AWS VPN (Pritunl) Terraform Module
Terraform module with create instance with Pritunl VPN on AWS.
module "vpn" {
source = " [email protected] :<repository_name>/terraform-aws-pritunl-vpn.git?ref=v0.0.0"
prefix = " example"
environment = " dev"
vpc_id = " vpc-xxx"
public_subnet_ids = [" subnet-xxx" , " subnet-xxx" , " subnet-xxx" ]
private_subnet_ids = [" subnet-xxx" , " subnet-xxx" , " subnet-xxx" ]
instance_type = " t3a.small"
is_create_route53_reccord = true
route53_zone_name = " example.com"
public_lb_vpn_domain = " vpn" # vpn.example.com
private_lb_vpn_domain = " vpn-console" # vpn-console.example.com
is_enabled_https_public = true
security_group_ingress_rules = {
allow_to_connect_vpn = {
port = " 12383"
cidr_blocks = [" 0.0.0.0/0" ]
protocol = " udp"
}
}
tags = {
workspace = " local-test"
}
}
HOW TO SET UP PRITUNL-VPN
GO TO SSM CONSOLE FOR SESSION MANAGER
sudo pritunl default-password # save for first login
Public Address : Set to Public DNS name
or Public Loadbalancer
for VPN Client ACCESS
Username : New Username for Connect to VPN server
New Password : New Password For For Connect to VPN server
click on "Users" in nav bar
click on "Add Organization"
Attach Origanization to Server
Click on "Attach Organization" Button
Click on Users in NavBar
Clicl on "Add User" Button
Config User
Name : anything
Pin : password to access VPN
Set VPN Server to Private
module "pritunl_vpn" {
. . .
is_enabled_https_public = false
}
Mount New EFS to Old Pritunl VPN
Config Security Group Client
add security goups efs-client of new efs to old pritunl VPN
go to ec2 console
select old pritunl-vpn -> Actions -> Security -> Change security groups
add security group client for mount EFS
Mount New EFS To Old Pritunl VPN
remote to old pritunl-vpn
mount EFS
sudo mkdir /efs
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport < efs_dns_name> :/ /efs
Dump Mongodb From Old Pritunl VPN
mongodump --db=pritunl # dump
mv dump/ /efs/dump # move dump to efs
Restore MongoDB in New Pritunl VPN
Name
Source
Version
efs
oozou/efs/aws
1.0.4
launch_template
oozou/launch-template/aws
1.0.3
Name
Description
Type
Default
Required
additional_sg_attacment_ids
(Optional) The ID of the security group.
list(string)
[]
no
ami
(Optional) AMI to use for the instance. Required unless launch_template is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting ami will override the AMI specified in the Launch Template
string
""
no
custom_https_allow_cidr
cidr block for config pritunl vpn
list(string)
null
no
efs_backup_policy_enabled
If true
, it will turn on automatic backups.
bool
true
no
enable_ec2_monitoring
Enables/disables detailed monitoring
bool
false
no
enabled_backup
Enable Backup EFS
bool
true
no
environment
Environment Variable used as a prefix
string
n/a
yes
instance_type
(Optional) The instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance.
string
"t2.medium"
no
is_create_private_lb
if true this module will not create private lb for cost optimization
bool
true
no
is_create_route53_reccord
if true will create route53 reccord for vpn, vpn console
bool
false
no
is_create_security_group
Flag to toggle security group creation
bool
true
no
is_enabled_https_public
if true will enable https to public loadbalancer else enable to private loadbalancer
bool
true
no
key_name
Key name of the Key Pair to use for the vpn instance; which can be managed using
string
null
no
prefix
The prefix name of customer to be displayed in AWS console and resource
string
n/a
yes
private_lb_vpn_domain
domain of vpn console output will be <var.vpn_domain>.<var.route53_zone_name>
string
"vpn-console"
no
private_rule
private rule for run connect vpn
list(object({ port = number protocol = string health_check_port = number health_check_protocol = string }))
[]
no
private_subnet_ids
The List of the private subnet ID to deploy instance and private lb for vpn relate to VPC
list(string)
n/a
yes
public_lb_vpn_domain
domain of vpn output will be <var.vpn_domain>.<var.route53_zone_name>
string
"vpn"
no
public_rule
public rule for run connect vpn
list(object({ port = number protocol = string health_check_port = number health_check_protocol = string }))
[ { "health_check_port": 443, "health_check_protocol": "TCP", "port": 12383, "protocol": "UDP" } ]
no
public_subnet_ids
The List of the subnet ID to deploy Public Loadbalancer relate to VPC
list(string)
n/a
yes
route53_zone_name
This is the name of the hosted zone
string
""
no
security_group_ingress_rules
Map of ingress and any specific/overriding attributes to be created
any
{ "allow_to_connect_vpn": { "cidr_blocks": [ "0.0.0.0/0" ], "port": "12383", "protocol": "udp" } }
no
tags
Tags to add more; default tags contian {terraform=true, environment=var.environment}
map(string)
{}
no
vpc_id
The ID of the VPC
string
n/a
yes