Setup VPN IKEv2 Road Warrior with private/public key authentication for local side, username/password for Road Warrior client.
- Create private/public keys using Let's Encrypt for your domain.
- Automatic renewal of the keys.
- Install VPN IKEv2 Road Warrior using strongSwan.
- Configure Raspberry Pi firewall to allow VPN work properly.
- Ansible installed on your local machine.
- A Dynamic DNS that points to your home. Only if your internet service provider assigns a dynamic IP to you.
- Your firewall router:
- should forward VPN ports to your Raspberry Pi
UDP *:500 -> Raspberry Pi:500 UDP *:4500 -> Raspberry Pi:4500 - should forward port 80 (or 443) to allow Let's Encrypt to verify your domain ownership.
TCP *:80 (or 443) -> Raspberry Pi:80 (or 443) - should allow incoming VPN packets from outside.
You can find more information about firewall here.
From any host in wan, ESP protocol -> ALLOW From any host in wan, AH protocol -> ALLOW
- should forward VPN ports to your Raspberry Pi
- A Raspberry Pi with Raspbian (Debian) Stretch.
- ansible-role-certbot in order to get private/public keys for your domain.
I assume that you know how to use Ansible.
- Rename
hosts.exampletohosts, replaceYOUR-HOST-HEREwith your Raspberry Pi. More info here. - In
host_vars, rename the file name replacingYOUR-HOST-HEREwith your Raspberry Pi. In that file, replace UPPERCASE variables with your data. You can find more variables to customize in ansible-role-certbot. ansible-playbook -vv -i hosts vpn.ymlto start it.
Everything I made is open source. If you like what I'm doing and you want to support me, you can help me 😄!
- Sponsor me with Github
- Buy me a coffee
- Paypal