Open alekw opened 3 years ago
DimitriPapadopoulos
commented
3 years ago Perhaps pppd is not configured as expected. You could start by retrieving /etc/ppp in the GitHub Ubuntu 18.04 or 20.04 environment and comparing it to what you see on your own machine.
DimitriPapadopoulos
commented
3 years ago Also retrieve the pppd log (option --pppd-log).
cesarvargas00
commented
3 years ago @alekw did you get this to work? Anyone has any plans to creating a GitHub action for this? I'll pay 50 $ for it :)
alekw
commented
3 years ago No I didn't, but I haven't tried extensively. I started to doubt that github will allow to change ppp settings in their VMs due to security issues.
DimitriPapadopoulos
commented
3 years ago @alekw and @cesarvargas00, you could perhaps give OpenConnect a try. Support for FortiNet has been added very recently, so you will have to compile the latest sources. OpenConnect embarks its own PPP code instead of forking pppd, this will definitely help here. On the other hand, OpenConnect might not yet support all the openfortivpn options. In the latter case, do not hesitate to open a bug report against OpenConnect.
Please drop a message to tell us how it worked.
galah92
commented
1 year ago Interested in this as well.
donalffons
commented
1 year ago For anyone interested in this: Based on @DimitriPapadopoulos suggestion, here is a Github action, that builds OpenConnect from source and successfully connects to our VPN using the fortinet protocol.
# .github/workflows/vpn.yml
name: Can I use openconnect / fortinet on Github Actions?
on: push
jobs:
openconnect:
name: Build, install and run openconnect / fortinet
runs-on: ubuntu-latest
steps:
- name: Setup build environment
run: |
sudo apt update && sudo apt install -y git autotools-dev automake libtool pkg-config m4 gettext openssl libssl-dev libxml2-dev vpnc-scripts
- name: Build OpenConnect from source
run: |
git clone https://gitlab.com/openconnect/openconnect.git
cd openconnect
git checkout v9.01
./autogen.sh
./version.sh version.c
./configure
make -j$(nproc)
sudo make install
sudo ldconfig
- name: Connect to VPN
run: |
echo "${{ secrets.VPN_PWD }}" | sudo openconnect -u ${{ secrets.VPN_USER }} --passwd-on-stdin --protocol=fortinet ${{ secrets.VPN_HOST }}:${{ secrets.VPN_PORT }} --servercert ${{ secrets.VPN_SERVERCERT }} &
- name: Test if connected to VPN
run: |
ping -c4 ${{ secrets.SERVER_HOST_INSIDE_VPN }}
campsjos
commented
1 year ago Here's my version of the @donalffons action, installing openconnect from apt instead of building it from source:
deploy:
needs: build
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Install openconnect ppa
run: sudo add-apt-repository ppa:dwmw2/openconnect -y && sudo apt update
- name: Install openconnect
run: sudo apt install -y openconnect
- name: Connect to VPN
run: |
echo "${{ secrets.VPN_PWD }}" | sudo openconnect -u ${{ secrets.VPN_USER }} --passwd-on-stdin --protocol=fortinet ${{ secrets.VPN_HOST }}:${{ secrets.VPN_PORT }} --servercert ${{ secrets.VPN_SERVERCERT }} --background
- name: Test if connected to VPN
run: |
ping -c4 ${{ secrets.SERVER_HOST_INSIDE_VPN }}
landlight
commented
1 year ago @campsjos @donalffons I am having a problem because I am not providing a --servercert, is there a way that i can connect to without providing it?
campsjos
commented
1 year ago Hi @landlight,
Just run the Action, that will throw an error. In the error itself you'll see the servercert that you should add:
eliezercazarestravelport
commented
1 year ago Hi @landlight, Just run the Action, that will throw an error. In the error itself you'll see the
servercertthat you should add:
Carlos, that's great stuff there. Thanks for sharing!
I am trying to get it running but having issues with the password.
This is the console output in Actions:
Run echo "***" | sudo openconnect -u myUserName --passwd-on-stdin --protocol=anyconnect https://subdomain.someAnyConnectVPN.com/ --background
echo "***" it's actually a secret, this is the yaml: ` run: | echo "${{ secrets.VPN_PASSWORD }}" | sudo openconnect -u myUserName --passwd-on-stdin --protocol=anyconnect https://subdomain.someAnyConnectVPN.com --background
`
But it fails like this:
Do you think it's because I am not setting "servercert" ? I am not sure, I think no but tbh, I am new to Github Actions.
Hello, I am trying to use openfortivpn to connect to fortinet VPN while deploying application with Github Actions. On my machine ubuntu 20.04 command executes sucessfully:
While on github actions, ubuntu 20.04 `WARN: You should not pass the password on the command line. Type it interactively or use a config file instead.
I have tried -v options, and what I got there is `DEBUG: Got Address: 10.7.2.2
Anyone has tried such use case?