Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Ansible playbook to set up a L2TP/IPSEC VPN
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Ansible playbook to set up a L2TP/IPSEC VPN

RaymiiRaymii Member
edited March 2013 in General

People are asking for scripts to set up a VPN! This is even better, it is an Ansible playbook which sets up a L2TP/IPSEC VPN! The only thing you need to edit is the Shared Secret...

It sets up the VPN as described here: https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_with_Ubuntu_12.04.html
It sets up local user authentication via PAM, so no passwords in text files. Tested and supported on Ubuntu 10.04+.

Read here how to set up Ansible, it is really simple and requires no additional software on your VPS (except Python)

Then, clone the repo and run the playbook:
https://github.com/RaymiiOrg/ansible/tree/master/vpn

ansible-playbook -s vpn.yml

(Don't forget to change the host and user)

You're all welcome.

Comments

  • netomxnetomx Moderator, Veteran

    Doesn't work for ovz right?

  • Yes it does, ask your provider if they support IPSEC/L2TP. Using it successfully on BuyVM (@francisco), RAM Host and MisterHost. Also VPSSlim.

  • Never worked with ansible. How do you add the inventory needed for this playbook?
    I just changed the vars in vpn.yml like this:

    distro: "Debian
    pkg_mgr: "apt"
    pbname: "my.host.name"
    ipv4_address: "123.123.123.123"
    shared_secret: "mypsk"

    But still I get an error: "ERROR: Unable to find an inventory file, specify one with -i ?"

  • mpkossenmpkossen Member
    edited April 2013

    You probably didn't put your hosts file in /etc/ansible. You can specify the location of your hosts file with -i, like:

    ansible-playbook all -i /home/user/ansible/hosts vpn.yml
    

    What is the command you run?

  • RaymiiRaymii Member
    edited April 2013

    @chrisp you should not change pbname and ipv4_address, Ansible does that for you. Change it back.

    Create a ~/ansible_hosts file with the following contents:

    [vpn]
    put-your-server-ip-here
    

    and then run the ansible-playbook with:

    ansible-playbook vpn -i ~/ansible_hosts vpn.yml
    
  • I did run it with
    ansible-playbook -s vpn.yml, which didn't work.

    I created a hosts file now with

    [vpn] 127.0.0.1

    But now its failing with

    fatal: [127.0.0.1] => failed to transfer file to /setup:

    I certainly have to mess about with ansible a little more, thought it would work right out of the box.

  • @chrisp Read the getting started guide linked in the first post. It'll help you.

  • netomxnetomx Moderator, Veteran

    @Raymii Thanks, will try to set it up

  • chrispchrisp Member
    edited April 2013

    I just don't get it working, here is exactly what I did:

    Reinstalled testing system (Debian 6 minimal)

    Added:
    deb http://ppa.launchpad.net/rquillo/ansible/ubuntu lucid main deb-src http://ppa.launchpad.net/rquillo/ansible/ubuntu lucid main

    to make sure all dependencies are correct (On the first testing system I installed it via sources)

    apt-get install ansible

    ssh-keygen -t rsa
    and added it to known hosts..ssh 127.0.0.1 is working

    apt-get install git-core

    git clone https://github.com/RaymiiOrg/ansible.git

    edited vpn.yml, changed sudo to False, user to root, changed secret key

    edited /etc/ansible/hosts to

    [vpn] 127.0.0.1

    Ok, testing..

    ansible all -m ping

    looks good:
    127.0.0.1 | success >> { "changed": false, "ping": "pong" }

    But then with your playbook came lots of errors and those python errors are not helpful at all..

    Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/ansible/runner/__init__.py", line 65, in _executo r_hook result_queue.put(multiprocessing_runner._executor(host)) File "<string>", line 2, in put File "/usr/lib/python2.6/multiprocessing/managers.py", line 725, in _callmethod conn.send((self._id, methodname, args, kwds)) IOError: [Errno 32] Broken pipe Process Process-3: Traceback (most recent call last): File "/usr/lib/python2.6/multiprocessing/process.py", line 232, in _bootstrap self.run() File "/usr/lib/python2.6/multiprocessing/process.py", line 88, in run self._target(*self._args, **self._kwargs) File "/usr/lib/pymodules/python2.6/ansible/runner/__init__.py", line 62, in _executo r_hook while not job_queue.empty(): File "<string>", line 2, in empty File "/usr/lib/python2.6/multiprocessing/managers.py", line 725, in _callmethod conn.send((self._id, methodname, args, kwds)) IOError: [Errno 32] Broken pipe 32 ERROR: interupted

    Edit: Changed Sudo back to True, but still getting:

    `GATHERING FACTS *********************
    fatal: [127.0.0.1] => failed to transfer file to /setup:

    command-line: line 0: Bad configuration option: ControlPersist
    Couldn't read packet: Connection reset by peer
    `

    Edit2: Really, what is this? I can run one ansible command 5 times and get 3 different errors! Sorry, but this is really strange..

  • RaymiiRaymii Member
    edited April 2013

    @chrisp said: Reinstalled testing system (Debian 6 minimal)

    Added:

    deb http://ppa.launchpad.net/rquillo/ansible/ubuntu lucid main
    deb-src http://ppa.launchpad.net/rquillo/ansible/ubuntu lucid main

    to make sure all dependencies are correct (On the first testing system I installed it via sources)

    apt-get install ansible

    ssh-keygen -t rsa

    and added it to known hosts..ssh 127.0.0.1 is working

    apt-get install git-core

    Dude...

    sudo apt-get install python-pip python-yaml build-essential
    sudo pip install ansible
    

    (Gets you a more recent version as well)

    Which version of Ansible are you running

    ansible --version
    ansible 1.0
    

    The playbook is written and tested for 1.0. Don't know how it works on lower versions...

  • DavidxDavidx Member
    edited April 2013

    @Raymii said: Then, clone the repo

    You lost me there :P

    Cloning into /*******/***...

    fatal: https://github.com/RaymiiOrg/ansible/tree/master/vpn/info/refs not found: did you run git update-server-info on the server?

    I just got the zip instead..idk.

Sign In or Register to comment.