How to set up a VPN connection during builds?

In case you need to connect to a private network during your builds (for example to deploy to an environment behind a VPN), we suggest you configure the VPN connection as follows:

OpenVPN

  • Base64-encode the OpenVPN client configuration file, and store it as an environment variable
  • If the VPN client authentication is credentials-based, you'll also need to add the username and password as environment variables.
  • Use the below sample configuration

version: 2.1
workflows:
  btd:
    jobs:
      - build
jobs:
  build:
    machine:
      image: ubuntu-1604:202004-01
    steps:
      - run:
          name: Install OpenVPN
          command: |
            sudo apt-get update
            sudo apt-get install openvpn -y
- run: name: Check IP before VPN connection command: | ifconfig route -n sudo netstat -anp cat /etc/resolv.conf curl checkip.amazonaws.com
- run: name: VPN Setup background: true command: | phone_home=$(netstat -an | grep ':22 .*ESTABLISHED' | head -n1 | awk '{ split($5, a, ":"); print a[1] }') echo $phone_home echo $VPN_CLIENT_CONFIG | base64 --decode > /tmp/config.ovpn printf "user\n$VPN_PASSWORD" > /tmp/vpn.login sudo openvpn --config /tmp/config.ovpn --auth-user-pass /tmp/vpn.login \ --route $phone_home 255.255.255.255 net_gateway \ --route 169.254.0.0 255.255.0.0 net_gateway
- run: name: Wait for the connection to be established command: sleep 30
- run: name: Check IP after VPN connection command: | ifconfig route -n sudo netstat -anp cat /etc/resolv.conf curl checkip.amazonaws.com - run: name: Run commands in our infrastructure command: | # A command # Another command

  - run:
name: Disconnect from OpenVPN
command: sudo killall openvpn || true
when: always

 

L2TP

To set up an L2TP VPN connection, we recommend referring to this guide.

We suggest storing VPN_SERVER_IPVPN_IPSEC_PSKVPN_USER and VPN_PASSWORD as environment variables. Ideally, you might want to base64-encode VPN_IPSEC_PSK before storing it; you'll need to decode it during the build.

To retrieve the default gateway IP address during the build, you can use either of the following:

  • default_gw_IP=$(netstat -r | grep default | awk '{ print $2 }')
  • default_gw_IP=$(ip route | grep default | awk '{ print $3 }')

 Note that you must use the machine executor.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.