Appveyor: Connect to an openVPN for deployment using SecurePoint SSL VPN

Today I was set the task of deploying one of our projects to a testing environment on the client’s premises.

The catch: the mentioned environment is only accessible via an openVPN connection.

As you may know Appveyor is an MS Windows based CI tool and thus the challenge I was facing was how to connect to an openVPN from a Windows based build worker.

The first challenge was to find a decent openVPN client to make the connection with.

After much searching the only viable option I could find was SecurePoint SSL VPN client.

The second challenge was to create an openVPN connection profile.

After installing the SecurePoint client I built an ovpn profile by basically just setting up my connection via the client, easy enough.

Then I went to the %appdata%\Securepoint SSL VPN folder, there I found a folder with the name of my VPN connection. The folder contained my ovpn profile file, the certificates- and my user key- files.
I copied this entire folder to my desktop.

The third challenge was to figure out how to silently install the SecurePoint Client on the build worker during the build process.

This proved to be an enormous amount of fun as the documentation for the SecurePoint VPN Client is, to a large extent, only available in German and my knowledge of German extends to ‘Ich bin outlander ich sprechen nicht deutsch’.

Anyway… after much head bashing and pulling in the help of a colleague whose mom speaks German (Thank you Stefan 😉 ) I was able to figure out how to accomplish the silent/unattended installation of the SecurePoint SSL VPN client.

  1. Download the exe installation file from here.
  2. Double click the exe installation file to start the installation process.
  3. At this point you will be asked to choose your language, German or English. DON’T CHOOSE A LANGAUGE!
  4. Instead open your temp folder via File Explorer by navigating to %TEMP%.
  5. In your temp folder you’ll find an MSI file named: SecurepointSSLVPN.msi, copy this file to your Desktop.
  6. Cancel out of the installation.

We need the msi file because the exe file can’t be installed silently. It ALWAYS asks you to select a language.
The msi file on the other hand can be made silent by using the /qb command line argument upon execution. i.e. SecurepointSSLVPN.msi /qb

The fourth challenge was to make the MSI installation file available to build worker.

For simplicity’s sake I just added the MSI file to the project repository. i.e. I created a folder in the project repository named SecurePointVPN and added the SecurepointSSLVPN.msi, thus when the repo is pulled down by the build worker the msi file is pulled down too.

I know this is dirty, but it is quick and it works…so sue me. 😉

The fifth challenge: firing off the SecurePoint client installation plus making the VPN connection.

So to bind everything together I created the following .bat script:


%VPN_SPVPN_INSTALLER_FOLDER_PATH%SecurepointSSLVPN.msi /qb

"C:\Program Files (x86)\Securepoint SSL VPN\sslvpnclient.com -start %VPN_PROFILE_FILEPATH% -reconnect -silent -user %VPN_USERNAME% -pwd %VPN_PASSWORD%

NOTE: The ‘.com’ is not a mistype, the command line arguments must be passed to the .com file and not the .exe.

I named it InitVPN.bat and it lives in the root of our project repository.

As you can gather by reading the script four environment variables must be set for the script to execute successfully. Hint: Appveyor Project-> Settings-> Environment-> Environment variables…

And finally I just added the InitVPN.bat command to Install Script section of my Appveyor environment, which is powershell thus I added the following line to kick-off the InitVPN script:


cmd /c InitVPN.bat

Conclusion

Although it took some work to figure out, creating an openVPN connection for deployment via AppVeyor is not that difficult to achieve. After the connection has been established you can deploy as if you are on the local network, provided that you are deploying from your build worker and not from an Appveyor Deployment Environment because you do not have any control over them.

Furthermore I was rather impressed with how easy SecurePoint’s SSL VPN client is to use, via both a GUI and the command line.

2 thoughts on “Appveyor: Connect to an openVPN for deployment using SecurePoint SSL VPN

  1. Oliver says:

    Hi, thanks for this article. So I know it should somehow be possible to start a connection via cmd. Could you tell me which version you used? And where you found this german documentation?
    I try to configure something similiar to your setting and struggeling with errors like “unknow command”…

    Like

    • Hi Oliver.

      I just went through the steps again tonight.
      The “SecurepointSSLVPN.msi /qb” still works. (i.e. silently installs the securepoint client)

      I did notice on the current version of the .exe installer “openvpn-client-installer-2.0.18.exe” you have to select the language, and click OK, before the .msi is unpacked to your %temp% directory.

      Concerning your question about the version I used when I wrote the post… I can’t remember but looking at the release dates of the SecurePoint installers I believe it was this one – “SSLVPNClient-v2.0.16..exe”.

      Hope this helps.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s