Today I was set the task of deploying one of our projects to a testing environment on the client’s premises.
The catch: the mentioned environment is only accessible via an openVPN connection.
As you may know Appveyor is an MS Windows based CI tool and thus the challenge I was facing was how to connect to an openVPN from a Windows based build worker.
The first challenge was to find a decent openVPN client to make the connection with.
After much searching the only viable option I could find was SecurePoint SSL VPN client.
The second challenge was to create an openVPN connection profile.
After installing the SecurePoint client I built an ovpn profile by basically just setting up my connection via the client, easy enough.
Then I went to the %appdata%\Securepoint SSL VPN folder, there I found a folder with the name of my VPN connection. The folder contained my ovpn profile file, the certificates- and my user key- files.
I copied this entire folder to my desktop.
The third challenge was to figure out how to silently install the SecurePoint Client on the build worker during the build process.
This proved to be an enormous amount of fun as the documentation for the SecurePoint VPN Client is, to a large extent, only available in German and my knowledge of German extends to ‘Ich bin outlander ich sprechen nicht deutsch’.
Anyway… after much head bashing and pulling in the help of a colleague whose mom speaks German (Thank you Stefan 😉 ) I was able to figure out how to accomplish the silent/unattended installation of the SecurePoint SSL VPN client.
- Download the exe installation file from here.
- Double click the exe installation file to start the installation process.
- At this point you will be asked to choose your language, German or English. DON’T CHOOSE A LANGAUGE!
- Instead open your temp folder via File Explorer by navigating to %TEMP%.
- In your temp folder you’ll find an MSI file named: SecurepointSSLVPN.msi, copy this file to your Desktop.
- Cancel out of the installation.
We need the msi file because the exe file can’t be installed silently. It ALWAYS asks you to select a language.
The msi file on the other hand can be made silent by using the /qb command line argument upon execution. i.e. SecurepointSSLVPN.msi /qb
The fourth challenge was to make the MSI installation file available to build worker.
For simplicity’s sake I just added the MSI file to the project repository. i.e. I created a folder in the project repository named SecurePointVPN and added the SecurepointSSLVPN.msi, thus when the repo is pulled down by the build worker the msi file is pulled down too.
I know this is dirty, but it is quick and it works…so sue me. 😉
The fifth challenge: firing off the SecurePoint client installation plus making the VPN connection.
So to bind everything together I created the following .bat script:
%VPN_SPVPN_INSTALLER_FOLDER_PATH%SecurepointSSLVPN.msi /qb "C:\Program Files (x86)\Securepoint SSL VPN\sslvpnclient.com -start %VPN_PROFILE_FILEPATH% -reconnect -silent -user %VPN_USERNAME% -pwd %VPN_PASSWORD%
NOTE: The ‘.com’ is not a mistype, the command line arguments must be passed to the .com file and not the .exe.
I named it
InitVPN.bat and it lives in the root of our project repository.
As you can gather by reading the script four environment variables must be set for the script to execute successfully. Hint: Appveyor Project-> Settings-> Environment-> Environment variables…
And finally I just added the InitVPN.bat command to
Install Script section of my Appveyor environment, which is powershell thus I added the following line to kick-off the InitVPN script:
cmd /c InitVPN.bat
Although it took some work to figure out, creating an openVPN connection for deployment via AppVeyor is not that difficult to achieve. After the connection has been established you can deploy as if you are on the local network, provided that you are deploying from your build worker and not from an Appveyor Deployment Environment because you do not have any control over them.
Furthermore I was rather impressed with how easy SecurePoint’s SSL VPN client is to use, via both a GUI and the command line.