File tree 2 files changed +25
-2
lines changed
2 files changed +25
-2
lines changed Original file line number Diff line number Diff line change @@ -53,6 +53,7 @@ No modules.
5353| [ google_compute_address.default] ( https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_address ) | resource |
5454| [ google_compute_disk.this] ( https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_disk ) | resource |
5555| [ google_compute_firewall.allow-external-ssh] ( https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall ) | resource |
56+ | [ google_compute_firewall.allow-openvpn-udp-port] ( https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall ) | resource |
5657| [ google_compute_instance_from_template.this] ( https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance_from_template ) | resource |
5758| [ google_compute_instance_template.tpl] ( https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance_template ) | resource |
5859| [ local_sensitive_file.private_key] ( https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file ) | resource |
Original file line number Diff line number Diff line change @@ -5,8 +5,10 @@ locals {
55 metadata = merge (var. metadata , {
66 sshKeys = " ${ var . remote_user } :${ tls_private_key . ssh-key . public_key_openssh } "
77 })
8- ssh_tag = " allow-ssh"
9- tags = toset (concat (var. tags , local. ssh_tag ))
8+ ssh_tag = " allow-ssh"
9+ openvpn_tag = " openvpn-${ var . name } "
10+ tags = toset (concat (var. tags , local. ssh_tag , local. openvpn_tag ))
11+
1012 output_folder = . output_dir
1113 private_key_file = " private-key.pem"
1214 # adding the null_resource to prevent evaluating this until the openvpn_update_users has executed
@@ -31,6 +33,26 @@ resource "google_compute_firewall" "allow-external-ssh" {
3133 target_tags = . ssh_tag
3234}
3335
36+ resource "google_compute_firewall" "allow-openvpn-udp-port" {
37+ name = " openvpn-${ var . name } -allow"
38+ network = . network
39+ description = " Creates firewall rule targeting the openvpn instance"
40+
41+ allow {
42+ protocol = " tcp"
43+ ports = " 1194"
44+ }
45+
46+ allow {
47+ protocol = " udp"
48+ ports = " 1194"
49+ }
50+
51+ source_ranges = " 0.0.0.0/0"
52+ target_tags = . openvpn_tag
53+ }
54+
55+
3456resource "google_compute_address" "default" {
3557 name = " openvpn-${ var . name } -global-ip"
3658 region = . region
You can’t perform that action at this time.
0 commit comments