User Tools

Site Tools


network:openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
network:openvpn [2013/06/13 21:15]
walter [Adding someone to the host based VPN]
network:openvpn [2021/05/02 21:36] (current)
Line 1: Line 1:
 +====== OpenVPN ======
 +
 ====== About ====== ====== About ======
  
Line 19: Line 21:
 ====== Client Setup ====== ====== Client Setup ======
  
-This setup details the setup of the user auth VPN. Setup for the host auth VPN is the same, with the exception of a couple of file names being different. ​+This setup details the setup of the user auth VPN. Setup for the host auth VPN is the same, with the exception of a couple of file names being different. ​**If you need to use the ACM's internal DNS servers, please read the last section**
 ===== Windows Client (XP, Vista, 7) ===== ===== Windows Client (XP, Vista, 7) =====
  
Line 49: Line 51:
  
 ===== OS X client ===== ===== OS X client =====
-Download the latest ​tunelblick ​client from http://​code.google.com/​p/​tunnelblick/​downloads/​list (currently ​[[http://tunnelblick.googlecode.com/files/Tunnelblick_3.0b10.dmg|3.0b10]] )+Download the latest ​Viscosity ​client from [[https://webstore.illinois.edu/shop/product.aspx?​zpid=2637]] )
  
-Copy the following ​files to ~/​Library/​openvpn +Download ​the following ​file 
-  * client.conf +{{ :​network:​uic-acm-vpn.ovpn | ACM OVPN file}}
-  * client.ovpn +
-  * ta.key +
-  * ca.crt +
-  * client.key +
-  * client.crt +
-  * passwd+
  
-Edit the file '​passwd'​ in text editor to have your UIC ACM username as the first line and your ACM password as the second line. This will prevent you from needing ​to enter your password each time(If you do not want to save you login this way then edit the line in the client.ovpn and client.conf file that says 'auth-user-pass passwd'​ to say 'auth-user-pass')+  - Unzip the files which creates ​"ACM-VPN-Files"​ folder 
 +  - Then in Viscosity go to Preferences  
 +  - Hit the [+] to add a new connection  
 +  - Import Connection...  
 +  ​From File  
 +  ​Select the UIC-ACM-VPN.ovpn file from the extracted files
  
-In the notification tray, click the tunnelblick icon >> Connect (?not sure of name with new VPN?)+It should say  
 +"​Connection Imported  
 +Viscosity has successfully imported ​the connection"​. ​
  
-If prompted, enter your UICACM AD credentials+Click the Viscosity Icon and select the UIC-ACM-VPN. This will start the connection with ACM VPN server. ​
  
-You should now be connected+A prompt should pop up asking you to enter your UICACM AD credentials 
 + 
 +You should now be connected.
  
 ===== Linux ===== ===== Linux =====
Line 100: Line 105:
  
 You should now be connected You should now be connected
 +
 +===== ACM DNS =====
 +
 +Currently when connecting to the internal network via the VPN, your machine will not be automatically reconfigured to use our internal DNS servers for name resolution. This means that you will need to know the internal IP of any machine you wish to connect to inside the ACM network. In order to use our DNS service, you will need to set the DNS servers for the virtual interface manually. Please consult the documentation for your specific operating system configuration on how to manually set the DNS server you are using. ​
 +
 +The valid servers are listed below
 +<​code>​
 +172.29.13.10
 +172.29.13.11
 +172.29.17.12
 +</​code>​
 +
  
 ====== Server Side ====== ====== Server Side ======
Line 105: Line 122:
 This contains instructions for server side operations This contains instructions for server side operations
  
 +===== Server Configuration =====
 +
 +All server configs live on dvorak in the /​etc/​openvpn directory. Iptables on the server also needs to allow forwarding from the VPN interfaces tun0, tun1, and tun2.
  
 ===== Adding someone to the host based VPN ===== ===== Adding someone to the host based VPN =====
Line 111: Line 131:
   * Sudo into root and go to /​root/​easy-rsa-host   * Sudo into root and go to /​root/​easy-rsa-host
   * source ./vars   * source ./vars
-  * ./build-key <acm user name>​-<​host name of machine without any spaces>+  * ./​build-key ​'<acm user name>​-<​host name of machine without any spaces>'
   * Hit enter through all the options, the defaults are set correctly   * Hit enter through all the options, the defaults are set correctly
   * Just hit enter through the password prompt, **do not set a password**   * Just hit enter through the password prompt, **do not set a password**
Line 123: Line 143:
  
 ===== Removing someone from the host based VPN ===== ===== Removing someone from the host based VPN =====
 +
 +FIXME
  
 **Untested** **Untested**
network/openvpn.1371158116.txt.gz · Last modified: 2021/05/02 21:36 (external edit)