Using OpenVPN from a Heroku dyno

(Warning: whilst I work for Heroku, this isn't official supported - it's just something I discovered in my spare time. Hopefully this helps someone but leave me any feedback on Twitter @xavriley)

In terms of getting a VPN client working there's no official support for this as part of the default image. You could try this experimental buildpack though:

heroku buildpacks:add --index 1 https://elements.heroku.com/buildpacks/heroku/heroku-buildpack-apt

You would then create a file named Aptfile at the root of your project with the following contents:

liblzo2-2  
openvpn  

You would then need to add those new files to git and deploy for those changes to take effect.

Once the deploy completes, you can try out the VPN connection using the following commands whilst running a heroku run bash session in a one-off dyno.

$ heroku run bash
...
# Bash session running on a dyno
# This line is necessary because the apt version of openvpn doesn't link against libzo correctly otherwise
~ $ export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/app/.apt/lib/x86_64-linux-gnu/"
~ $ .apt/usr/sbin/openvpn --client --remote vpnhost.ac.uk --auth-user-pass --dev tunX --capath /etc/ssl/certs --daemon

That will get you a VPN session running with a user/password prompt to start. From there you'll need to look at the various ways of configuring openvpn to make it do what you need.