This script is used to automatically update an AWS Route 53 zone as soon as a client connects to VPN. I needed this for a large number of IoT microcontroller boards (think Beagle board or Raspberry Pi). The devices would VPN into the network and I needed to access them based on their hostname.
This assumes you have a working OpenVPN server running. This script is called by OpenVPN's 'learn-address'. OpenVPN will pass 3 arguments like so:
[operation] [ip address] [common name]
update 192.168.1.5 vpn_client_hostname
I know that your package provider is probably giving an old version of Ruby (ex: 1.9), but it's fine. The script will still work. Using something like RVM is problematic.
apt-get install ruby
gem install aws-sdk
# Place your aws_config.yml and learn_address_route_53.rb in /etc/openvpn/
chmod +x /etc/openvpn/learn_address_route_53.rb
Edit learn_address_route_53.rb with your:
- Hosted Zone ID (
@zone_id
). You can get this info from the Route 53 web console. - Your domain name (
@domain
).
Add these 2 lines to the bottom of your OpenVPN server.conf:
script-security 3 system
learn-address /etc/openvpn/learn_address_route_53.rb
Make sure your openvpn server.conf is not set to user 'nobody:nobody'. It will have issues reading the learn_address script and aws_config file.
You can manually test the ruby script by running the following:
/etc/openvpn/learn_address_route_53.rb update 192.168.1.5 test-hostname
You can see that OpenVPN is successfully passing info to the learn script by checking the logs:
tail -f /var/log/syslog
Example of a successful 'learn-address'
Feb 9 20:01:15 vpn ovpn-server[15866]: jacob/73.x.x.x:7708 MULTI_sva: pool returned IPv4=172.18.0.6, IPv6=(Not enabled)
Feb 9 20:01:15 vpn ovpn-server[15866]: jacob/73.x.x.x:7708 MULTI: Learn: 172.18.0.6 -> jacob/73.x.x.x:7708
Feb 9 20:01:15 vpn ovpn-server[15866]: jacob/73.x.x.x:7708 MULTI: primary virtual IP for jacob/73.x.x.x:7708: 172.18.0.6
Special thanks goes to the following resources: