Skip to content

Instantly share code, notes, and snippets.

@royashbrook
Last active January 14, 2022 19:04
Show Gist options
  • Save royashbrook/b56664ddec470f142d6ef7a8b17330fe to your computer and use it in GitHub Desktop.
Save royashbrook/b56664ddec470f142d6ef7a8b17330fe to your computer and use it in GitHub Desktop.
meraki vpn
name: main
on:
workflow_dispatch:
schedule:
- cron: '30 5 * * *' # trigger at 5:30am UTC
jobs:
job1:
runs-on: windows-latest
steps:
# checkout the code in this repo to get job.ps1
# note that you could just use code in this yml instead of job.ps1
- uses: actions/checkout@v2
- name: Open VPN
shell: pwsh
run: |
$vpnargs = @{
Name = "Temp"
ServerAddress = "1.2.3.4"
TunnelType = "L2tp"
AuthenticationMethod = "Pap"
L2tpPsk = "secret"
}
Add-VpnConnection @vpnargs -Force
Get-VpnConnection $vpnargs.name
(Start-Process rasdial -NoNewWindow -ArgumentList "$($vpnargs.name) vpnuser vpnpass" -PassThru -Wait).ExitCode
- name: Run Job
shell: pwsh
run: ./job.ps1
- name: Close VPN
shell: pwsh
run: |
rasdial Temp /DISCONNECT
Remove-VpnConnection Temp -Force
# PS for Meraki VPN
# settings, should be env vars or secrets
$ServerAddress = "1.2.3.4"
$L2tpPsk = "secretkey"
$VPNUsername = "user"
$VPNPassword = "pass"
$VPNName = "TestVPN" #not really secret
# remove vpn entry if it exists
if(Get-VpnConnection | Where-Object name -eq $VPNName){
Remove-VpnConnection $VPNName -Force
}
# add vpn entry
Add-VpnConnection -Name $VPNName `
-ServerAddress $ServerAddress `
-TunnelType "L2tp" `
-AuthenticationMethod "Pap" `
-L2tpPsk $L2tpPsk `
-Force
# connect then show status
rasdial $VPNName $VPNUsername $VPNPassword
(Get-VpnConnection $VPNName).ConnectionStatus
# disconnect then show status
rasdial $VPNName /disconnect
(Get-VpnConnection $VPNName).ConnectionStatus
# remove vpn entry
Remove-VpnConnection $VPNName -Force

This script can be used in a github action to connect to a server inside a meraki vpn. This allows serverless jobs to be created and hosted as github actions.

As is, this needs a windows vm for rasdial usage. As of this writing, this will double the minute cost on github.

Another item of note is that scheduled github actions seem to be more of a 'suggested time' when it comes to cron triggers. A job scheduled to run on the hour every hour may run 15 minutes after the hour, for example.

This gives a pretty simple way to migrate jobs from a server on LAN to outside a LAN without having to buy a server.

Note that in the example github action I am splatting the values and also using a start-process so I can just return the exitcode. This can be tweaked to taste. This entire process would work with other VPNs as well, but need to be tweaked accordingly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment