New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Ansible playbook to set up a L2TP/IPSEC VPN
People are asking for scripts to set up a VPN! This is even better, it is an Ansible playbook which sets up a L2TP/IPSEC VPN! The only thing you need to edit is the Shared Secret...
It sets up the VPN as described here: https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_with_Ubuntu_12.04.html
It sets up local user authentication via PAM, so no passwords in text files. Tested and supported on Ubuntu 10.04+.
Then, clone the repo and run the playbook:
https://github.com/RaymiiOrg/ansible/tree/master/vpn
ansible-playbook -s vpn.yml
(Don't forget to change the host and user)
You're all welcome.
Comments
Doesn't work for ovz right?
Yes it does, ask your provider if they support IPSEC/L2TP. Using it successfully on BuyVM (@francisco), RAM Host and MisterHost. Also VPSSlim.
Never worked with ansible. How do you add the inventory needed for this playbook?
I just changed the vars in vpn.yml like this:
distro: "Debian
pkg_mgr: "apt"
pbname: "my.host.name"
ipv4_address: "123.123.123.123"
shared_secret: "mypsk"
But still I get an error: "ERROR: Unable to find an inventory file, specify one with -i ?"
You probably didn't put your hosts file in /etc/ansible. You can specify the location of your hosts file with -i, like:
What is the command you run?
@chrisp you should not change pbname and ipv4_address, Ansible does that for you. Change it back.
Create a ~/ansible_hosts file with the following contents:
and then run the ansible-playbook with:
I did run it with
ansible-playbook -s vpn.yml
, which didn't work.I created a hosts file now with
[vpn] 127.0.0.1
But now its failing with
fatal: [127.0.0.1] => failed to transfer file to /setup:
I certainly have to mess about with ansible a little more, thought it would work right out of the box.
@chrisp Read the getting started guide linked in the first post. It'll help you.
@Raymii Thanks, will try to set it up
I just don't get it working, here is exactly what I did:
Reinstalled testing system (Debian 6 minimal)
Added:
deb http://ppa.launchpad.net/rquillo/ansible/ubuntu lucid main deb-src http://ppa.launchpad.net/rquillo/ansible/ubuntu lucid main
to make sure all dependencies are correct (On the first testing system I installed it via sources)
apt-get install ansible
ssh-keygen -t rsa
and added it to known hosts..ssh 127.0.0.1 is working
apt-get install git-core
git clone https://github.com/RaymiiOrg/ansible.git
edited vpn.yml, changed sudo to False, user to root, changed secret key
edited /etc/ansible/hosts to
[vpn] 127.0.0.1
Ok, testing..
ansible all -m ping
looks good:
127.0.0.1 | success >> { "changed": false, "ping": "pong" }
But then with your playbook came lots of errors and those python errors are not helpful at all..
Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/ansible/runner/__init__.py", line 65, in _executo r_hook result_queue.put(multiprocessing_runner._executor(host)) File "<string>", line 2, in put File "/usr/lib/python2.6/multiprocessing/managers.py", line 725, in _callmethod conn.send((self._id, methodname, args, kwds)) IOError: [Errno 32] Broken pipe Process Process-3: Traceback (most recent call last): File "/usr/lib/python2.6/multiprocessing/process.py", line 232, in _bootstrap self.run() File "/usr/lib/python2.6/multiprocessing/process.py", line 88, in run self._target(*self._args, **self._kwargs) File "/usr/lib/pymodules/python2.6/ansible/runner/__init__.py", line 62, in _executo r_hook while not job_queue.empty(): File "<string>", line 2, in empty File "/usr/lib/python2.6/multiprocessing/managers.py", line 725, in _callmethod conn.send((self._id, methodname, args, kwds)) IOError: [Errno 32] Broken pipe 32 ERROR: interupted
Edit: Changed Sudo back to True, but still getting:
`GATHERING FACTS *********************
fatal: [127.0.0.1] => failed to transfer file to /setup:
command-line: line 0: Bad configuration option: ControlPersist
Couldn't read packet: Connection reset by peer
`
Edit2: Really, what is this? I can run one ansible command 5 times and get 3 different errors! Sorry, but this is really strange..
deb http://ppa.launchpad.net/rquillo/ansible/ubuntu lucid main
deb-src http://ppa.launchpad.net/rquillo/ansible/ubuntu lucid main
and added it to known hosts..ssh 127.0.0.1 is working
Dude...
(Gets you a more recent version as well)
Which version of Ansible are you running
The playbook is written and tested for 1.0. Don't know how it works on lower versions...
You lost me there :P
fatal: https://github.com/RaymiiOrg/ansible/tree/master/vpn/info/refs not found: did you run git update-server-info on the server?
I just got the zip instead..idk.