Connect to secured networks via VPN

Virtual private networks (VPNs) are a popular way to secure communication to and from restricted networks. Per default most internal company networks are secured with a firewall that prevents all incoming and sometimes outgoing traffic through public internet connections, a VPN tunnel offers a convenient way to still enable communication with the outside world. All traffic running through a VPN is encrypted between the end device and the origin and runs through so-called tunnels. Codesphere provides a convenient way to configure such a VPN connection from your workspaces to any of your company’s internal networks. Currently supported network configurations are Palo Alto Network firewall encryption standards, if additional standards are needed feel free to reach out.

This enables your applications to work with for example restricted on-premise databases, internal APIs and more.

Working with private networks in Codesphere

In Codesphere VPN connection are defined on a team level and can then be associated to any number of workspaces in that team. To set up such a connection head to VPNs in the main navigation (available to team admins).

Click the create VPN button to open the configuration modal. You will need the following items to open a connection:

  1. A unique name for this connection
  2. Pre-shared key (your networking team can configure these on a firewall level)
  3. Lifetime values for connection attempts
  4. Cipher suites used by your firewall
  5. Target IP address and private subnet (pointing towards the internal resource your application needs)

Once the connection is created it will appear in the list of available connections. You can now connect each VPN config to any number of workspaces via the dropdown. Note while a connection can be used by multiple workspaces each workspace can only connect to one single VPN. If you want to change a workspaces VPN connection you will need to disconnect the previous one first. Please also note that changing a VPNs settings will cause the VPN service of all connected workspaces to restart.

Working with VPN connections in preview deployments

You can also associate preview deployments to existing VPN connections via our CI integrations for GitHub, Bitbucket and GitLab by referencing the VPN connection name in the deploy yaml. This enables you to comfortably work with private networks for your development environments.

Bitbucket syntax

image: atlassian/default-image:3

pipelines:
pull-requests:
    '**':
    - step:
        deployment: Test
        script:
        - pipe: docker://ghcr.io/codesphere-cloud/codesphere-monorepo/integrations/bitbucket-ci:latest
            variables:
            ACCESS_TOKEN: $ACCESS_TOKEN
            EMAIL: $CODESPHERE_EMAIL
            PASSWORD: $CODESPHERE_PASSWORD 
            TEAM: My Team
            PLAN: Micro
            VPN_CONFIG: vpnConfigName
            ENV: |
                testing=abc

GitHub syntax

on:
  workflow_dispatch:
  # open, reopen and synchronize will deploy a workspace for the current commit.
  # If a workspce is already deployed, that workspace is updated to the newest version.
  #
  # closed: Workspace will be deleted
  pull_request:
    types:
    - closed
    - opened
    - reopened
    - synchronize

permissions:
  contents: read
  pull-requests: read
  deployments: write

jobs:
  deploy:
    # prevent multiple workspaces to be created for the same branch
    concurrency: codesphere
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Deploy
        uses: codesphere-cloud/gh-action-deploy@main
        env:
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
        with:
            email: ${{ secrets.CODESPHERE_EMAIL }}
            password: ${{ secrets.CODESPHERE_PASSWORD }}
            team: 'My Team' # Change this to your team
            plan: 'Boost' # Select the plan for your app (Micro, Boost or Pro)
            onDemand: 'true' # Set this to true for on demand
            vpnConfig: 'vpnConfigName'
            env: |
              MY_ENV=test
              MY_SECRET=${{ secrets.MY_SECRET }} 

Gitlab syntax

workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'

stages:
  - deploy

codesphere-deploy:
  image: ghcr.io/codesphere-cloud/codesphere-monorepo/integrations/gitlab-ci:latest
  stage: deploy
  script:
    - /app/server
  variables:
    ACCESS_TOKEN: $CI_ACCESS_TOKEN
    EMAIL: $CODESPHERE_EMAIL
    PASSWORD: $CODESPHERE_PASSWORD
    TEAM: 'Demo'
    PLAN: 'Micro'
    ON_DEMAND: 'false'
    VPN_CONFIG: 'vpnConfigName'
    
  environment:
    name: 'Codesphere Preview MR_$CI_MERGE_REQUEST_IID'
    on_stop: codesphere-teardown

codesphere-teardown:
  when: manual
  image: ghcr.io/codesphere-cloud/codesphere-monorepo/integrations/gitlab-ci:latest
  stage: deploy
  script:
    - /app/server
  variables:
    ACCESS_TOKEN: $CI_ACCESS_TOKEN
    EMAIL: $CODESPHERE_EMAIL
    PASSWORD: $CODESPHERE_PASSWORD
    TEAM: 'Demo'
  environment:
    name: 'Codesphere Preview MR_$CI_MERGE_REQUEST_IID'
    action: stop