Merge pull request #10 from WhistleLabs/kj-openvpn-dns

Add configurable DNS configuration

Author: kjonick1

CHANGELOG.md

@@ -1,5 +1,10 @@
 ## Unreleased
 
+## 0.2.0
+
+#### IMPROVEMENTS:
+- Update server.conf with VPC DNS IP address
+
 ## 0.1.0
 
 #### BREAKING CHANGES:

certs/main.tf

@@ -196,6 +196,7 @@ data "template_file" "user_data" {
     s3_bucket        = "${var.s3_bucket}"
     s3_bucket_prefix = "${var.s3_bucket_prefix}"
     route_cidrs      = "${var.route_cidrs}"
+    vpc_dns_ip       = "${var.vpc_dns_ip}"
   }
 }
 

certs/templates/user_data.tpl

@@ -3,6 +3,7 @@
 ## https://github.com/WhistleLabs/terraform-aws-openvpn/pull/2
 runcmd:
   - echo "OPENVPN_CERT_SOURCE=s3://${replace(s3_bucket,"/(/)+$/","")}/${replace(s3_bucket_prefix,"/^(/)+|(/)+$/","")}" > /etc/openvpn/get-openvpn-certs.env
+  - echo 'push \"dhcp-option DNS ${vpc_dns_ip}\"' >> /etc/openvpn/server.conf
   - echo 'crl-verify /etc/openvpn/keys/crl.pem' >> /etc/openvpn/server.conf
   - echo "push \"route $(ip route get 8.8.8.8| grep src| sed 's/.*src \(.*\)$/\1/g') 255.255.255.255 net_gateway\"" >> /etc/openvpn/server.conf
   - echo "push \"route ${cidrhost(element(split(",",route_cidrs),1), 0)}  ${cidrnetmask(element(split(",",route_cidrs),1))}\"" >> /etc/openvpn/server.conf

certs/variables.tf

@@ -74,14 +74,20 @@ variable "s3_bucket_prefix" {
   default     = ""
 }
 
-variable "vpn_whitelist" {
+variable "ssh_whitelist" {
   type        = "string"
-  description = "Limit VPN access to the designated list of CIDRs"
+  description = "Limit SSH access to the designated list of CIDRs"
   default     = "0.0.0.0/0"
 }
 
-variable "ssh_whitelist" {
+variable "vpc_dns_ip" {
   type        = "string"
-  description = "Limit SSH access to the designated list of CIDRs"
+  description = "DNS IP address for the VPC."
+}
+
+variable "vpn_whitelist" {
+  type        = "string"
+  description = "Limit VPN access to the designated list of CIDRs"
   default     = "0.0.0.0/0"
 }
+