You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

70 lines
2.4 KiB

.. _vpn:
Enough hosts can be connected to a public network (with public IP
addresses) and an internal network (with private IP addresses. When a
host is not connected to the public network, it can only be accessed
in two ways:
* By connecting to a host connected to both the public network and the
internal network.
* By connecting to the VPN (which is running on a host connected to
both the public network and the internal network).
The service is created on the host specified by the `--host` argument:
.. code::
$ enough --domain service create --host bind-host openvpn
VPN Server configuration
The `OpenVPN <>`__ server is configured with
variables (see `the documentation
VPN subnet
The default subnet used by the internal network and routed by the VPN
on the client machine is defined `in a configuration file
that may be modified in case it conflicts with an already used subnet.
VPN Clients creation
The certificates for clients to connect to the VPN will be created
from the list in the `openvpn_active_clients` variable in
using `this example
For each name in the `openvpn_active_clients` list, a `.tar.gz` file will be created in the
`~/.enough/` directory. For instance, for
.. code::
- loic
- glen
After running `enough --domain playbook`, the files
`~/.enough/` and
`~/.enough/` will be created and
will contain the credentials.
On Debian GNU/Linux the `.tar.gz` can be extracted in a `vpn`
directory and the `.conf` file it contains imported using the `Network
=> VPN` system settings.
VPN Clients retirement
When a client should no longer be allowed in the VPN, it must be added
in the `openvpn_retired_clients` list, using `this example