This message was deleted.
# aws
s
This message was deleted.
g
So wondering if anyone has setup a VPN Resource and then Connected to it ?
I downloaded the certs using..
Copy code
# store the valo user  public key, private key and cert
def write_file(filename: str):
    file = filename

    def partial_fun(data: str):
        with open(f"{file}", "w+") as file_obj:
            file_obj.write(data)

    return partial_fun


test_vpn_private_key.private_key_pem.apply(func=write_file(filename="test_key_private.pem"))
test_vpn_private_key.public_key_pem.apply(func=write_file(filename="test_key_public.pem"))
test_vpn_self_signed_cert.cert_pem.apply(func=write_file(filename="test_key_cert.pem"))
g
Can you elaborate on this?
but the certificate chain is not what it should be…
🙏 1
Are you getting an error?
g
@gentle-account-13294 are you still getting an error, or did you find a solution already?
g
@gentle-diamond-70147 @gifted-vase-28337 for now I have abandoned the usage of
pulumi-tls
library. I can see that the pem file that is saved for the
test_vpn_self_signed_cert
does not have the certificate chain. Hence I didn’t want to spend time with this approach. I got VPN to work by: • use the
easy-rsa
github repo • create the certs • upload the certs to AWS certificate manager. • NOTE: @gentle-diamond-70147 this i think has a bug in pulumi (or I’m not using the API correctly)… using the Pulumi API to upload the certs generated by
easy-rsa
does not work, gives a validation error. However the same thing works with using AWS CLI
aws acm import-certificate
• then configure rest of the VPN with pulumi
g
I'm sorry you weren't able to get it working. If you can share more about the specific error you were getting, I can take a deeper look.
g
Thanks !! I will DM u the bash script I have as well as the pulumi config.. u should be able to configure a VPN with it.
as a side question, is there a way to export the VPN config with pulumi ?
g
At quick glance it seems no, but based on the example output at https://docs.aws.amazon.com/cli/latest/reference/ec2/export-client-vpn-client-configuration.html#examples, I think you could construct this yourself. Looks like you need the
dnsName
output and couple other properties from the endpoint.
g
can i get the name of the endpoint configured ? e.g
cvpn-endpoint-123456789123abcde
ah..maybe the
dns_name
in general it would definitely be helpful to have more documentation or real world example with VPN.
happy to write a reference if need be 🙂 , since now we have a full fledged way that will be automated in next 2 weeks to create and configure a VPN using pulumi +
easy-rsa
+
bash
wondering if we should file a bug somewhere that we are not able to export the VPN config similar to above example ?