terraform.tfvars
os_user = "foo" psk = "pass1234" fritzbox_wan_ip = "1.2.3.4" fritzbox_cidr = "192.168.178.0/24"
terraform.tf
variable "os_user" { type = string } variable "psk" { type = string } variable "fritzbox_wan_ip" { type = string } variable "fritzbox_cidr" { type = string } data "openstack_networking_network_v2" "networking_network_1" { name = "${var.os_user}-net" } data "openstack_networking_subnet_v2" "networking_subnet_1" { name = "${var.os_user}-subnet" network_id = data.openstack_networking_network_v2.networking_network_1.id } data "openstack_networking_router_v2" "router_1" { name = "${var.os_user}-router" } resource "openstack_vpnaas_ike_policy_v2" "vpnaas_ike_policy_1" { name = "${var.os_user}-ike-aes256-sha512" encryption_algorithm = "aes-256" auth_algorithm = "sha512" pfs = "group2" } resource "openstack_vpnaas_ipsec_policy_v2" "vpnaas_ipsec_policy_1" { name = "${var.os_user}-ipsec-aes256-sha512" encryption_algorithm = "aes-256" auth_algorithm = "sha512" pfs = "group2" } resource "openstack_vpnaas_service_v2" "vpnaas_service_1" { name = "${var.os_user}-vpn-service1" router_id = data.openstack_networking_router_v2.router_1.id } resource "openstack_vpnaas_endpoint_group_v2" "vpnaas_endpoint_group_subnet_1" { name = "${var.os_user}-vpn-ep-subnet" type = "subnet" endpoints = toset([data.openstack_networking_subnet_v2.networking_subnet_1.id]) } resource "openstack_vpnaas_endpoint_group_v2" "vpnaas_endpoint_group_cidr_1" { name = "${var.os_user}-vpn-ep-cidr" type = "cidr" endpoints = toset([var.fritzbox_cidr]) } resource "openstack_vpnaas_site_connection_v2" "vpnaas_site_connection" { name = "${var.os_user}-vpn-conn1" ikepolicy_id = openstack_vpnaas_ike_policy_v2.vpnaas_ike_policy_1.id ipsecpolicy_id = openstack_vpnaas_ipsec_policy_v2.vpnaas_ipsec_policy_1.id vpnservice_id = openstack_vpnaas_service_v2.vpnaas_service_1.id psk = var.psk peer_address = var.fritzbox_wan_ip peer_id = var.fritzbox_wan_ip local_ep_group_id = openstack_vpnaas_endpoint_group_v2.vpnaas_endpoint_group_subnet_1.id peer_ep_group_id = openstack_vpnaas_endpoint_group_v2.vpnaas_endpoint_group_cidr_1.id } data "openstack_networking_secgroup_v2" "networking_secgroup_1" { name = "${var.os_user}-sec" } resource "openstack_networking_secgroup_rule_v2" "networking_secgroup_rule_1" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 22 port_range_max = 22 remote_ip_prefix = var.fritzbox_cidr security_group_id = data.openstack_networking_secgroup_v2.networking_secgroup_1.id } output "vpnaas_service_external_v4_ip" { value = openstack_vpnaas_service_v2.vpnaas_service_1.external_v4_ip }
Configure connnection
terraform 0.13upgrade -yes . terraform init terraform plan terraform apply -auto-approve
Fix / import already existing security group rule
SECURITY_GROUP_ROLE_ID=$(openstack security group rule list --ethertype ingress --protocol tcp -f json | jq -r '.[] | select(."IP Range" == "192.168.178.0/24") .ID') openstack_networking_secgroup_rule_v2.networking_secgroup_rule_1 ${SECURITY_GROUP_ROLE_ID}
Links
https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/vpnaas_site_connection_v2
https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_secgroup_rule_v2