sparse-intern-71089
12/17/2020, 12:43 AMgentle-account-13294
12/17/2020, 12:49 AMgentle-account-13294
12/17/2020, 1:00 AM# store the valo user public key, private key and cert
def write_file(filename: str):
file = filename
def partial_fun(data: str):
with open(f"{file}", "w+") as file_obj:
file_obj.write(data)
return partial_fun
test_vpn_private_key.private_key_pem.apply(func=write_file(filename="test_key_private.pem"))
test_vpn_private_key.public_key_pem.apply(func=write_file(filename="test_key_public.pem"))
test_vpn_self_signed_cert.cert_pem.apply(func=write_file(filename="test_key_cert.pem"))
gentle-diamond-70147
12/17/2020, 11:45 PMbut the certificate chain is not what it should be…
gentle-diamond-70147
12/17/2020, 11:46 PMgifted-vase-28337
12/18/2020, 10:19 PMgentle-account-13294
12/22/2020, 7:32 PMpulumi-tls
library. I can see that the pem file that is saved for the test_vpn_self_signed_cert
does not have the certificate chain. Hence I didn’t want to spend time with this approach.
I got VPN to work by:
• use the easy-rsa
github repo
• create the certs
• upload the certs to AWS certificate manager.
• NOTE: @gentle-diamond-70147 this i think has a bug in pulumi (or I’m not using the API correctly)… using the Pulumi API to upload the certs generated by easy-rsa
does not work, gives a validation error. However the same thing works with using AWS CLI aws acm import-certificate
• then configure rest of the VPN with pulumigentle-diamond-70147
12/22/2020, 7:34 PMgentle-account-13294
12/22/2020, 7:35 PMgentle-account-13294
12/22/2020, 7:36 PMgentle-account-13294
12/22/2020, 7:36 PMgentle-diamond-70147
12/22/2020, 7:46 PMdnsName
output and couple other properties from the endpoint.gentle-account-13294
12/22/2020, 7:47 PMcvpn-endpoint-123456789123abcde
gentle-account-13294
12/22/2020, 7:49 PMdns_name
gentle-account-13294
12/22/2020, 8:16 PMgentle-account-13294
12/22/2020, 8:17 PMeasy-rsa
+ bash
gentle-account-13294
12/22/2020, 8:58 PM