your virtual machines under this Server. Later you will be connected to your VDC using this server.

Deployment

A high level diagram of the Deployment.

High Level Design

Setup

We have Three networks.

  • DB Network - 192.168.1.0/24
  • Web Farm - 172.18.10.0/24
  • VPN Network Out - 10.10.10.0/24

Virtual Machines under First two networks doesnt have a Floating IP Address. At the end, VMs residing on these network cannot be accessible from Internet directly. The third network, VPN Network Out , in this network we created Our VPN Server. And we will assign a Floating IP Address to this Server.

Installation

  • Create a Virtual Server. Preferrably Ubuntu 16.04
  • Download the Installation Script from Here
sudo bash openvpn-install.sh

The following screen will be Displayed. Installation Precheck

  • Script will Automatically Detect the Internal IP Address
  • By default 1194 UDP port will be used. You change this if you need.
  • The preferred DNS, I choose Google DNS, I trust Google very well :)
  • Finally, Enter a name for your Client Configuration file.
  • Hit Enter, and sit back

Script will automatically Download a lot of files and creating Certificates Installation on the Fly

Finally it will ask for your Floating IP Address, enter it and Finished.

VDC Configuration

  • Create a Router VPN-GW-Router
  • Add Interface, Choose all the Three Networks
  • Create a Security Group VPN-SG-Out
  • Add the below rules
Ingress	IPv4	UDP	1194	        0.0.0.0/0
Ingress	IPv4	TCP	22 (SSH)	0.0.0.0/0
Attach above Rule to VPN Server
  • Create a Security Group VPN-Access
  • Add the below rules
Ingress	IPv4	ANY	0 - 65535	10.8.0.0/24
Ingress	IPv4	ANY	0 - 65535	172.18.80.3/32
Attach above Rule to All the VMs you Created

Client Configuration

  • Download the Appropriate client from here
  • Install it
  • Open the Application
  • Import the File, Choose your Client Configuration
  • It will Open a Window, saying that You are Connected !!
Make sure you have added a Security Group rule for 1194 UDP for VPN Server
Make sure, 3 Interfaces added for your Router. This is for three Networks