Cloud Experts Documentation

Setup a VPN Connection into an ARO Cluster with OpenVPN

Last edited
Published
Authors
Kevin Collins, 
Ricardo Martins
Tags: ARO Azure

This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.

When you configure an Azure Red Hat OpenShift (ARO) cluster with a private only configuration, you will need connectivity to this private network in order to access your cluster. This guide will show you how to configute a point-to-site VPN connection so you won’t need to setup and configure Jump Boxes.

Prerequisites

  • a private ARO Cluster
  • git
  • openssl

Create certificates to use for your VPN Connection

There are many ways and methods to create certificates for VPN, the guide below is one of the ways that works well. Note, that whatever method you use, make sure it supports “X509v3 Extended Key Usage”.

  1. Clone OpenVPN/easy-rsa

  2. Change to the easyrsa directory

  3. Initialize the PKI

  4. Edit certificate parameters

    Copy the sample values file

    Uncomment and edit the copied template with your values

    Uncomment (remove the #) the folowing field

  5. Create the CA:

  6. Generate the Server Certificate and Key

  7. Generate Diffie-Hellman (DH) parameters

  8. Generate client credentials

  9. Set environment variables for the CA certificate you just created.

Set Envrionment Variables

Create an Azure Virtual Network Gateway

  1. Request a public IP Address

  2. Create a Gateway Subnet

  3. Create a virtual network gateway

go grab a coffee, this takes about 15 - 20 minutes

Configure your OpenVPN Client

  1. Retrieve the VPN Settings

    From the Azure Portal - navigate to your Virtual Network Gateway, point to site configuration, and then click Download VPN Client. screenshot of download VPN client This will download a zip file containing the VPN Client

  2. Create a VPN Client Configuration

    Uncompress the file you downloaded in the previous step and edit the OpenVPN\vpnconfig.ovpn file.

    Note: The next two commands assume you are still in the easyrsa3 directory.

    In the vpnconfig.ovpn replace the $CLIENTCERTIFICATE line with the entire contents of:

    Make sure to copy the —–BEGIN CERTIFICATE—– and the —–END CERTIFICATE—– lines.

    also replace $PRIVATEKEY line with the output of:

    Make sure to copy the —–BEGIN PRIVATE KEY—– and the —–END PRIVATE KEY—– lines.

  3. add the new OpenVPN configuration file to your OpenVPN client.

    mac users - just double click on the vpnserver.ovpn file and it will be automatically imported.

  4. Connect your VPN.

    screenshot of Vpn Connected

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

GitHub Edit this page
Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now © 2023 Red Hat, Inc.