diff --git a/.github/workflows/db_rollback.yml b/.github/workflows/db_rollback.yml
index 8a0581f3a..d9083ee55 100644
--- a/.github/workflows/db_rollback.yml
+++ b/.github/workflows/db_rollback.yml
@@ -64,11 +64,34 @@ jobs:
           echo "DATABASE_HOSTNAME=$DATABASE_HOSTNAME" >> "$GITHUB_ENV"
           echo "DATABASE_PASSWORD=$DATABASE_PASSWORD" >> "$GITHUB_ENV"
 
-      - name: Run Db Rollback
-        uses: liquibase-github-actions/rollback-count@v4.26.0
+      - name: Connect to VPN
+        uses: josiahsiegel/action-connect-ovpn@v2.0.2
+        id: connect_vpn
         with:
-          changelogFile: ${{ github.event.inputs.rollbackFile }}
-          count: ${{ github.event.inputs.rollbackCount }}
-          url: "jdbc:postgresql://${{ env.DATABASE_HOSTNAME }}:5432/postgres"
-          username: cdcti-github
-          password: ${{ env.DATABASE_PASSWORD }}
+          PING_URL: ${{ env.DATABASE_HOSTNAME }}
+          FILE_OVPN: ./operations/vpn/${{ inputs.ENVIRONMENT }}.ovpn
+          TLS_KEY: ${{ secrets.VPN_TLS_KEY }}
+        env:
+          CA_CRT: ${{ secrets.VPN_CA_CERTIFICATE }}
+          USER_CRT: ${{ secrets.VPN_USER_CERTIFICATE }}
+          USER_KEY: ${{ secrets.VPN_USER_SECRET_KEY }}
+
+      - name: Fail if VPN isn't Connected
+        if: steps.connect_vpn.outputs.STATUS != 'true'
+        run: |
+          echo 'VPN connected: ${{ steps.connect_vpn.outputs.STATUS }}'
+          exit 1
+
+      - name: Install Liquibase
+        run: |
+          wget -O- https://repo.liquibase.com/liquibase.asc | gpg --dearmor > liquibase-keyring.gpg && \cat liquibase-keyring.gpg | sudo tee /usr/share/keyrings/liquibase-keyring.gpg > /dev/null && \echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/liquibase-keyring.gpg] https://repo.liquibase.com stable main' | sudo tee /etc/apt/sources.list.d/liquibase.list
+          sudo apt-get update
+          sudo apt-get install liquibase
+          liquibase -v
+
+      - name: Run Db migration
+        run: liquibase rollback-count --changelog-file ${{ github.event.inputs.rollbackFile }} --count ${{ github.event.inputs.rollbackCount }} --url 'jdbc:postgresql://${{ env.DATABASE_HOSTNAME }}:5432/postgres' --username cdcti-github --password '${{ env.DATABASE_PASSWORD }}'
+
+      - name: Disconnect VPN
+        if: always()
+        run: sudo killall openvpn