skills/bagelhole/devops-security-agent-skills/vpn-setup

vpn-setup

SKILL.md

VPN Setup

Configure secure VPN tunnels for remote access and site connectivity.

WireGuard

# Generate keys
wg genkey | tee privatekey | wg pubkey > publickey

# Server config (/etc/wireguard/wg0.conf)
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server-private-key>

[Peer]
PublicKey = <client-public-key>
AllowedIPs = 10.0.0.2/32

# Enable
wg-quick up wg0
systemctl enable wg-quick@wg0

OpenVPN

# Install
apt install openvpn easy-rsa

# Generate certificates
cd /etc/openvpn/easy-rsa
./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh

AWS Site-to-Site VPN

aws ec2 create-vpn-gateway --type ipsec.1
aws ec2 create-customer-gateway \
  --type ipsec.1 \
  --bgp-asn 65000 \
  --public-ip <on-prem-ip>
aws ec2 create-vpn-connection \
  --type ipsec.1 \
  --customer-gateway-id cgw-xxx \
  --vpn-gateway-id vgw-xxx

Best Practices

Use WireGuard for modern deployments
Implement MFA for VPN access
Regular key rotation
Monitor VPN connections
Segment VPN access by role

Related Skills

zero-trust - Modern access patterns
ssl-tls-management - Certificate management

Weekly Installs

22

Repository

bagelhole/devop…t-skills

GitHub Stars

13

First Seen

Feb 4, 2026

Security Audits

Gen Agent Trust HubPass

Installed on

opencode22

codex22

github-copilot21

kimi-cli21

gemini-cli21

amp21