ttlequals0 / autovpn Goto Github PK
View Code? Open in Web Editor NEWCreate On Demand Disposable OpenVPN Endpoints on AWS.
License: MIT License
Create On Demand Disposable OpenVPN Endpoints on AWS.
License: MIT License
On Ubuntu 16.10, i have a error. Permission problems on know_hosts ?
Thanks for your help
Instance has been created XX.XXX.XXX.XXX
Giving new instance some time to fully boot up...
XX.XXX.XXX.XXX is still booting...
XX.XXX.XXX.XXX is still booting...
Setting up VPN on XX.XXX.XXX.XXX
Warning: Permanently added 'XX.XXX.XXX.XXX' (ECDSA) to the list of known hosts.
Permission denied (publickey).
lost connection
Error code 5
With ASG you can make sure that the instance is automatically replaced if it crashes or taken down by AWS.
With Elastic IP you can make sure that the address doesn't change when this happens.
there is no options for DigitalOcean ?
Getting the following error tried with nano and small instance types as well
โ autovpn git:(master) ./autovpn -C -r us-east-1 -k us-east-1_vpnkey.pem
Creating ec2 instance in us-east-1. This can take some time...
Traceback (most recent call last):
File "./scripts/create_ec2.py", line 69, in <module>
auto_vpn()
File "./scripts/create_ec2.py", line 54, in auto_vpn
user_data=user_data)
File "/usr/local/lib/python2.7/site-packages/boto/ec2/connection.py", line 977, in run_instances
verb='POST')
File "/usr/local/lib/python2.7/site-packages/boto/connection.py", line 1208, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>VPCResourceNotSpecified</Code><Message>The specified instance type can only be used in a VPC. A subnet ID or network interface ID is required to carry out the request.</Message></Error></Errors><RequestID>112fa4aa-383c-4511-8120-6117b6574974</RequestID></Response>
Error code 4
Since the EC2 instance is solely for openvpn (at least for some of the users), it would make sense to use a port with QoS, for example 443.
It would be great to make 443 the default port, or add the option to specify the port wanted.
Hi,
Thanks again for this excellent script. I'm using it with AWS and it works perfectly.
Do you know of a similar existing project for deployment on Microsoft Azure.
Do you think it would take a lot of work to adapt it to work with Azure ?
Thanks !
Funny thing, I deleted my default VPC. How do we set the VPC we want to use?
So, I am getting bail 4
error and upon further investigation, it seems that the ip_address being returned is None
. Any help?
First off, thank you for this and very sweat program.
I have created as a test one instance in eu-central. I terminated the instance in AWS. Tried to create a fresh key in same region but autovpn tells me the key already exist.
I have deleted the key for instance eu-central-1 which I had forgotten.
I got confused as far as the result of # ./autovpn -S -r eu-central-1. It says the instance is running which is the case but thought it still believed the OpenVPN was still running on the instance. In fact, I am getting the message "Instances running in eu-central-1" because there is indeed another instance not related to autovpn running.
Is there a possibility to clarify the statement that we know the message is not referring to autovpn instance ?
first thanks for this tool.. I've used it countless times.. it works like a charm.. I have a customer who has a default vpc which contains the ec2 instance that runs this vpn.. and it also has a peered vpc which i can connect to if i ssh to the vpn ec2 instance.. however if i just connect to the vpn I can't ssh to the instances in the vpc that is peered to the one that the vpn ec2 is in.. sorry for being a noob.. <3
can't proceed further. I am getting error code 5 with no details
Any idea ?
Python 2 is end of life at the first of the year.
Hey there. I've got to step 3 of the installation instructions and I'm receiving the following error.
./autovpn -C -r us-west-2 -k us-west-2-vpnkey
Creating ec2 instance in us-west-2. This can take some time...
File "./scripts/create_ec2.py", line 31
except ec2.ResponseError, e:
^
SyntaxError: invalid syntax
Error code 4
I also tried generating a new keypair and I get the following :
./autovpn -G -r us-west-1
Generating new keypair for us-west-1.
File "./scripts/keygen.py", line 22
except ec2.ResponseError, e:
^
SyntaxError: invalid syntax
Key already exists in AWS
I'm wondering if I'm doing something wrong or if I've missed something. Any help would be appreciated. Thanks.
I am trying to test the -p flag for custom port. I want to start from scratch and have deleted keys but everytime I am trying to create a new key in different region aws I am getting the message "key already exists in aws"
I think the reason is
boto.exception.EC2ResponseError: EC2ResponseError: 401 Unauthorized
what did I miss ?
Hi there,
when i am running ./autovpn -C -r us-east-1 -k macbook
I am getting the following error:
Creating ec2 instance in us-east-1. This can take some time...
Traceback (most recent call last):
File "create_ec2.py", line 66, in <module>
auto_vpn()
File "create_ec2.py", line 51, in auto_vpn
user_data=user_data)
File "/usr/local/lib/python2.7/site-packages/boto/ec2/connection.py", line 977, in run_instances
verb='POST')
File "/usr/local/lib/python2.7/site-packages/boto/connection.py", line 1208, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>VPCResourceNotSpecified</Code><Message>The specified instance type can only be used in a VPC. A subnet ID or network interface ID is required to carry out the request.</Message></Error></Errors><RequestID>b864dabb-12b9-421a-8485-b675359b71dd</RequestID></Response>
Error code 4
Help is much appreciated
Thank you!
Ben
I successfully started an instance with autovpn -C -r us-east-1 -k private_key 2>&1 | tee autovpn.txt
. I then ran sudo openvpn2 us-east-1_aws_vpn.ovpn 2>&1 | tee openvpn.txt
. Chrome reports an error.
I have attached both logs.
Let me know if you need anything else, or if I've done something stupid. And here is the .ovpn file.
Hi, I keep getting this error
$ ./autovpn -G -r ap-southeast-2
Generating new keypair for ap-southeast-2.
ap-southeast-2_vpnkey has been created
Use ap-southeast-2_vpnkey as keyname to create endpoint.
$ ./autovpn -C -r ap-southeast-2 -k ap-southeast-2_vpnkey.pem
Creating ec2 instance in ap-southeast-2. This can take some time...
Traceback (most recent call last):
File "./scripts/create_ec2.py", line 66, in <module>
auto_vpn()
File "./scripts/create_ec2.py", line 51, in auto_vpn
user_data=user_data)
File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/boto/ec2/connection.py", line 977, in run_instances
verb='POST')
File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/boto/connection.py", line 1208, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>InvalidKeyPair.NotFound</Code><Message>The key pair 'ap-southeast-2_vpnkey.pem' does not exist</Message></Error></Errors><RequestID>af50df26-113d-40c8-921b-7a51c54feae6</RequestID></Response>
Error code 4
DESCRIPTION:
autovpn - AWS OpenVPN Deployment Tool.
Project found at https://github.com/ttlequals0/autovpn
USAGE:
ACTION [OPTIONS]
-C Create VPN endpoint.
-D Delete keypair from region.
-G Generate new keypair.
-S Get all running instances in a given region.
-T Terminate a OpenVPN endpoint.
-a Specify a custom ami.*
-h Displays this message.
-i AWS Instance type (Optional, Default is t2.micro)
t2.nano t2.micro t2.small t2.medium t2.large **
-k Specify the name of AWS keypair.
-m Allow multiple connections to same endpoint.
-r Specify AWS Region.
us-east-1 us-east-2 us-west-1 us-west-2 eu-west-1 eu-west-2
eu-central-1 ap-southeast-1 ap-northeast-1 ap-northeast-2
sa-east-1 ap-southeast-2 ap-south-1 ca-central-1.
-u Specify custom ssh user.***
-y Skip confirmations
-z Specify instance id.
EXAMPLES:
Create OpenVPN endpoint:
autovpn -C -r us-east-1 -k macbook
Generate keypar in a region.
autovpn -G -r us-east-1
Get running instances
autovpn -S -r us-west-1
Terminate OpenVPN endpoint
autovpn -T -r us-west-1 -z i-b933e00c
Using custom options
autovpn -C -r us-east-1 -k macbook -a ami-fce3c696 -u ec2_user -i m3.medium
NOTES:
* - Customs ami may be needed if changing instance type.
** - In reality any instance size can be given but the t2.micro
is more than enough.
*** - Custom user might be need if using a custom ami.
I dont understand why it keep saying key-pair not exist. any idea guys?
Hi, I can't seem to get this working
*Installed paramiko
*Installed boto
*Installed openvpn client
*Installed python-pip
mkvirtualenv -p python2 env/
source env/bin/activate
Spits back command not found and bash: env/bin/activate: No such file or directory
I tried ./autovpn -G -r us-east-1 & ./autovpn -G -r us-west-1 with error:
Generating new keypair for us-east-1.
Traceback (most recent call last):
File "./scripts/keygen.py", line 3, in
import boto
ImportError: No module named boto
Key already exists in AWS
I type ./autovpn -C -r us-east-1 -k us-east-1_vpnkey, man page comes up, nothing else. No matter what I try.
Edit**
New error
Generating
new keypair for us-east-1.
Traceback (most recent call last):
File "./scripts/keygen.py", line 11, in
conn_region = boto.ec2.connect_to_region(region)
File "/home/ubuntu/.local/lib/python2.7/site-packages/boto/ec2/init.py", line 66, in connect_to_region
connection_cls=EC2Connection, **kw_params)
File "/home/ubuntu/.local/lib/python2.7/site-packages/boto/regioninfo.py", line 220, in connect
return region.connect(**kw_params)
File "/home/ubuntu/.local/lib/python2.7/site-packages/boto/regioninfo.py", line 290, in connect
return self.connection_cls(region=self, **kw_params)
File "/home/ubuntu/.local/lib/python2.7/site-packages/boto/ec2/connection.py", line 103, in init
profile_name=profile_name)
File "/home/ubuntu/.local/lib/python2.7/site-packages/boto/connection.py", line 1100, in init
provider=provider)
File "/home/ubuntu/.local/lib/python2.7/site-packages/boto/connection.py", line 569, in init
host, config, self.provider, self._required_auth_capability())
File "/home/ubuntu/.local/lib/python2.7/site-packages/boto/auth.py", line 1021, in get_auth_handler
'Check your credentials' % (len(names), str(names)))
boto.exception.NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. ['HmacAuthV4Handler'] Check your credentials
Key already exists in AWS
How hard would it be to add the ability to deploy this into an existing VPC?
The VPN script works really well, however, just curious as to why when I create a new node without a public IP address, I am able to SSH into the machine but the machine can't connect to the internet. Any thoughts?
i got the some errors,
Generating new keypair for eu-central-1.
Traceback (most recent call last):
File "./scripts/keygen.py", line 11, in <module>
conn_region = boto.ec2.connect_to_region(region)
File "/usr/local/lib/python2.7/site-packages/boto-2.45.0-py2.7.egg/boto/ec2/__init__.py", line 66, in connect_to_region
return region.connect(**kw_params)
File "/usr/local/lib/python2.7/site-packages/boto-2.45.0-py2.7.egg/boto/regioninfo.py", line 187, in connect
return self.connection_cls(region=self, **kw_params)
File "/usr/local/lib/python2.7/site-packages/boto-2.45.0-py2.7.egg/boto/ec2/connection.py", line 103, in __init__
profile_name=profile_name)
File "/usr/local/lib/python2.7/site-packages/boto-2.45.0-py2.7.egg/boto/connection.py", line 1100, in __init__
provider=provider)
File "/usr/local/lib/python2.7/site-packages/boto-2.45.0-py2.7.egg/boto/connection.py", line 569, in __init__
host, config, self.provider, self._required_auth_capability())
File "/usr/local/lib/python2.7/site-packages/boto-2.45.0-py2.7.egg/boto/auth.py", line 997, in get_auth_handler
'Check your credentials' % (len(names), str(names)))
boto.exception.NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. ['HmacAuthV4Handler'] Check your credentials
Key already exists in AWS
what could it be meaning ?
Currently this project works well. However you generate VPN keys and don't provide even rudimentary documentary on how to apply these settings on any OS.
I tried to follow the step-by-step but couldn't generate a keypair because something was broken in the authentication step.
Googling revealed that most ~/.aws/credentials files have a header of [default]
, and when I changed my credentials file to use that section header the -G flag worked.
I recommend updating docs in Dependencies, step 3 to reflect this.
(on MacOS Sierra latest)
Set the -p flag on port 443 and created two vpn in two different regions successfully.
In both region I had issue connection to the VPN. The connection was not successful probably due to some DNS issue; time out on the connection which is very symptomatic of bad DNS. The connection to the VPN was always successful. I do not have that issue with standard port.
Anyone else had the issue ?
Hi,
I may fork your script as it's very close to my need.
I would suggest an option to set an elastic-ip to the started ec2 instance : useful in case you have some IP-based security.
(give the eip-alloc id as option argument is probably what I'll try)
feel free to close, it's just a suggestion.
[feature request]
Add support for AWS LightSail (less-expensive alternative to EC2).
Running
./autovpn -G -r us-east-1
I get the following error
Generating new keypair for us-east-1.
Traceback (most recent call last):
File "./scripts/keygen.py", line 36, in <module>
generate_key()
File "./scripts/keygen.py", line 20, in generate_key
key = ec2.get_all_key_pairs(keynames=[key_name])[0]
File "/usr/local/lib/python2.7/dist-packages/boto/ec2/connection.py", line 2836, in get_all_key_pairs
[('item', KeyPair)], verb='POST')
File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 1186, in get_list
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 403 Forbidden
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>UnauthorizedOperation</Code><Message>You are not authorized to perform this operation.</Message></Error></Errors><RequestID>1774ef84-4d05-4f66-8774-737b5db4202b</RequestID></Response>
Key already exists in AWS
Ok, the key already exists. However, the next step
./autovpn -C -r us-east-1 -k us-east-1_vpnkey
also results in an error
Traceback (most recent call last):
File "./scripts/create_ec2.py", line 69, in <module>
auto_vpn()
File "./scripts/create_ec2.py", line 30, in auto_vpn
group = ec2.get_all_security_groups(groupnames=[group_name])[0]
File "/usr/local/lib/python2.7/dist-packages/boto/ec2/connection.py", line 2984, in get_all_security_groups
[('item', SecurityGroup)], verb='POST')
File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 1186, in get_list
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 403 Forbidden
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>UnauthorizedOperation</Code><Message>You are not authorized to perform this operation.</Message></Error></Errors><RequestID>5fcb205d-a147-45ea-91f1-05c5a7515af4</RequestID></Response>
Error code 4
Any idea what operation is not authorized and how I give myself permissions? I checked the username in IAM associated with my secret key and it has AdministratorAccess permissions. I also verified my aws_access_key_id
.
autovpn -S -r us-east-1
reports
No instances running in us-east-1
I deleted the keypair using
autovpn -C -r us-east-1 -D us-east-1_vpnkey
but I still get an EC2ResponseError: 403 Forbidden
message.
I also used the IAM Policy Simulator to check the create/delete key policy, and it reports allowed.
Hi,
Great script, helps tons !
We tried to use the same config file that was generated on multiple clients but each time it disconnects the other one.
It seems only one user would be allowed at the same time.
Do you know of a way to generate multiple client keys for the OpenVPN Server (one per client) ?
Can you think of a better way ? Maybe username/password for each client ?
Thanks
After starting an instance, running openvpn
, and terminating it, the command autovpn -T -r us-east-1
does not stop the instance.
I also tried autovpn -T -r us-east-1 -i instance_id
. The instance_id can be obtained from the EC2 console or via aws ec2 describe-instances
.
Getting the following error when trying to create an endpoint in eu-west-2 region.
Creating ec2 instance in eu-west-2. This can take some time...
Traceback (most recent call last):
File "./scripts/create_ec2.py", line 66, in <module>
auto_vpn()
File "./scripts/create_ec2.py", line 31, in auto_vpn
except ec2.ResponseError, e:
AttributeError: 'NoneType' object has no attribute 'ResponseError'
Error code 4
Gets this far:
Giving new instance some time to fully boot up...
xx.xx.xx.xx is still booting...
Setting up VPN on xx.xx.xx.xx
Warning: Permanently added 'xx.xx.xx.xx' (ECDSA) to the list of known hosts.
Permission denied (publickey).
lost connection
Error code 5
Not sure what the debug procedure would be here. Likely PEBCAK, but I'm stuck.
Thanks for a great repo, I'm trying to get this to work but can't find a way to boot a t2.micro instance since it says that it has to be inside a VPC? How can we specify a VPC id?
autovpn_1 | Creating ec2 instance in us-east-1. This can take some time...
autovpn_1 | Traceback (most recent call last):
autovpn_1 | File "./scripts/create_ec2.py", line 69, in <module>
autovpn_1 | auto_vpn()
autovpn_1 | File "./scripts/create_ec2.py", line 54, in auto_vpn
autovpn_1 | user_data=user_data)
autovpn_1 | File "/usr/local/lib/python3.6/site-packages/boto/ec2/connection.py", line 977, in run_instances
autovpn_1 | verb='POST')
autovpn_1 | File "/usr/local/lib/python3.6/site-packages/boto/connection.py", line 1208, in get_object
autovpn_1 | raise self.ResponseError(response.status, response.reason, body)
autovpn_1 | boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
autovpn_1 | <?xml version="1.0" encoding="UTF-8"?>
autovpn_1 | <Response><Errors><Error><Code>VPCResourceNotSpecified</Code><Message>The specified instance type can only be used in a VPC. A subnet ID or network interface ID is required to carry out the request.</Message></Error></Errors><RequestID>3e3576b0-8b22-4239-9e4a-27b2bd11e15d</RequestID></Response>
autovpn_1 | Error code 4
Hi,
Just wonder what I should do for enabling dual ways connections? Have done:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.