October 14, 2020 By Frederic Lavigne 3 min read

Virtual Private Cloud (VPC) comes with an additional layer of security because your workload can be completely hidden from the public Internet.

There are times, however, when you will want to get into this private network. A common practice is to use a bastion host to jump into your VPC from your local machine, for example. Another option is to install a VPN software inside your VPC to extend the secure VPC network to your local network.

OpenVPN is a popular VPN software solution that can be easily installed on a server, providing a simple way to reach all the servers in your VPC from your local machine.

Source code and instructions on how to deploy a fully functional example of this architecture can be found in GitHub. In this post, I will provide a high-level description of the steps.

Step 1: Deploy the infrastructure with Terraform

We use Terraform to create all the resources depicted above. We provision a VPC, a subnet, and one virtual server instance (the instance is not reachable from the public Internet). Then, we add the bastion. It is another virtual server instance, but it is accessible from the public Internet through a floating IP address. Finally we install OpenVPN on the bastion and connect to our VPN using OpenVPN client.

The set of Terraform files is built around four submodules:

  • vpc: Creates a VPC, a subnet, and rules in the default security group.
  • instance: Creates one (or more) instances in the specified VPC, distributing instances in the subnets.
  • bastion: Creates one host in a specific subnet.
  • ansible: Generates Ansible configuration files.

Step 2: Install software with Ansible

The second step — once the infrastructure is deployed — is to use Ansible to install OpenVPN. With Terraform, we generated the Ansible inventory together with the playbook to install OpenVPN on the bastion host. The rest is about running the right Ansible commands. After running the OpenVPN playbook, we find OpenVPN installed on the bastion and a generated client certificate to connect to the VPN.

Step 3: Connect with the OpenVPN client

Once OpenVPN Connect client is installed, point it to the OpenVPN configuration file generated under the ansible/client-config directory and connect to the VPN. The VPN will push the IBM Cloud private DNS configuration to your local machine, together with the right routes to access all VSIs within the VPC and the cloud service endpoints.

From there, you can connect to virtual server instances and to cloud service endpoints that are usually accessible only from within the IBM Cloud network directly from your local machine.

Feedback, questions, and suggestions

Go ahead and try the sample on your own from the GitHub source. Although the project creates its own VPC, it can be used as a starting point to deploy OpenVPN in your existing VPCs.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@L2FProd).

Was this article helpful?

More from Cloud

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

The advantages and disadvantages of private cloud 

6 min read - The popularity of private cloud is growing, primarily driven by the need for greater data security. Across industries like education, retail and government, organizations are choosing private cloud settings to conduct business use cases involving workloads with sensitive information and to comply with data privacy and compliance needs. In a report from Technavio (link resides outside ibm.com), the private cloud services market size is estimated to grow at a CAGR of 26.71% between 2023 and 2028, and it is forecast to increase by…

Optimize observability with IBM Cloud Logs to help improve infrastructure and app performance

5 min read - There is a dilemma facing infrastructure and app performance—as workloads generate an expanding amount of observability data, it puts increased pressure on collection tool abilities to process it all. The resulting data stress becomes expensive to manage and makes it harder to obtain actionable insights from the data itself, making it harder to have fast, effective, and cost-efficient performance management. A recent IDC study found that 57% of large enterprises are either collecting too much or too little observability data.…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters