This project intends to build a VPN using OpenVPN, it is desired to build de following network topology:
At this user case, a user outside the vnet network will be able to connect with the OpenVPN Server (20.20.0.230) using the server's public IP, and when the vpn connection is established he will be able to access both VM instances (20.20.0.230 and 30.30.0.10) using their private ip. Notice that there is a Vnet peering between the two vnets.
Also, the user will be able to query the private DNS (vpn.internal) and access the storage account privately using the Azure Private Endpoint. The storage account will be configured to reject all connection from public network.
This environment is totally build using Terraform
cd src/terraform
tfenv install
tfenv use
terraform init
terraform apply
First of all, will be necessary to execute a shell script at OpenVpn server using SSH in order to generate an user certificate
# executes the shell script to create the client certificate
# ssh <openvpn-vm-user>@<vm-public-ip> 'bash client-configs/make_config.sh <client-name>'
ssh -i ../../keys/key adminuser@13.68.155.51 'bash client-configs/make_config.sh tiago.missao'
# downloads the generated client certificate
# ssh <openvpn-vm-user>@<vm-public-ip>:client-configs/files/<client-name>.ovpn .
sftp -i ../../keys/key adminuser@13.68.155.51:client-configs/files/tiago.missao.ovpn .
After that, move the created certificate to the OpenVpn Client configuration folder ( on windows it will be C:\Program Files\OpenVPN\config
) and initiate the connection on the OpenVpn Client
I would like to register my special thanks to Leonardo Mendes for the insight with Bind9 and the DNS forward architecture.