Hi. So I’m new to DevOps and I’m trying to set up pipelines for my company. My company’s backend requires a Forticlient VPN connection to be able to connect to the database to retrieve data. So I wanted to know if there were any guides that showed how to install it or not. The build needs to run on windows machine.
I’d recommend against having pipelines create vpn connections.
Typically I’d install agents within my private network that reach out to the Internet to pull deployment jobs. This is how azure devops agents, gitlab runners, and various other deployment systems work.
I used to build a VPN connection inside of my CICD pipeline with a hosted runner to the private organization. After that, I deployed my code by using FTP, to the remote VM.
Building a VPN Connection inside of your CICD would like something like this :
name: Create VPN connection
shell: pwsh
env:
USER: ${{ secrets.USER}}
SECRET: ${{ secrets.PASSWORD}}
run: |
Add-VpnConnection -Name “{{VPN_Connection_name}}” -ServerAddress “{{DNS or IP of your remote VPN server}}” -TunnelType “SSTP” -AllUserConnection -Force rasdial “{{VPN_Connection_name}}” “$env:USER” “$env:SECRET”
Hope this helps.
Not sure what pipelines you’re using, but you could use something like Enclave to get connectivity between your Devops pipelines and on-prem resources.
The Enclave agent can run on your internal Windows machine, and the Enclave GitHub action can run inside your CI/CD pipeline.
Enclave can build private network connectivity between the two without needing ingress traffic, and the connection only lives for as long as the pipeline is running.
Disclosure - founder @ enclave.io. We have a Slack channel which you’d be more than welcome to join if you wanted some advice. Enclave is also free for up to 10 systems so it might be just what you’re looking for and could happily co-exist alongside your existing Fortinet VPN (or replace that too, if you were so inclined).
Good luck!
I second this. Setting up vpn connections in a ci/cd pipeline feels like a recipe for disaster. Create custom runners, as said above. Pre-stage their configurations so you can call and manipulate them as the job runs.
So correct me if I’m wrong, but does this mean that if I set up an Azure DevOps agent, it can act as the VPN to connect to the company’s server?
Check out Private Hosted Agents.
It means that the pipeline can execute the tasks on a machine that sits side by side with your backend which are both behind the firewall. No VPN connection required.
Thanks. I looked into it and this seems like exactly what I need.