Merge pull request #111 from mdr-engineering/feature/ftd_na_OpenVPNBetterOutbound

Grants a permissive egress rule to openvpn

base/openvpn/main.tf

@@ -204,6 +204,17 @@ resource "aws_security_group_rule" "openvpn-https-in" {
   security_group_id = aws_security_group.openvpn_security_group.id
 }
 
+resource "aws_security_group_rule" "openvpn-permissive-out" {
+  # We allow all outbound for openvpn
+  type              = "egress"
+  from_port         = -1
+  to_port           = -1
+  protocol          = "all"
+  cidr_blocks       = [ "10.0.0.0/8" ]
+  security_group_id = aws_security_group.openvpn_security_group.id
+}
+
+# We have specific egress rules, as well, but the list may be incomplete.
 resource "aws_security_group_rule" "openvpn-splunk-out" {
   type              = "egress"
   from_port         = 8000