Linux – How to create a VPN connect/disconnect wrapper around SVN commands


My company has an internal SVN server (VisualSVN) we would like to start using for keeping track of changes to our python source code in the cloud. The ec2 instances would use the linux SVN client. I would like to set something up that will automatically connect to our home network using IPSec VPN, run whatever SVN commands we need to do and then close the VPN connection.

One concern is that both EC2 and our internal network uses the 10...* IP range. I only need to connect to a single server on our network ( once VPN is connected. I'm worried that I may accidentally change the routing tables and totally screw up our servers.

I'm using Fedora right now on EC2, but I would consider changing distros if there is a readily available solution.

Can anyone provide some example scripts that show how to take an SVN command, create a vpn connection, setup the routing table, run the SVN command, then drop the vpn connection once complete?

Thanks in advance,
Russ Ryba

Edit: For those suggesting SVN over SSH. I've used that before and it works well.

Since the EC2 sever with source code I wish to backup is OUTSIDE my work network, wouldn't I still need IPSec to access the SVN server inside my network?

Or does SSH go through IPSec firewalls? The work SVN server also runs windows so it doesn't have an SSH server running on it as far as I know.

Best Answer

Rather than IPSec VPN, why not use svn+ssh? I only mention this because ssh-ing to an IP is a helluva lot more simple than setting up VPN access - just advertise a random port for your servers, forwarded to your internal server.

You will not screw up your server by adding a single route to a 10.x.x.x network (such as Internet-bound traffic will always go to your default route anyway.

Sorry I can't provide a soup-to-nuts script, but try setting up ssh keys and using svn+ssh - much simpler, and no need to change distros or anything drastic like that. :)

Edit: If the source is anything to do with work, then in my opinion your IT department have a duty to make this as simple as possible whilst maintaining security. What is the VPN server? Setting up a temporary connection should be pretty simple but I need to know more about the type of VPN you use. Is it PPTP?

There's no such thing as an IPSec firewall. In my experience there are just general purpose packet filters, commonly referred to as firewalls. Generally speaking you just use a firewall to allow arbitrary ports, with a default deny rule for anything else. It's very simple to expose a port for this, it's just a matter of process.

Also, the fact that the server runs Windows doesn't mean it's not running svnserve. How do you access the repo? What is the protocol at the start of the URI? svn://, http://, etc.