In case you need to connect to a private network during your builds (for example to deploy to an environment behind a VPN), we suggest you configure the VPN connection as follows:
OpenVPN
L2TP
OpenVPN
- Base64-encode the OpenVPN client configuration file, and store it as an environment variable
- If the VPN client authentication is credentials-based, you'll also need to add the username and password as environment variables.
- Use the below sample configuration
version: 2.1 workflows: btd: jobs: - build jobs: build: machine: image: ubuntu-1604:202004-01 steps: - run: name: Install OpenVPN command: | sudo apt-get update sudo apt-get install openvpn -y
- run: name: Check IP before VPN connection command: | ifconfig route -n sudo netstat -anp cat /etc/resolv.conf curl checkip.amazonaws.com
- run: name: VPN Setup background: true command: | phone_home=$(netstat -an | grep ':22 .*ESTABLISHED' | head -n1 | awk '{ split($5, a, ":"); print a[1] }') # phone_home=$(netstat -an | grep '\.2222\s.*ESTABLISHED' | head -n1 | awk '{ split($5, a, "."); print a[1] "." a[2] "." a[3] "." a[4] }') # if you use macOS executor, you can uncomment this line, and comment the above line echo $phone_home echo $VPN_CLIENT_CONFIG | base64 --decode > /tmp/config.ovpn printf "user\n$VPN_PASSWORD" > /tmp/vpn.login sudo openvpn --config /tmp/config.ovpn --auth-user-pass /tmp/vpn.login \ --route $phone_home 255.255.255.255 net_gateway \ --route 169.254.0.0 255.255.0.0 net_gateway
- run: name: Wait for the connection to be established command: sleep 30
- run: name: Check IP after VPN connection command: | ifconfig route -n sudo netstat -anp cat /etc/resolv.conf curl checkip.amazonaws.com - run: name: Run commands in our infrastructure command: | # A command # Another command
- run:
name: Disconnect from OpenVPN
command: sudo killall openvpn || true
when: always
L2TP
To set up an L2TP VPN connection, we recommend referring to this guide.
We suggest storing VPN_SERVER_IP
, VPN_IPSEC_PSK
, VPN_USER
and VPN_PASSWORD
as environment variables. Ideally, you might want to base64-encode VPN_IPSEC_PSK
before storing it; you'll need to decode it during the build.
To retrieve the default gateway IP address during the build, you can use either of the following:
default_gw_IP=$(netstat -r | grep default | awk '{ print $2 }')
default_gw_IP=$(ip route | grep default | awk '{ print $3 }')
Note that you must use the machine
or macOS
executor.
Comments
Article is closed for comments.