Hi Anton I want to say than youuuuuuuuuuuuuuuuuuuuuuuuu!!! your tutorial is awesomeee!!! I have one question, at the step generete a certificate that you said that you don't set a passphrase to make it automatic, but you said it's dangerous, It's there any other option that would be less dangerous? Thank you in advance
Thank you Daniel! Well, the most conservative option, when you create your CA, always keep it offline and use only intermediate to sign certs:) At least restrict access to that machine and use a passphrase would be sufficient.
I am currently setting up a VPN endpoint for access to private resources, so thanks a lot. Am I right that the actions described in the first half of the video are basically the ones AWS does for us when using VPC endpoints?
I'm not sure about the VPC endpoint, but you can use the new AWS VPC client managed service that wasn't available when I was recording this video. You may still prefer your own OpenVPN deployments because it's much cheaper but requires knowledge of how to set up and maintance.
@@michaelvoznyanski6815 One major use case for a client VPN is the ability to use private DNS. For example, you can create a private Route 53 hosted zone "example.pvt" and expose some internal dashboards, maybe using Kubernetes ingress like "grafana.example.pvt." In that way, only your team members will be able to access internal services, keeping them secure without exposing them to the internet. There are other use cases as well.
1. do you have a script for OpenVPN on AWS with terraform? 2. is it possible to run OpenVPN on Kubernetes? is it recommended if not why? Would love to hear your opinion Thanks for the great content
Hi Anton, if I had to allow instances to differents tcp ports I must change the inbound rules? to for example see an app at port 4200 I chancge in the server security group inbound rules?
For example, you have an app deployed on EC2 instance that only has private ip address and you want to access it locally from your development host. You would need to create anther entry in app's EC2 security group to allow por 4200 and specify source as your OpenVPN security group.
I'm facing one issue "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) " can you please help me on that
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
Great video Anton!
Thanks Jordan, I think it's too complicated wanna make a new one without sso.
As always awesome tutorial!
Thanks again! :)
Holy moly, that's a lot of excellent info. Great tutorial, nice pace too! Thanks!!
Very welcome!
Thank you so much for the tutorial. I've learned a lot about some of AWS services and networking concepts as well
.
Thanks Trình!
👉 How to Manage Secrets in Terraform - ua-cam.com/video/3N0tGKwvBdA/v-deo.html
👉 Terraform Tips & Tricks - ua-cam.com/video/7S94oUTy2z4/v-deo.html
👉 ArgoCD Tutorial - ua-cam.com/video/zGndgdGa1Tc/v-deo.html
yours video is usefully understand way , thankq sir
Thank you:)
Hi Anton I want to say than youuuuuuuuuuuuuuuuuuuuuuuuu!!! your tutorial is awesomeee!!! I have one question, at the step generete a certificate that you said that you don't set a passphrase to make it automatic, but you said it's dangerous, It's there any other option that would be less dangerous? Thank you in advance
Thank you Daniel! Well, the most conservative option, when you create your CA, always keep it offline and use only intermediate to sign certs:) At least restrict access to that machine and use a passphrase would be sufficient.
@@AntonPutrathank you a lot, as soon as I get the salary I'll contribute with your channel!!
@@danieltelecentrThank you :)
I am currently setting up a VPN endpoint for access to private resources, so thanks a lot. Am I right that the actions described in the first half of the video are basically the ones AWS does for us when using VPC endpoints?
I'm not sure about the VPC endpoint, but you can use the new AWS VPC client managed service that wasn't available when I was recording this video. You may still prefer your own OpenVPN deployments because it's much cheaper but requires knowledge of how to set up and maintance.
@@AntonPutra why not simply use bastion host ec2 and ssh tunnelling?
@@michaelvoznyanski6815 One major use case for a client VPN is the ability to use private DNS. For example, you can create a private Route 53 hosted zone "example.pvt" and expose some internal dashboards, maybe using Kubernetes ingress like "grafana.example.pvt." In that way, only your team members will be able to access internal services, keeping them secure without exposing them to the internet. There are other use cases as well.
1. do you have a script for OpenVPN on AWS with terraform?
2. is it possible to run OpenVPN on Kubernetes? is it recommended if not why?
Would love to hear your opinion
Thanks for the great content
Unfortunately I don't have a script, but the idea of deploying it in k8s is interesting. I'll explore it and maybe create a tutorial.
I have done the setup, But I'm not able to connect to vpn
Hi Anton, if I had to allow instances to differents tcp ports I must change the inbound rules? to for example see an app at port 4200 I chancge in the server security group inbound rules?
For example, you have an app deployed on EC2 instance that only has private ip address and you want to access it locally from your development host. You would need to create anther entry in app's EC2 security group to allow por 4200 and specify source as your OpenVPN security group.
@@AntonPutra thanks a lot!!!
how to connect this openvpn server to another's vpc in different regions?
If you have VPC peering, you can just update /etc/openvpn/server.conf and push new routes or if not you need to deploy another openvpn instance
What should I do if I want to make it Site-Site. The machine that are in openvpnserver subnet can connect to the client?
for site to site i would suggest to use aws vpn managed service. have you tried it?
Yes I already tried it. It worked, but I want to use the opensource OVPN for my project.
I'm facing one issue "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) "
can you please help me on that
check firewall, issue with connection
please shere the all aws and devopps , videos .
will do :)
~$ easyrsa --version
easyrsa: command not found
(( Не пому почему так. Все по шпаргале
make sure you put it on your path, run "which easyrsa"