Please include anything you think is relevant to us building this feature. Please don't include any specific network details. We don't need those here. :)
So far I've only had one response to the survey, despite 30+ people watching this ticket. So a quick reminder: please let me know what your team needs for VPN connectivity, so we can schedule this feature and build it in a way that suits your needs. It will only take 2-3 mins to fill out.
When this is implemented it'd be nice to have (at the very least) the following traffic routed through the VPN connection:
Settings -> SSH Keys -> "Fetch"
Expected Behavior: When fetching the key, it should do so through the VPN so that the connection can be established.
Current Behavior: I can not fetch key from a server that requires a specific IP (VPN) to establish a connection.
The yml file should either have multiple settings (vpn host, user, pass, dir) or a single setting that selects from a list (managed in the settings, similar to environment variables/known hosts/etc).
In all builds with this configured, it should route all traffic through the VPN connection automatically without having to install and configure things like openconnect as part of the build process.
Idea: Provide your own, preconfigured, docker images that have everything set up to allow this functionality?
Current Behavior: Requires that you install and configure your VPN connection during each build and seems to complicate the build process.
I'm still trying to get this to even work at all using openconnect and basing it off of @Marco_Pfeifer's answer above. In my case, it seems like it's connected but "git ftp init" times out trying to establish the connection, just like I see on my own machine if I'm not connected to the VPN when I try to SSH in.
...its 2018 any update in the topic?
Any updates to this topic?
Any updates ?
Also putting my +1 in to have this available
I'm also interested in seeing this added as a feature.
Is there any word on the progress of this? I am in a similar situation.
+1 Now that were doing CI/CD (trying to) might have to consider github or codeCommit. Can’t build/deploy without vpn access.
@Robert, there’s workarounds for the time being by using openconnect to connect to the vpn and proxying the build traffic through to it. See Marco and my own examples above. It was tedious figuring out the first time, but once its working, it works and that’s it. It just sits there and you never need to worry about it again unless your build process needs to change.
But that’s if you don’t want to have to move off the Atlassian platform and you already have all your stuff on it. Otherwise, certainly shop around.
@Luke Jacobs , thanks for replying. I’d love to keep using Bitbucket pipelines. It’s a much easier system to to use and to teach others to use. I’ve tried yours and Marco’s connection and a combination of the two. I get the same error every time. I don’t often deal with VPN connectivity stuff. I just use a config file in a GUI and I’m off to the races.
The error I receive is:
XML response has no "auth" node
Failed to obtain WebVPN cookie
The connection appears to do the following.:
Connect to <ip>/__session_start__/ and receive a Cookie
It gets a HTTP 200 and receives the HTML of the login page (http dump flag shows this).
It’s getting past the SSL handshake thus reaching the server. Yet, always the same error. I’ve been experimenting in docker and tried openconnect 7.x (ubuntu:18.04) and 6.x (debian:8) while trying to get a working connection. From what I see, the server is giving the CLI a web page as a response. In the second step (above) I wonder if it’s even sending the cookie back in it’s second request in order to maintain the connection.
Anyway, that’s what I’m dealing with. If you have any other suggestions I’d be glad to hear them.