VPN Configuration
Configure VPN access so Opulent can connect to your internal network
Opulent operates in its own VM sandbox and sometimes needs to access resources within your internal network (for example, an internal package registry, staging services, or self-hosted services). Like your team, Opulent can use a client VPN to connect to your internal network.
Status: Partial. Connecting the sandbox to an internal network over a client VPN works today using the manual steps below, and you can bake the client and startup command into your environment snapshot so it applies to every session. A managed, org-wide VPN configuration in the dashboard is on the roadmap. Until then, treat VPN setup as per-snapshot configuration you maintain.
Prerequisites Checklist
Before setting up VPN access, verify the following:
Public Access Verification
- Confirm these services are not accessible via the public internet.
- For cloud-hosted services (for example, GitLab Cloud Package Registry or JFrog Artifactory Cloud), an access token is typically sufficient.
Authentication Method: Using a service account to authenticate is recommended. Credentials can be securely stored via Opulent's Secrets functionality.
Setting up OpenVPN
OpenVPN comes pre-installed in Opulent's sandbox. To configure:
- Upload your
config.ovpnconfiguration file to Opulent's sandbox by dragging and dropping it into the Workbench IDE
- Set up OpenVPN as a system service by creating the file
/etc/systemd/system/openvpn.service:
[Unit]
Description=OpenVPN Client Service
After=network.target
[Service]
ExecStart=/usr/sbin/openvpn --config /path/to/config.ovpn
Restart=always
[Install]
WantedBy=multi-user.target
Then reload systemd, enable and start the service.
sudo systemctl daemon-reload
sudo systemctl enable openvpn
sudo systemctl start openvpn
This ensures the VPN connection is managed by the system and automatically restarts if it fails.
Alternative VPN Clients
If your organization uses a different VPN solution:
Publicly Available VPN Clients
For clients like Fortinet that can be installed via a package manager:
- Install the client during setup using the appropriate package manager commands:
sudo apt install forticlient - Configure the startup command to establish connection
Private VPN Clients
For clients like Palo Alto GlobalProtect that require a binary installation:
Upload the client binary and certificate to Opulent's sandbox by dragging and dropping it into the Workbench IDE
Install using:
sudo dpkg -i /path/to/GlobalProtect_deb.deb
- Configure the startup command:
globalprotect import-certificate --location /path/to/cert