Difference between revisions of "OpenVPN"
Jump to navigation
Jump to search
(Stubbed this out, saving before i forget.) |
m (Bot: Cosmetic changes) |
||
(7 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | = VPN Access = | + | = VPN Access = |
− | We use OpenVPN (http://openvpn) as our VPN solution. | + | We use OpenVPN (http://openvpn.net) as our VPN solution. |
− | == Gaining Access == | + | == Gaining Access == |
− | Your [[FreeIPA]] account needs to be a member of the <tt>openvpn_users</tt> group. | + | Your [[FreeIPA]] account needs to be a member of the <tt>openvpn_users</tt> group. Send a request to [mailto:tech@sshchicago.org tech@sshchicago.org] if you'd like to be added! |
− | == Requirements == | + | == Requirements == |
* You must have a copy of our HMAC key, please contact tech@sshchicago.org to get it. | * You must have a copy of our HMAC key, please contact tech@sshchicago.org to get it. | ||
* You'll also need a copy of our [[SSHCHICAGO.ORG Certificate Authority (CA)]] certicate. | * You'll also need a copy of our [[SSHCHICAGO.ORG Certificate Authority (CA)]] certicate. | ||
− | == Connection Information == | + | == Connection Information == |
Gateway: space.sshchicago.org | Gateway: space.sshchicago.org | ||
+ | |||
Port: 1194 (this is the default in OpenVPN) | Port: 1194 (this is the default in OpenVPN) | ||
+ | |||
Transport Protocol: UDP (also the default in OpenVPN) | Transport Protocol: UDP (also the default in OpenVPN) | ||
+ | |||
Authentication type: Username/Password (PKI disabled) | Authentication type: Username/Password (PKI disabled) | ||
− | = Connection Instructions = | + | Compression: LZO |
+ | |||
+ | = Connection Instructions = | ||
== Mac OS X == | == Mac OS X == | ||
+ | * Install Tunnelblick (https://code.google.com/p/tunnelblick/) | ||
+ | * Get the SSH-Chicago.tblk config package from another member | ||
+ | * Double-click it. | ||
+ | * Log in with your SSH:Chicago (wiki) username and password | ||
+ | |||
+ | == Linux (Tested on Fedora Core 20) == | ||
+ | * Create a certs directory and restore the SELinux context (<tt>mkdir ~/.certs && restorecon -R ~/.certs</tt>) | ||
+ | * Grab the HMAC key and store it in ~/.certs/ | ||
+ | * Download a copy of the [[SSHCHICAGO.ORG Certificate Authority (CA)]] and store that in ~/.certs/ as well. (These two steps are required to comply with default SELinux regulations in Fedora) | ||
+ | * Launch your Network Manager UI | ||
+ | * Add a VPN connection. Set stuff up like this: | ||
+ | ** Name: ssh-c | ||
+ | ** Gateway: space.sshchicago.org | ||
+ | ** Authentication: | ||
+ | *** Type: Password | ||
+ | *** User name: Your SSH:Chicago username. | ||
+ | *** Password: Your SSH:Chicago password. | ||
+ | *** CA Certificate: Choose the certificate you put in ~/.certs/ | ||
+ | ** Click Advanced. | ||
+ | *** General: | ||
+ | **** Check the "Use LZO data compression" box. | ||
+ | *** TLS Authentication: | ||
+ | **** Check "Use additional TLS authentication". | ||
+ | **** For Key File, chose the HMAC key you stored in ~/.certs/ | ||
+ | **** Key direction: "1" | ||
+ | ** Flip to the IPv4 Settings Tab | ||
+ | *** Click Routes... | ||
+ | **** Check "Use this connection only for resources on its network" | ||
+ | **** Click OK | ||
+ | * Click OK, and Apply | ||
+ | * Connect. | ||
+ | |||
+ | == Windows (Tested on Windows 7 x64 Professional) == | ||
+ | * Install the Windows OpenVPN client from https://openvpn.net/index.php/open-source/downloads.html | ||
+ | * Get the sshc-openvpn-windows zip file, which contains a config file, HMAC key, and certificate. | ||
+ | * Copy the contents of the zip into <tt>C:\Program Files\OpenVPN\Config</tt>. | ||
+ | * Launch the OpenVPN UI using '''Run As Administrator''' | ||
+ | * Right-click on the OpenVPN icon in your system tray and choose "Connect". When prompted, enter your wiki username and password. | ||
+ | |||
+ | = Testing that you have connected properly = | ||
+ | Navigate to a server somewhere on our network that's not exposed to the internet. An example is: | ||
− | + | http://monkey.sshchicago.org | |
− | + | This one will say "It works!" if you've talked to it. |
Latest revision as of 22:22, 27 February 2017
Contents
VPN Access
We use OpenVPN (http://openvpn.net) as our VPN solution.
Gaining Access
Your FreeIPA account needs to be a member of the openvpn_users group. Send a request to tech@sshchicago.org if you'd like to be added!
Requirements
- You must have a copy of our HMAC key, please contact tech@sshchicago.org to get it.
- You'll also need a copy of our SSHCHICAGO.ORG Certificate Authority (CA) certicate.
Connection Information
Gateway: space.sshchicago.org
Port: 1194 (this is the default in OpenVPN)
Transport Protocol: UDP (also the default in OpenVPN)
Authentication type: Username/Password (PKI disabled)
Compression: LZO
Connection Instructions
Mac OS X
- Install Tunnelblick (https://code.google.com/p/tunnelblick/)
- Get the SSH-Chicago.tblk config package from another member
- Double-click it.
- Log in with your SSH:Chicago (wiki) username and password
Linux (Tested on Fedora Core 20)
- Create a certs directory and restore the SELinux context (mkdir ~/.certs && restorecon -R ~/.certs)
- Grab the HMAC key and store it in ~/.certs/
- Download a copy of the SSHCHICAGO.ORG Certificate Authority (CA) and store that in ~/.certs/ as well. (These two steps are required to comply with default SELinux regulations in Fedora)
- Launch your Network Manager UI
- Add a VPN connection. Set stuff up like this:
- Name: ssh-c
- Gateway: space.sshchicago.org
- Authentication:
- Type: Password
- User name: Your SSH:Chicago username.
- Password: Your SSH:Chicago password.
- CA Certificate: Choose the certificate you put in ~/.certs/
- Click Advanced.
- General:
- Check the "Use LZO data compression" box.
- TLS Authentication:
- Check "Use additional TLS authentication".
- For Key File, chose the HMAC key you stored in ~/.certs/
- Key direction: "1"
- General:
- Flip to the IPv4 Settings Tab
- Click Routes...
- Check "Use this connection only for resources on its network"
- Click OK
- Click Routes...
- Click OK, and Apply
- Connect.
Windows (Tested on Windows 7 x64 Professional)
- Install the Windows OpenVPN client from https://openvpn.net/index.php/open-source/downloads.html
- Get the sshc-openvpn-windows zip file, which contains a config file, HMAC key, and certificate.
- Copy the contents of the zip into C:\Program Files\OpenVPN\Config.
- Launch the OpenVPN UI using Run As Administrator
- Right-click on the OpenVPN icon in your system tray and choose "Connect". When prompted, enter your wiki username and password.
Testing that you have connected properly
Navigate to a server somewhere on our network that's not exposed to the internet. An example is:
This one will say "It works!" if you've talked to it.