No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

So wondering if anyone has setup a VPN Resource and then Connected to it ?

I downloaded the certs using..
```
# store the valo user  public key, private key and cert
def write_file(filename: str):
    file = filename

    def partial_fun(data: str):
        with open(f"{file}", "w+") as file_obj:
            file_obj.write(data)

    return partial_fun


test_vpn_private_key.private_key_pem.apply(func=write_file(filename="test_key_private.pem"))
test_vpn_private_key.public_key_pem.apply(func=write_file(filename="test_key_public.pem"))
test_vpn_self_signed_cert.cert_pem.apply(func=write_file(filename="test_key_cert.pem"))```

Can you elaborate on this?

&gt; but the certificate chain is not what it should be…

<@U01AQ5NC7U6> are you still getting an error, or did you find a solution already?

<@UDEJ1F5SQ>  <@U018MB4EBM3> for now I have abandoned the usage of `pulumi-tls`  library. I can see that the pem file that is saved for the `test_vpn_self_signed_cert`  does not have the certificate chain. Hence I didn’t want to spend time with this approach.

I got VPN to work by:
• use the `easy-rsa`  github repo
• create the certs
• upload the certs to AWS certificate manager. 
• NOTE: <@UDEJ1F5SQ> this i think has a bug in pulumi (or I’m not using the API correctly)… using the Pulumi API to upload the certs generated by `easy-rsa`  does not work, gives a validation error. However the same thing works with using AWS CLI `aws acm import-certificate`
• then configure rest of the VPN with pulumi

I'm sorry you weren't able to get it working. If you can share more about the specific error you were getting, I can take a deeper look.

Thanks !! I will DM u the bash script I have as well as the pulumi config.. u should be able to configure a VPN with it.

as a side question, is there a way to export the VPN config with pulumi ?

this: <https://docs.aws.amazon.com/cli/latest/reference/ec2/export-client-vpn-client-configuration.html>

At quick glance it seems no, but based on the example output at <https://docs.aws.amazon.com/cli/latest/reference/ec2/export-client-vpn-client-configuration.html#examples>, I think you could construct this yourself. Looks like you need the `dnsName` output and couple other properties from the endpoint.

can i get the name of the endpoint configured ? e.g `cvpn-endpoint-123456789123abcde`

in general it would definitely be helpful to have more documentation or real world example with VPN.

happy to write a reference if need be :slightly_smiling_face: , since now we have a full fledged way that will be automated in next 2 weeks to create and configure a VPN using pulumi + `easy-rsa`  + `bash`

wondering if we should file a bug somewhere that we are not able to export the VPN config similar to above example ?