[Buildbot-devel] VPN as alternative to stateless protocol

Samuli Seppänen samuli at openvpn.net
Mon Feb 2 19:27:40 UTC 2015


> Hi Samuli,
>
> On Fri, Jan 30, 2015 at 05:20:24PM +0200, Samuli Seppänen wrote:
>> I've always run buildbot inside an OpenVPN network, both for security
>> and for practical reasons and it works great.
> Do you think you could provide a step-by-step instruction of sort or point to
> an existing good one?
>
Hi,

My setup has been quite simple.The buildmaster and all buildslaves are
in the same OpenVPN network and all of them are VPN clients. There is a
ccd file[1] on the OpenVPN server which ensures that the buildmaster
gets a static VPN IP address. The buildslaves are configured to connect
to the buildmaster's VPN IP. The OpenVPN server has to have the
client-to-client option it's configuration file or traffic between
OpenVPN clients - in this case buildmaster and buildlsaves - will get
blocked. Care needs to be taken to enable forwarding on the OpenVPN
server, as well as ensure that firewall is not blocking (forwarded) VPN
packets. The IP space of the VPN should be chosen carefully, as OpenVPN
is typically configured in routed mode, which means that overlapping
routes can cause havoc.

To get started with OpenVPN this is a good place to start:

<https://community.openvpn.net/openvpn>

In particular have a look at the HOWTO, FAQ and the man-page. If you get
stuck, there are plenty of help channels to choose from:

<https://community.openvpn.net/openvpn/wiki/GettingHelp>

The OpenVPN forums are probably the easiest for newcomers and also
contain some quite useful OpenVPN howtos/guides.

Samuli

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://buildbot.net/pipermail/devel/attachments/20150202/ce0ac733/attachment.bin>


More information about the devel mailing list