Xavier Riley

Xavier Riley

PhD researcher looking at automatic music transcription, also a jazz guitarist and double bassist

Using OpenVPN from a Heroku dyno

1 minute read

Published:

(Warning: whilst I work for Heroku, this isn’t official supported - it’s just something I discovered in my spare time. Hopefully this helps someone but leave me any feedback on Twitter @xavriley)

Update: this won’t work

After some more research, the advice below will allow you to install the relevant packages but the Heroku dynos won’t have the necessary permissions to rewrite the outgoing network packets. For an alternative way of setting up a secure tunnel to a dyno, you could try looking at https://github.com/koding/tunnel or https://github.com/jpillora/chisel instead.

In terms of getting a VPN client working there’s no official support for this as part of the default image. To get something working you will need to add another buildpack to your app. If you haven’t worked with multiple buildpacks before, read up on the best approach for those here https://devcenter.heroku.com/articles/using-multiple-buildpacks-for-an-app

You can then try this experimental buildpack to add additional packages:

heroku buildpacks:add --index 1 https://elements.heroku.com/buildpacks/heroku/heroku-buildpack-apt

You would then create a file named Aptfile at the root of your project with the following contents:

liblzo2-2
openvpn

You would then need to add those new files to git and deploy for those changes to take effect.

Once the deploy completes, you can try out the VPN connection using the following commands whilst running a heroku run bash session in a one-off dyno.

$ heroku run bash
...
# Bash session running on a dyno
# This line is necessary because the apt version of openvpn doesn't link against libzo correctly otherwise
~ $ export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/app/.apt/lib/x86_64-linux-gnu/"
~ $ .apt/usr/sbin/openvpn --client --remote vpnhost.ac.uk --auth-user-pass --dev tunX --capath /etc/ssl/certs --daemon

That will get you a VPN session running with a user/password prompt to start. From there you’ll need to look at the various ways of configuring openvpn to make it do what you need.

To set the LD_LIBRARY_PATH for every dyno, you can add a file named .profile to the root of your project with the following contents:

export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/app/.apt/lib/x86_64-linux-gnu/"

You can find out more about the .profile script on Heroku here: https://devcenter.heroku.com/articles/dynos#the-profile-file

You May Also Enjoy

Compiling packages from source on Heroku using buildpacks

3 minute read

Published:

(Warning: whilst I work for Heroku, this isn’t official supported - it’s just something I discovered in my spare time. Hopefully this helps someone but leave me any feedback on Twitter @xavriley)

10,000 hours - as told by jazz musicians

4 minute read

Published:

In a 1993 paper by Anders Ericsson, he was one of the first to make the claim that mastery of a skill took around 10 years (about 10,000 hours) of deliberate practice.

Writing a C extension for Ruby in 2016

10 minute read

Published:

Now that Ruby has crested the hype cycle, settled down and taken out a mortgage, you’d expect the posts around the community to be more about big business concerns. Whilst that might be true, I’d like to row against the tide by telling you about the fun I had figuring out how to write my first C extension - fast_osc - and how I made Sonic Pi 10x faster in the process.