/github-openvpn-connect-action

GitHub Action for connecting to OpenVPN server.

Primary LanguageJavaScriptMIT LicenseMIT

github-openvpn-connect-action

GitHub Action for connecting to OpenVPN server.

Inputs

General Inputs

Name Description Required
config_file Location of OpenVPN client config file yes
echo_config Echo OpenVPN config file to the log no

Authentication Inputs

Supported authentication methods:

  • Username & password auth
  • Client certificate auth
  • Both of them
Name Description Required when
username Username Username-password auth
password Password Username-password auth
client_key Local peer's private key Client certificate auth
tls_auth_key Pre-shared group key for TLS Auth Optional
tls_crypt_key Pre-shared group key for TLS Crypt Optional
tls_crypt_v2_key Per-client key for TLS Crypt V2 Optional

Note: It is strongly recommended that you provide all credentials via encrypted secrets.

When providing TLS keys, you should provide only one of either tls_auth_key, tls_crypt_key or tls_crypt_v2_key. You can determine which by checking the value of your key and looking in the header line. See the docs for more info about TLS in OpenVPN

Usage

  • Create client configuration file based on the official sample. It is recommended to use inline certificates to include them directly in configuration file like this.
  • Usage in your workflow is like following:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Install OpenVPN
        run: |
          sudo apt update
          sudo apt install -y openvpn openvpn-systemd-resolved
      - name: Connect to VPN
        uses: "kota65535/github-openvpn-connect-action@v2"
        with:
          config_file: .github/workflows/client.ovpn
          username: ${{ secrets.OVPN_USERNAME }}
          password: ${{ secrets.OVPN_PASSWORD }}
          client_key: ${{ secrets.OVPN_CLIENT_KEY }}
          tls_auth_key: ${{ secrets.OVPN_TLS_AUTH_KEY }}
      - name: Build something
        run: ./gradlew clean build
      # The openvpn process is automatically terminated in post-action phase

License

MIT