Terraform module with create instance with Pritunl VPN on AWS.
module "vpn" {
source = "git@github.com:<repository_name>/terraform-aws-pritunl-vpn.git?ref=v0.0.0"
prefix = "example"
environment = "dev"
vpc_id = "vpc-xxx"
public_subnet_ids = ["subnet-xxx", "subnet-xxx", "subnet-xxx"]
private_subnet_ids = ["subnet-xxx", "subnet-xxx", "subnet-xxx"]
instance_type = "t3a.small"
is_create_route53_reccord = true
route53_zone_name = "example.com"
public_lb_vpn_domain = "vpn" #vpn.example.com
private_lb_vpn_domain = "vpn-console" #vpn-console.example.com
is_enabled_https_public = true
security_group_ingress_rules = {
allow_to_connect_vpn = {
port = "12383"
cidr_blocks = ["0.0.0.0/0"]
protocol = "udp"
}
}
tags = {
workspace = "local-test"
}
}
sudo pritunl default-password # save for first login
- Public Address : Set to
Public DNS nameorPublic Loadbalancerfor VPN Client ACCESS
- Username : New Username for Connect to VPN server
- New Password : New Password For For Connect to VPN server
- click on "Users" in nav bar
- click on "Add Organization"
-
click on "Servers" in nav bar
-
Click on "Add Server" Button
-
Config Server
- name: anything
- port: default must be 12383 (must be match with ingress policy)
- DNS Server: Default 8.8.8.8
- Virtual Network: Leave Default (CIDR must be avalible)
- Click on "Attach Organization" Button
-
Click on "Start Server" Button
-
Done
- Click on Users in NavBar
- Clicl on "Add User" Button
- Config User
- Name: anything
- Pin: password to access VPN
module "pritunl_vpn" {
. . .
is_enabled_https_public = false
}add security goups efs-client of new efs to old pritunl VPN
- go to ec2 console
- select old pritunl-vpn -> Actions -> Security -> Change security groups
- add security group client for mount EFS
- remote to old pritunl-vpn
- mount EFS
sudo mkdir /efs
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport <efs_dns_name>:/ /efsmongodump --db=pritunl #dump
mv dump/ /efs/dump #move dump to efsmongorestore /efs/dump
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 4.0.0 |
| Name | Version |
|---|---|
| aws | 4.36.0 |
| Name | Source | Version |
|---|---|---|
| efs | oozou/efs/aws | 1.0.4 |
| launch_template | oozou/launch-template/aws | 1.0.3 |
| Name | Type |
|---|---|
| aws_autoscaling_group.this | resource |
| aws_autoscaling_policy.this | resource |
| aws_iam_instance_profile.this | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy.this | resource |
| aws_iam_role_policy_attachment.this | resource |
| aws_lb.private | resource |
| aws_lb.public | resource |
| aws_lb_listener.private | resource |
| aws_lb_listener.public | resource |
| aws_lb_target_group.private | resource |
| aws_lb_target_group.public | resource |
| aws_route53_record.private | resource |
| aws_route53_record.public | resource |
| aws_security_group.this | resource |
| aws_security_group_rule.ingress | resource |
| aws_ami.amazon_linux | data source |
| aws_iam_policy_document.this | data source |
| aws_iam_policy_document.this_assume_role | data source |
| aws_route53_zone.this | data source |
| aws_vpc.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_sg_attacment_ids | (Optional) The ID of the security group. | list(string) |
[] |
no |
| ami | (Optional) AMI to use for the instance. Required unless launch_template is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting ami will override the AMI specified in the Launch Template | string |
"" |
no |
| custom_https_allow_cidr | cidr block for config pritunl vpn | list(string) |
null |
no |
| efs_backup_policy_enabled | If true, it will turn on automatic backups. |
bool |
true |
no |
| enable_ec2_monitoring | Enables/disables detailed monitoring | bool |
false |
no |
| enabled_backup | Enable Backup EFS | bool |
true |
no |
| environment | Environment Variable used as a prefix | string |
n/a | yes |
| instance_type | (Optional) The instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance. | string |
"t2.medium" |
no |
| is_create_private_lb | if true this module will not create private lb for cost optimization | bool |
true |
no |
| is_create_route53_reccord | if true will create route53 reccord for vpn, vpn console | bool |
false |
no |
| is_create_security_group | Flag to toggle security group creation | bool |
true |
no |
| is_enabled_https_public | if true will enable https to public loadbalancer else enable to private loadbalancer | bool |
true |
no |
| key_name | Key name of the Key Pair to use for the vpn instance; which can be managed using | string |
null |
no |
| prefix | The prefix name of customer to be displayed in AWS console and resource | string |
n/a | yes |
| private_lb_vpn_domain | domain of vpn console output will be <var.vpn_domain>.<var.route53_zone_name> | string |
"vpn-console" |
no |
| private_rule | private rule for run connect vpn | list(object({ |
[] |
no |
| private_subnet_ids | The List of the private subnet ID to deploy instance and private lb for vpn relate to VPC | list(string) |
n/a | yes |
| public_lb_vpn_domain | domain of vpn output will be <var.vpn_domain>.<var.route53_zone_name> | string |
"vpn" |
no |
| public_rule | public rule for run connect vpn | list(object({ |
[ |
no |
| public_subnet_ids | The List of the subnet ID to deploy Public Loadbalancer relate to VPC | list(string) |
n/a | yes |
| route53_zone_name | This is the name of the hosted zone | string |
"" |
no |
| security_group_ingress_rules | Map of ingress and any specific/overriding attributes to be created | any |
{ |
no |
| tags | Tags to add more; default tags contian {terraform=true, environment=var.environment} | map(string) |
{} |
no |
| vpc_id | The ID of the VPC | string |
n/a | yes |
| Name | Description |
|---|---|
| efs_dns_name | The DNS name for the filesystem |
| efs_id | The ID that identifies the file system for pritunl vpn |
| lb_private_dns | The DNS name of the private load balancer. |
| lb_public_dns | The DNS name of the public load balancer. |
| security_group_arn | ARN of the security group associated to this ec2 |
| security_group_id | ID of the security group associated to this ec2 |
| vpn_private_dns | private dns for connect vpn server |
| vpn_public_dns | public dns for connect vpn server |