Onboard

VPN Configuration

Partial

Configure VPN access so Opulent can connect to your internal network

Opulent operates in its own VM sandbox and sometimes needs to access resources within your internal network (for example, an internal package registry, staging services, or self-hosted services). Like your team, Opulent can use a client VPN to connect to your internal network.

Note

Status: Partial. Connecting the sandbox to an internal network over a client VPN works today using the manual steps below, and you can bake the client and startup command into your environment snapshot so it applies to every session. A managed, org-wide VPN configuration in the dashboard is on the roadmap. Until then, treat VPN setup as per-snapshot configuration you maintain.

Prerequisites Checklist

Before setting up VPN access, verify the following:

  1. Public Access Verification

    • Confirm these services are not accessible via the public internet.
    • For cloud-hosted services (for example, GitLab Cloud Package Registry or JFrog Artifactory Cloud), an access token is typically sufficient.
  2. Authentication Method: Using a service account to authenticate is recommended. Credentials can be securely stored via Opulent's Secrets functionality.

Setting up OpenVPN

OpenVPN comes pre-installed in Opulent's sandbox. To configure:

  1. Upload your config.ovpn configuration file to Opulent's sandbox by dragging and dropping it into the Workbench IDE
VPN configuration interface in the Workbench IDE
  1. Set up OpenVPN as a system service by creating the file /etc/systemd/system/openvpn.service:
[Unit]
Description=OpenVPN Client Service
After=network.target

[Service]
ExecStart=/usr/sbin/openvpn --config /path/to/config.ovpn
Restart=always

[Install]
WantedBy=multi-user.target

Then reload systemd, enable and start the service.

sudo systemctl daemon-reload
sudo systemctl enable openvpn
sudo systemctl start openvpn

This ensures the VPN connection is managed by the system and automatically restarts if it fails.

Alternative VPN Clients

If your organization uses a different VPN solution:

Publicly Available VPN Clients

For clients like Fortinet that can be installed via a package manager:

FortiClient VPN installation
  1. Install the client during setup using the appropriate package manager commands:
    sudo apt install forticlient
    
  2. Configure the startup command to establish connection

Private VPN Clients

For clients like Palo Alto GlobalProtect that require a binary installation:

  1. Upload the client binary and certificate to Opulent's sandbox by dragging and dropping it into the Workbench IDE

  2. Install using:

    sudo dpkg -i /path/to/GlobalProtect_deb.deb
    
GlobalProtect VPN installation
  1. Configure the startup command:
    globalprotect import-certificate --location /path/to/cert
    
GlobalProtect certificate import