1 # Creating OpenVPN files for users
5 In order to follow the steps documented here, few things must be prepared
8 * Access to required below Nordix OpenVPN/Jump servers with sudo access to infra user,
9 +----------------+---------------+--------------------------------------+
10 | Nordix OpenVPN | IP ADDRESS | SSH ACCESS |
11 +================+===============+======================================+
12 | ONAP-CityCloud | 77.81.6.42 | ssh <USER_ID>@77.81.6.42 -p 52413 |
13 +----------------+---------------+--------------------------------------+
14 | ONAP-Xerces | 129.192.70.24 | ssh <USER_ID>@129.192.70.24 -p 52413 |
15 +----------------+---------------+--------------------------------------+
16 | Acumos | 91.106.193.58 | ssh <USER_ID>@91.106.193.58 -p 52413 |
17 +----------------+---------------+--------------------------------------+
19 * Ensure SSH key based authentication enabled between Openvpn server and CA
21 * Login to required Nordix OpenVPN/Jump server from your machine
23 * Install virtualenv, python3-minimal, python3-dev, and python3-pip
26 sudo apt install -y virtualenv python3-minimal python3-dev python3-pip
28 * Create and set virtualenv
30 virtualenv -p python3 .venv
31 source .venv/bin/activate
33 * Install Ansible 2.9.6
35 pip install ansible==2.9.6
38 ## Generate User ovpn file
40 * Login to OpenVPN/Jump server with your credentials
42 * Clone infra/tools repository from Nordix Gerrit
45 git clone "ssh://<USERNAME>@gerrit.nordix.org:29418/infra/tools" && scp -p -P 29418 <USERNAME>@gerrit.nordix.org:hooks/commit-msg "tools/.git/hooks/"
47 You are now ready to create ovpn files for users in project specific OpenVPN server,
49 * Switch to infra user in OpenVPN/Jump server
51 * Change directory to you home directory from where repo cloned
53 cd <YOUR_HOME_DIR>/tools/infra/openvpn_automation
54 source <YOUR_HOME_DIR>/.venv/bin/activate
55 ansible-playbook -i inventory/inventory.ini openvpn_user_setup.yaml -e "client_name=<USERNAME_TO_CREATE_OVPN_CERT>"
59 * Client user ID should be user's username (first character of user firstname + lastname)
60 * {{ client_name }} should be given as per specific OpenvVPN servers listed below,
61 +----------------+---------------+---------------------------+
62 | Nordix OpenVPN | CIDR | Client_name |
63 +================+===============+===========================+
64 | ONAP-CityCloud | 10.1.0.0/24 | client_userid.onap |
66 +----------------+---------------+---------------------------+
67 | ONAP-Xerces | 10.10.10.0/24 | client_userid.xerces.onap |
69 +----------------+---------------+---------------------------+
70 | Acumos | 10.1.0.0/24 | client_userid.acumos |
71 +----------------+---------------+---------------------------+
73 * Once user specific ovpn file is generated, this file should be shared with user's email with below instructions,
75 * Please install the openvpn on your laptop. Assuming you using Ubuntu:
76 $ sudo apt install openvpn
77 * Then you need to open the VPN connection using the .ovpn file which contain all the required certificates:
78 $ sudo openvpn --config {{ client_name }}.ovpn
79 * Now, you should have access to all the VMs directly from your laptop
80 $ nmap -n -sP <CIDR>/24
81 * In case you use Windows 10 OS, please use the community version of OpenVPN client:
82 https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.8-I602-Win10.exe
85 ## Revoke User ovpn file
87 * Login to required Nordix OpenVPN/Jump server from your machine
89 * Clone infra/tools repository from Nordix Gerrit
92 git clone "ssh://<USERNAME>@gerrit.nordix.org:29418/infra/tools && scp -p -P 29418 <USERNAME>@gerrit.nordix.org:hooks/commit-msg "tools/.git/hooks/"
94 You are now ready to revoke Openvpn access for users in project specific OpenVPN server,
96 * Switch to infra user in OpenVPN/Jump server
98 * Change directory to you home directory from where repo cloned
100 cd <YOUR_HOME_DIR>/tools/infra/openvpn_automation
101 source <YOUR_HOME_DIR>/.venv/bin/activate
102 ansible-playbook -i inventory/inventory.ini openvpn_user_revoke.yaml -e "client_name=<USERNAME_TO_REVOKE_ACCESS>"
105 * Client user ID should be user's username (first character of user firstname + lastname)
106 * {{ client_name }} should be given as per specific OpenvVPN servers listed below,
107 +----------------+---------------+---------------------------+
108 | Nordix OpenVPN | CIDR | Client_name |
109 +================+===============+===========================+
110 | ONAP-CityCloud | 10.1.0.0/24 | client_userid.onap |
112 +----------------+---------------+---------------------------+
113 | ONAP-Xerces | 10.10.10.0/24 | client_userid.xerces.onap |
114 | | 172.16.0.0/16 | |
115 +----------------+---------------+---------------------------+
116 | Acumos | 10.1.0.0/24 | client_userid.acumos |
117 +----------------+---------------+---------------------------+