Riaan's SysAdmin Blog

My tips, howtos, gotchas, snippets and stuff. Use at your own risk!

OCIOracleOracle Bare Metal Cloud ServicesVPN

OCI VPN Server PriTunl for clients

Sometimes you need more than a bastion for reaching your cloud resources. Bastions are great for SSH and RDP tunneling but really more limited to admins and administration. Of course site to site can be solved with OCI CPE and tunnels between colo/client networks.

There are several options for VPN servers and I use LibreSwan for testing site to site OCI tenancy VPN tunnels. LibreSwan could also work in a case of many users needing access to cloud resources but it is not easy to administer users etc.

So this time I tried a product called pritunl ( https://pritunl.com/ )

You should be able to use normal OpenVPN and I think even IPsec clients to connect. Pritunl also provide clients but ideally you should just be able to use anything generic.

Admin can easily add users and send an import file which includes your cert etc.. For me this worked well under Linux just using the generic network manager openvpn plugin but I need to verify Windows and Macs also.

https://docs.pritunl.com/docs/installation

$ sudo -s
# tee -a /etc/yum.repos.d/mongodb-org-3.4.repo << EOF
> [mongodb-org-3.4]
> name=MongoDB Repository
> baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/
> gpgcheck=1
> enabled=1
> gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
> EOF
[mongodb-org-3.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc

# tee -a /etc/yum.repos.d/pritunl.repo << EOF
> [pritunl]
> name=Pritunl Repository
> baseurl=https://repo.pritunl.com/stable/yum/centos/7/
> gpgcheck=1
> enabled=1
> EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/centos/7/
gpgcheck=1
enabled=1

# yum -y install epel-release
[snip]
Complete!

# grep disabled /etc/selinux/config 
#     disabled - No SELinux policy is loaded.
SELINUX=disabled

# gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
# gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
# yum -y install pritunl mongodb-org

# systemctl start mongod pritunl
# systemctl enable mongod pritunl
Created symlink from /etc/systemd/system/multi-user.target.wants/pritunl.service to /etc/systemd/system/pritunl.service.

Connect to web interface...

# firewall-cmd --zone=public --permanent --add-port=12991/udp
success
# systemctl restart firewalld

On VPN Server Removed 0.0.0.0/0 route and add 10.1.0.0/16
Install network-manager-openvpn on my Linux desktop and import file exported on vpn server
Connect to VPN server

# ping 10.1.1.7
PING 10.1.1.7 (10.1.1.7) 56(84) bytes of data.
64 bytes from 10.1.1.7: icmp_seq=1 ttl=63 time=46.4 ms

$ ssh -I /media/ssh-keys/OBMCS opc@10.1.1.7
Last login: Fri Dec 15 16:50:24 2017

admin

Bio Info for Riaan