Difference between revisions of "OpenVPN"
Jump to navigation
Jump to search
(As usual, an OS X open source project is better executed. Hooray NetworkManager) |
(Added more selinux notes) |
||
Line 25: | Line 25: | ||
== Linux (Tested on Fedora Core 20) == | == Linux (Tested on Fedora Core 20) == | ||
+ | * Create a certs directory and restore the SELinux context (<tt>mkdir ~/.certs && restorecon -R ~/.certs</tt>) | ||
* Grab the HMAC key and store it in ~/.certs/ | * Grab the HMAC key and store it in ~/.certs/ | ||
* Download a copy of the [[SSHCHICAGO.ORG Certificate Authority (CA)]] and store that in ~/.certs/ as well. (These two steps are required to comply with default SELinux regulations in Fedora) | * Download a copy of the [[SSHCHICAGO.ORG Certificate Authority (CA)]] and store that in ~/.certs/ as well. (These two steps are required to comply with default SELinux regulations in Fedora) |
Revision as of 19:38, 14 June 2014
Contents
VPN Access
We use OpenVPN (http://openvpn) as our VPN solution.
Gaining Access
Your FreeIPA account needs to be a member of the openvpn_users group.
Requirements
- You must have a copy of our HMAC key, please contact tech@sshchicago.org to get it.
- You'll also need a copy of our SSHCHICAGO.ORG Certificate Authority (CA) certicate.
Connection Information
Gateway: space.sshchicago.org Port: 1194 (this is the default in OpenVPN) Transport Protocol: UDP (also the default in OpenVPN) Authentication type: Username/Password (PKI disabled) Compression: LZO
Connection Instructions
Mac OS X
- Install Tunnelblick (https://code.google.com/p/tunnelblick/)
- Get the SSH-Chicago.tblk config package from another member
- Double-click it.
- Log in with your SSH:Chicago (wiki) username and password
Linux (Tested on Fedora Core 20)
- Create a certs directory and restore the SELinux context (mkdir ~/.certs && restorecon -R ~/.certs)
- Grab the HMAC key and store it in ~/.certs/
- Download a copy of the SSHCHICAGO.ORG Certificate Authority (CA) and store that in ~/.certs/ as well. (These two steps are required to comply with default SELinux regulations in Fedora)
- Launch your Network Manager UI
- Add a VPN connection. Set stuff up like this:
- Name: ssh-c
- Gateway: space.sshchicago.org
- Authentication:
- Type: Password
- User name: Your SSH:Chicago username.
- Password: Your SSH:Chicago password.
- CA Certificate: Choose the certificate you put in ~/.certs/
- Click Advanced.
- General:
- Check the "Use LZO data compression" box.
- TLS Authentication:
- Check "Use additional TLS authentication".
- For Key File, chose the HMAC key you stored in ~/.certs/
- Key direction: "1"
- General:
- Click OK, and Apply
- Connect.