├── .devcontainer
    ├── .gitignore
    ├── Dockerfile
    ├── devcontainer.json
    ├── save-config.sh
    └── start-openvpn.sh
├── .gitignore
├── LICENSE
└── README.md


/.devcontainer/.gitignore:
--------------------------------------------------------------------------------
1 | /openvpn-tmp
2 | 


--------------------------------------------------------------------------------
/.devcontainer/Dockerfile:
--------------------------------------------------------------------------------
 1 | # You can use any debian based image you want
 2 | FROM mcr.microsoft.com/vscode/devcontainers/base:0-bullseye
 3 | 
 4 | # Install openvpn client
 5 | RUN export DEBIAN_FRONTEND=noninteractive && apt-get update \
 6 |     && apt-get -y install --no-install-recommends openvpn \
 7 |     && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/library-scripts \
 8 |     #
 9 |     # Remove the OPENVPN_CONFIG variable since we don't neeed it after is written to a file 
10 |     && echo 'OPENVPN_CONFIG=""' >> /etc/environment \
11 |     && echo "unset OPENVPN_CONFIG" | tee -a /etc/bash.bashrc > /etc/profile.d/999-unset-openvpn-config.sh \
12 |     && if [ -d "/etc/zsh" ]; then echo "unset OPENVPN_CONFIG" >> /etc/zsh/zshenv; fi
13 | 


--------------------------------------------------------------------------------
/.devcontainer/devcontainer.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"name": "OpenVPN Sample",
 3 | 	"build": {
 4 | 		"dockerfile": "Dockerfile",
 5 | 	},
 6 | 
 7 | 	// Allow the container to interact with host networking
 8 | 	"runArgs": ["--cap-add=NET_ADMIN", "--cap-add=NET_RAW", "--device=/dev/net/tun"],
 9 | 
10 | 	// Save the contents of the OPENVPN_CONFIG secret to disk - it lands in .devcontainer/openvpn-tmp
11 | 	"initializeCommand": "bash .devcontainer/save-config.sh",
12 | 
13 | 	// [Optional] Once the dev container is running, automatically start up the VPN client
14 | 	"postStartCommand": "bash .devcontainer/start-openvpn.sh",
15 | 
16 | 	// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
17 | 	"remoteUser": "vscode"
18 | }
19 | 


--------------------------------------------------------------------------------
/.devcontainer/save-config.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | set -e
 3 | 
 4 | # Switch to the .devcontainer folder
 5 | cd "$( dirname "${BASH_SOURCE[0]}" )"
 6 | 
 7 | # Create a temporary directory
 8 | mkdir -p openvpn-tmp
 9 | cd openvpn-tmp
10 | 
11 | # Save the configuration from the secret if it is present
12 | if [ ! -z "${OPENVPN_CONFIG}" ]; then 
13 |     echo "${OPENVPN_CONFIG}" > vpnconfig.ovpn
14 | fi


--------------------------------------------------------------------------------
/.devcontainer/start-openvpn.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | set -e
 3 | 
 4 | # Switch to the .devcontainer folder
 5 | cd "$( dirname "${BASH_SOURCE[0]}" )"
 6 | 
 7 | # Create a temporary directory
 8 | mkdir -p openvpn-tmp
 9 | cd openvpn-tmp
10 | 
11 | # Touch file to make sure this user can read it
12 | touch openvpn.log
13 | 
14 | # If we are running as root, we do not need to use sudo
15 | sudo_cmd=""
16 | if [ "$(id -u)" != "0" ]; then
17 |     sudo_cmd="sudo"
18 | fi
19 | 
20 | # Start up the VPN client using the config stored in vpnconfig.ovpn by save-config.sh
21 | nohup ${sudo_cmd} /bin/sh -c "openvpn --config vpnconfig.ovpn --log openvpn.log &" | tee openvpn-launch.log


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | # Logs
  2 | logs
  3 | *.log
  4 | npm-debug.log*
  5 | yarn-debug.log*
  6 | yarn-error.log*
  7 | lerna-debug.log*
  8 | 
  9 | # Diagnostic reports (https://nodejs.org/api/report.html)
 10 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
 11 | 
 12 | # Runtime data
 13 | pids
 14 | *.pid
 15 | *.seed
 16 | *.pid.lock
 17 | 
 18 | # Directory for instrumented libs generated by jscoverage/JSCover
 19 | lib-cov
 20 | 
 21 | # Coverage directory used by tools like istanbul
 22 | coverage
 23 | *.lcov
 24 | 
 25 | # nyc test coverage
 26 | .nyc_output
 27 | 
 28 | # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
 29 | .grunt
 30 | 
 31 | # Bower dependency directory (https://bower.io/)
 32 | bower_components
 33 | 
 34 | # node-waf configuration
 35 | .lock-wscript
 36 | 
 37 | # Compiled binary addons (https://nodejs.org/api/addons.html)
 38 | build/Release
 39 | 
 40 | # Dependency directories
 41 | node_modules/
 42 | jspm_packages/
 43 | 
 44 | # TypeScript v1 declaration files
 45 | typings/
 46 | 
 47 | # TypeScript cache
 48 | *.tsbuildinfo
 49 | 
 50 | # Optional npm cache directory
 51 | .npm
 52 | 
 53 | # Optional eslint cache
 54 | .eslintcache
 55 | 
 56 | # Microbundle cache
 57 | .rpt2_cache/
 58 | .rts2_cache_cjs/
 59 | .rts2_cache_es/
 60 | .rts2_cache_umd/
 61 | 
 62 | # Optional REPL history
 63 | .node_repl_history
 64 | 
 65 | # Output of 'npm pack'
 66 | *.tgz
 67 | 
 68 | # Yarn Integrity file
 69 | .yarn-integrity
 70 | 
 71 | # dotenv environment variables file
 72 | .env
 73 | .env.test
 74 | 
 75 | # parcel-bundler cache (https://parceljs.org/)
 76 | .cache
 77 | 
 78 | # Next.js build output
 79 | .next
 80 | 
 81 | # Nuxt.js build / generate output
 82 | .nuxt
 83 | dist
 84 | 
 85 | # Gatsby files
 86 | .cache/
 87 | # Comment in the public line in if your project uses Gatsby and *not* Next.js
 88 | # https://nextjs.org/blog/next-9-1#public-directory-support
 89 | # public
 90 | 
 91 | # vuepress build output
 92 | .vuepress/dist
 93 | 
 94 | # Serverless directories
 95 | .serverless/
 96 | 
 97 | # FuseBox cache
 98 | .fusebox/
 99 | 
100 | # DynamoDB Local files
101 | .dynamodb/
102 | 
103 | # TernJS port file
104 | .tern-port
105 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2021 Chuck Lantz
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Using the OpenVPN client from GitHub Codespaces
 2 | 
 3 | GitHub Codespaces provides a useful environment for development that is separated from your local machine. This provides some nice security benifits due to the fact that the codespace has no direct route to your machine or the network it is sitting in. However, you may have a resource you need to access that is in a private network. This sample illustrates how to set up the OpenVPN (v2) client in a codespace to connect into a OpenVPN capable VPN gateway.
 4 | 
 5 | # Using the sample
 6 | 
 7 | 1. Your VPN admistrator should be able to provide you with an OpenVPN configuraion file. This particular sample is assuming you are using certificate based authentication to access the VPN. We'll call this file `vpnconfig.ovpn`.
 8 | 2. Work with your administrator to place any needed certificates or keys in the `vpnconfig.ovpn` file. You can tell if the certificates and keys are in the file by looking for the following:
 9 | 
10 |     ```
11 |     <ca>
12 |     -----BEGIN CERTIFICATE-----
13 |     uQltvbIPFv69jSPNotypuUQqRAyLC+gBTVDxN3zC3WPeKMR6vJTh0lxC6GPhkHC
14 |     ...
15 |     -----END CERTIFICATE-----
16 |     </ca>
17 | 
18 |     <cert>
19 |     -----BEGIN CERTIFICATE-----
20 |     uQltvbIPFv69jSPNotypuUQqRAyLC+gBTVDxN3zC3WPeKMR6vJTh0lxC6GPhkHC
21 |     ...
22 |     -----END CERTIFICATE-----
23 |     </cert>
24 | 
25 |     <key>
26 |     -----BEGIN CERTIFICATE-----
27 |     uQltvbIPFv69jSPNotypuUQqRAyLC+gBTVDxN3zC3WPeKMR6vJTh0lxC6GPhkHC
28 |     ...
29 |     -----END CERTIFICATE-----
30 |     </key>
31 | 
32 |     ```
33 |     
34 |     For example, see [here](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn-clients#linux) for information on setting up config file for a connection to an Azure VPN Gateway. You can skip the steps that install the client and use the GUI.
35 | 3. Create a Codespaces user secret called `OPENVPN_CONFIG` and place the contents of the file in it.
36 | 4. Assign this secret to either this repository or your own fork of it.
37 | 5. Create a codespace - after its started, you should be connected to your VPN. If you aren't you can manually run `.devcontainer/start-openvpn.sh` to try again and logs can be found in `.devcontainer/openvpn-tmp/openvpn.log`.
38 | 
39 | 
40 | 
41 | 


--------------------------------------------------------------------------------