+* initialize CA for environment
+
+ env="myAwsibleEnvironment"
+ region="us-east-1"
+
+ curl -fOL https://github.com/OpenVPN/easy-rsa/releases/download/3.0.1/EasyRSA-3.0.1.tgz
+ mkdir "${env}_ca"
+ tar -C "${env}_ca" --strip-components 1 -x -f EasyRSA-3.0.1.tgz
+
+ pushd "${env}_ca"
+ # create CA cert
+ ./easyrsa init-pki
+ ./easyrsa build-ca
+ cn: ${env}
+
+ # create openVPN region server cert
+ ./easyrsa build-server-full ${region}.${env} nopass
+
+ # create CRL
+ ./easyrsa gen-crl
+
+ pushd "pki"
+ openvpn --genkey --secret ta.key
+ popd
+ popd
+
+* generate ansible variables for VPN
+
+ ./generate-ansible-vpcaccess-vars.sh ${env} ${region}
+