Deploying to Agents on machines behind a VPN?

sebastian's Avatar


26 Nov, 2014 06:20 AM

Hi guys,

I'm very interested in moving our CI server over to use AppVeyor instead, it looks to be excellent value. My only concern is that several of our client projects require use to deploy to intranet machines that are only accessible via VPN. Cisco VPN Client and Dell SonicWall NetExtender are the two we need to use. Our current CI server has these VPN clients installed and we control them in our deployment cycle via PowerShell.

Does AppVeyor offer any kind of solution for this scenario?


  1. Support Staff 1 Posted by Feodor Fitsner on 26 Nov, 2014 08:12 AM

    Feodor Fitsner's Avatar

    Hi Sebastian,

    Absolutely, AppVeyor Agent works in "listening" mode and require only outbound internet connection to You don't have to configure any inbound ports on your firewall or setup VPN in order to use AppVeyor Deployment Agent.

  2. 2 Posted by sebastian on 26 Nov, 2014 05:07 PM

    sebastian's Avatar

    So do I understand correctly that the Agent polls Out of curiosity, how often does the agent poll the server? Is there anywhere I can go to get more technical details on how the Agent works?

  3. Support Staff 3 Posted by Feodor Fitsner on 26 Nov, 2014 06:27 PM

    Feodor Fitsner's Avatar

    Well, it's not polling, but Web Sockets, SignalR more specifically. It's constantly connected to the cloud.

  4. 4 Posted by sebastian on 26 Nov, 2014 07:44 PM

    sebastian's Avatar

    Oh wow, fancy. Okay, cool - thanks :)

  5. 5 Posted by sebastian on 11 Dec, 2014 08:09 PM

    sebastian's Avatar

    Hi Feodor,

    Sorry to open a closed topic again, but I just thought of a different scenario that normally requires a VPN connection for deployment. In the case that a project isn't publicly exposed over the internet, i.e. an intranet only available through a VPN, the HTTP port is closed to web... is there any solution for this scenario?

  6. Support Staff 6 Posted by Feodor Fitsner on 11 Dec, 2014 08:24 PM

    Feodor Fitsner's Avatar

    Does that intranet environment have outbound connection to the internet?

  7. 7 Posted by sebastian on 11 Dec, 2014 09:16 PM

    sebastian's Avatar

    No its completely internal I'm afraid. It's actually fairly common for us
    in some corporate projects.

  8. Support Staff 8 Posted by Feodor Fitsner on 11 Dec, 2014 09:39 PM

    Feodor Fitsner's Avatar

    Then I guess you should run VPN client on build worker to access your network and this VPN client must be scriptable.

  9. 9 Posted by sebastian on 12 Dec, 2014 02:20 AM

    sebastian's Avatar

    Is this something I'd have to script an install for in every build then,
    since build workers are transient?
    Or is these are any way I can save a build worker image with the clients

  10. 10 Posted by sebastian on 12 Dec, 2014 02:24 AM

    sebastian's Avatar

    Hi, would you be able to remove my signature from my previous comment?

  11. Support Staff 11 Posted by Feodor Fitsner on 12 Dec, 2014 02:32 AM

    Feodor Fitsner's Avatar

    It depends on few factors:

    1. If it's easier to script and adds few minutes overhead to the build then I think it's OK to be part of every build.

    2. If it's hard to script or takes long to install, but the software is pretty standard we could install it to build worker image.

  12. 12 Posted by sebastian on 13 May, 2015 08:30 PM

    sebastian's Avatar

    Hi Feodor,

    Jumping back onto this issue, I've been playing with getting Cisco VPN Client working on these workers. So far, I've developed a chocolatey package that installs the client from MSI, which seems to work ok - but it takes a while to install.

    In the interest of keeping builds speedy, what are the odds that the 64-bit Cisco VPN Client v5.0.07.0440 (which is the only version I know of that works with Server 2012) could be installed on the build images?

    I believe there are some licensing arrangements around this VPN client. Not sure how AppVeyor handles that? Could it be an 'if you use it, you declare to have licensed it' kind of arrangement?

  13. Support Staff 13 Posted by Feodor Fitsner on 14 May, 2015 01:13 AM

    Feodor Fitsner's Avatar

    Well, if you are installing with Agent it's actually executed from AppVeyor Azure workers (not build workers) which you don't have access to.

  14. 14 Posted by sebastian on 17 May, 2015 02:57 PM

    sebastian's Avatar

    Hi, actually I'm talking about installing the Cisco VPN client on the build worker itself, so that it can deploy to a host behind VPN... It's IIS6 so the Appveyor agent isn't compatible and we have to use msdeploy etc..

  15. Support Staff 15 Posted by Feodor Fitsner on 18 May, 2015 05:11 PM

    Feodor Fitsner's Avatar

    Seems like these clients are really specific for your own application. Check if they can be deployed with XCOPY - that could be much faster.

  16. 16 Posted by sebastian on 30 May, 2015 12:40 PM

    sebastian's Avatar

    Hi Feodor,

    Sorry for the late reply with this, am back on the case again.

    If your brain's still in the headspace, can you elaborate on what you had in mind using XCOPY? I don't quite follow you...

  17. Support Staff 17 Posted by Feodor Fitsner on 31 May, 2015 09:40 PM

    Feodor Fitsner's Avatar

    Yeah, I mean if the client could be deployed by simply unzipping its files during the build, without running MSI or EXE.

  18. 18 Posted by sebastian on 01 Jun, 2015 05:55 AM

    sebastian's Avatar

    Ah, yeah I don't think that's possible because the installer has to set up
    a new network adapter etc.

  19. 19 Posted by sebastian on 01 Jun, 2015 05:57 AM

    sebastian's Avatar

    Time heals all wounds, apparently... The server's being upgraded so this
    won't be a requirement in a few weeks time! Thanks for your attention on
    this matter :) It was a good exercise in playing with chocolatey packages
    at least!

  20. Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 01:56 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac