1. CircleCI Support Center
  2. Using CircleCI
  3. General

How to set up a VPN connection during builds?

Avatar
Yann

In case you need to connect to a private network during your builds (for example to deploy to an environment behind a VPN), we suggest you configure the VPN connection as follows:

OpenVPN

L2TP

OpenVPN

  • Base64-encode the OpenVPN client configuration file, and store it as an environment variable
  • If the VPN client authentication is credentials-based, you'll also need to add the username and password as environment variables.
  • Use the below sample configuration

version: 2.1
workflows:
  btd:
    jobs:
      - build
jobs:
  build:
    machine:
      image: ubuntu-1604:202004-01
    steps:
      - run:
          name: Install OpenVPN
          command: |
            sudo apt-get update
            sudo apt-get install openvpn -y

      - run:
          name: Check IP before VPN connection
          command: |
            ifconfig
            route -n
            sudo netstat -anp
            cat /etc/resolv.conf
            curl checkip.amazonaws.com

      - run:
          name: VPN Setup
          background: true
          command: |
            phone_home=$(netstat -an | grep ':22 .*ESTABLISHED' | head -n1 | awk '{ split($5, a, ":"); print a[1] }')
            # phone_home=$(netstat -an | grep '\.2222\s.*ESTABLISHED' | head -n1 | awk '{ split($5, a, "."); print a[1] "." a[2] "." a[3] "." a[4] }') # if you use macOS executor, you can uncomment this line, and comment the above line
            echo $phone_home

            echo $VPN_CLIENT_CONFIG | base64 --decode > /tmp/config.ovpn
            printf "user\n$VPN_PASSWORD" > /tmp/vpn.login
            sudo openvpn --config /tmp/config.ovpn --auth-user-pass /tmp/vpn.login \
              --route $phone_home 255.255.255.255 net_gateway \
              --route 169.254.0.0 255.255.0.0 net_gateway

      - run:
          name: Wait for the connection to be established
          command: sleep 30

      - run:
          name: Check IP after VPN connection
          command: |
            ifconfig
            route -n
            sudo netstat -anp
            cat /etc/resolv.conf
            curl checkip.amazonaws.com

      - run:
          name: Run commands in our infrastructure
          command: |
            # A command
            # Another command

      - run:
          name: Disconnect from OpenVPN
          command: sudo killall openvpn || true
          when: always

 

L2TP

To set up an L2TP VPN connection, we recommend referring to this guide.

We suggest storing VPN_SERVER_IPVPN_IPSEC_PSKVPN_USER and VPN_PASSWORD as environment variables. Ideally, you might want to base64-encode VPN_IPSEC_PSK before storing it; you'll need to decode it during the build.

To retrieve the default gateway IP address during the build, you can use either of the following:

  • default_gw_IP=$(netstat -r | grep default | awk '{ print $2 }')
  • default_gw_IP=$(ip route | grep default | awk '{ print $3 }')

 Note that you must use the machine or macOS executor.

Was this article helpful?
5 out of 6 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section

See more