Difference between revisions of "OpenVPN"
Jump to navigation
Jump to search
(Adding how to actually *get* VPN access.) |
m (Bot: Cosmetic changes) |
||
Line 1: | Line 1: | ||
− | = VPN Access = | + | = VPN Access = |
We use OpenVPN (http://openvpn.net) as our VPN solution. | We use OpenVPN (http://openvpn.net) as our VPN solution. | ||
− | == Gaining Access == | + | == Gaining Access == |
Your [[FreeIPA]] account needs to be a member of the <tt>openvpn_users</tt> group. Send a request to [mailto:tech@sshchicago.org tech@sshchicago.org] if you'd like to be added! | Your [[FreeIPA]] account needs to be a member of the <tt>openvpn_users</tt> group. Send a request to [mailto:tech@sshchicago.org tech@sshchicago.org] if you'd like to be added! | ||
− | == Requirements == | + | == Requirements == |
* You must have a copy of our HMAC key, please contact tech@sshchicago.org to get it. | * You must have a copy of our HMAC key, please contact tech@sshchicago.org to get it. | ||
* You'll also need a copy of our [[SSHCHICAGO.ORG Certificate Authority (CA)]] certicate. | * You'll also need a copy of our [[SSHCHICAGO.ORG Certificate Authority (CA)]] certicate. | ||
− | == Connection Information == | + | == Connection Information == |
Gateway: space.sshchicago.org | Gateway: space.sshchicago.org | ||
Line 21: | Line 21: | ||
Compression: LZO | Compression: LZO | ||
− | = Connection Instructions = | + | = Connection Instructions = |
== Mac OS X == | == Mac OS X == | ||
− | * Install Tunnelblick (https://code.google.com/p/tunnelblick/) | + | * Install Tunnelblick (https://code.google.com/p/tunnelblick/) |
* Get the SSH-Chicago.tblk config package from another member | * Get the SSH-Chicago.tblk config package from another member | ||
* Double-click it. | * Double-click it. | ||
* Log in with your SSH:Chicago (wiki) username and password | * Log in with your SSH:Chicago (wiki) username and password | ||
− | == Linux (Tested on Fedora Core 20) == | + | == Linux (Tested on Fedora Core 20) == |
* Create a certs directory and restore the SELinux context (<tt>mkdir ~/.certs && restorecon -R ~/.certs</tt>) | * Create a certs directory and restore the SELinux context (<tt>mkdir ~/.certs && restorecon -R ~/.certs</tt>) | ||
* Grab the HMAC key and store it in ~/.certs/ | * Grab the HMAC key and store it in ~/.certs/ | ||
* Download a copy of the [[SSHCHICAGO.ORG Certificate Authority (CA)]] and store that in ~/.certs/ as well. (These two steps are required to comply with default SELinux regulations in Fedora) | * Download a copy of the [[SSHCHICAGO.ORG Certificate Authority (CA)]] and store that in ~/.certs/ as well. (These two steps are required to comply with default SELinux regulations in Fedora) | ||
− | * Launch your Network Manager UI | + | * Launch your Network Manager UI |
* Add a VPN connection. Set stuff up like this: | * Add a VPN connection. Set stuff up like this: | ||
** Name: ssh-c | ** Name: ssh-c | ||
Line 53: | Line 53: | ||
**** Click OK | **** Click OK | ||
* Click OK, and Apply | * Click OK, and Apply | ||
− | * Connect. | + | * Connect. |
== Windows (Tested on Windows 7 x64 Professional) == | == Windows (Tested on Windows 7 x64 Professional) == | ||
− | * Install the Windows OpenVPN client from https://openvpn.net/index.php/open-source/downloads.html | + | * Install the Windows OpenVPN client from https://openvpn.net/index.php/open-source/downloads.html |
− | * Get the sshc-openvpn-windows zip file, which contains a config file, HMAC key, and certificate. | + | * Get the sshc-openvpn-windows zip file, which contains a config file, HMAC key, and certificate. |
* Copy the contents of the zip into <tt>C:\Program Files\OpenVPN\Config</tt>. | * Copy the contents of the zip into <tt>C:\Program Files\OpenVPN\Config</tt>. | ||
* Launch the OpenVPN UI using '''Run As Administrator''' | * Launch the OpenVPN UI using '''Run As Administrator''' | ||
− | * Right-click on the OpenVPN icon in your system tray and choose "Connect". When prompted, enter your wiki username and password. | + | * Right-click on the OpenVPN icon in your system tray and choose "Connect". When prompted, enter your wiki username and password. |
− | = Testing that you have connected properly = | + | = Testing that you have connected properly = |
Navigate to a server somewhere on our network that's not exposed to the internet. An example is: | Navigate to a server somewhere on our network that's not exposed to the internet. An example is: | ||
Latest revision as of 22:22, 27 February 2017
Contents
VPN Access
We use OpenVPN (http://openvpn.net) as our VPN solution.
Gaining Access
Your FreeIPA account needs to be a member of the openvpn_users group. Send a request to tech@sshchicago.org if you'd like to be added!
Requirements
- You must have a copy of our HMAC key, please contact tech@sshchicago.org to get it.
- You'll also need a copy of our SSHCHICAGO.ORG Certificate Authority (CA) certicate.
Connection Information
Gateway: space.sshchicago.org
Port: 1194 (this is the default in OpenVPN)
Transport Protocol: UDP (also the default in OpenVPN)
Authentication type: Username/Password (PKI disabled)
Compression: LZO
Connection Instructions
Mac OS X
- Install Tunnelblick (https://code.google.com/p/tunnelblick/)
- Get the SSH-Chicago.tblk config package from another member
- Double-click it.
- Log in with your SSH:Chicago (wiki) username and password
Linux (Tested on Fedora Core 20)
- Create a certs directory and restore the SELinux context (mkdir ~/.certs && restorecon -R ~/.certs)
- Grab the HMAC key and store it in ~/.certs/
- Download a copy of the SSHCHICAGO.ORG Certificate Authority (CA) and store that in ~/.certs/ as well. (These two steps are required to comply with default SELinux regulations in Fedora)
- Launch your Network Manager UI
- Add a VPN connection. Set stuff up like this:
- Name: ssh-c
- Gateway: space.sshchicago.org
- Authentication:
- Type: Password
- User name: Your SSH:Chicago username.
- Password: Your SSH:Chicago password.
- CA Certificate: Choose the certificate you put in ~/.certs/
- Click Advanced.
- General:
- Check the "Use LZO data compression" box.
- TLS Authentication:
- Check "Use additional TLS authentication".
- For Key File, chose the HMAC key you stored in ~/.certs/
- Key direction: "1"
- General:
- Flip to the IPv4 Settings Tab
- Click Routes...
- Check "Use this connection only for resources on its network"
- Click OK
- Click Routes...
- Click OK, and Apply
- Connect.
Windows (Tested on Windows 7 x64 Professional)
- Install the Windows OpenVPN client from https://openvpn.net/index.php/open-source/downloads.html
- Get the sshc-openvpn-windows zip file, which contains a config file, HMAC key, and certificate.
- Copy the contents of the zip into C:\Program Files\OpenVPN\Config.
- Launch the OpenVPN UI using Run As Administrator
- Right-click on the OpenVPN icon in your system tray and choose "Connect". When prompted, enter your wiki username and password.
Testing that you have connected properly
Navigate to a server somewhere on our network that's not exposed to the internet. An example is:
This one will say "It works!" if you've talked to it.