Add external servers to vpn

  1. In the Fedora Infra Ansible repo edit the file roles/batcave/files/allows. Under the correct section add require ip <server_ip>

  2. When this change is pushed run the batcave ansible playbook on the batcave. You will need sysadmin-main access for this

  3. Create openvpn certificates for the new server. This requires sysadmin main access

  4. How to generate private key and certificate for OpenVPN client

  5. In the dns repo on batcave edit the file master/168.192.in-addr.arpa Add the new host to one of the unused adresses. Ensure the hostname ends in .vpn.fedoraproject.org. Don’t forget to update the serial before saving.

  6. Also edit the master/vpn.fedoraproject.org file to add the server with the new 192.168.. address created in the previous step to the required section Don’t forget to update the serial before saving.

  7. When the above edits are done follow the instructions in the DNS sysadmin sop about signing and pushing new dns chnages.

  8. DNS repository for fedoraproject

  9. Finally in the Fedora Infra Ansible repo add a new file roles/openvpn/server/files/ccd/<server_name> with the new 192.168.. address. View one of the existing files in the repo for a sample of formatting. This change will be run when the server is provisioned.

Want to help? Learn how to contribute to Fedora Docs