Difference between revisions of "OpenVPN"

From sshcWiki
Jump to navigation Jump to search
(Adding how to actually *get* VPN access.)
Line 3: Line 3:
== Gaining Access ==  
== Gaining Access ==  
Your [[FreeIPA]] account needs to be a member of the <tt>openvpn_users</tt> group.  
Your [[FreeIPA]] account needs to be a member of the <tt>openvpn_users</tt> group. Send a request to [mailto:tech@sshchicago.org tech@sshchicago.org] if you'd like to be added!
== Requirements ==  
== Requirements ==  

Revision as of 20:52, 23 February 2015

VPN Access

We use OpenVPN (http://openvpn.net) as our VPN solution.

Gaining Access

Your FreeIPA account needs to be a member of the openvpn_users group. Send a request to tech@sshchicago.org if you'd like to be added!


Connection Information

Gateway: space.sshchicago.org

Port: 1194 (this is the default in OpenVPN)

Transport Protocol: UDP (also the default in OpenVPN)

Authentication type: Username/Password (PKI disabled)

Compression: LZO

Connection Instructions

Mac OS X

  • Install Tunnelblick (https://code.google.com/p/tunnelblick/)
  • Get the SSH-Chicago.tblk config package from another member
  • Double-click it.
  • Log in with your SSH:Chicago (wiki) username and password

Linux (Tested on Fedora Core 20)

  • Create a certs directory and restore the SELinux context (mkdir ~/.certs && restorecon -R ~/.certs)
  • Grab the HMAC key and store it in ~/.certs/
  • Download a copy of the SSHCHICAGO.ORG Certificate Authority (CA) and store that in ~/.certs/ as well. (These two steps are required to comply with default SELinux regulations in Fedora)
  • Launch your Network Manager UI
  • Add a VPN connection. Set stuff up like this:
    • Name: ssh-c
    • Gateway: space.sshchicago.org
    • Authentication:
      • Type: Password
      • User name: Your SSH:Chicago username.
      • Password: Your SSH:Chicago password.
      • CA Certificate: Choose the certificate you put in ~/.certs/
    • Click Advanced.
      • General:
        • Check the "Use LZO data compression" box.
      • TLS Authentication:
        • Check "Use additional TLS authentication".
        • For Key File, chose the HMAC key you stored in ~/.certs/
        • Key direction: "1"
    • Flip to the IPv4 Settings Tab
      • Click Routes...
        • Check "Use this connection only for resources on its network"
        • Click OK
  • Click OK, and Apply
  • Connect.

Windows (Tested on Windows 7 x64 Professional)

  • Install the Windows OpenVPN client from https://openvpn.net/index.php/open-source/downloads.html
  • Get the sshc-openvpn-windows zip file, which contains a config file, HMAC key, and certificate.
  • Copy the contents of the zip into C:\Program Files\OpenVPN\Config.
  • Launch the OpenVPN UI using Run As Administrator
  • Right-click on the OpenVPN icon in your system tray and choose "Connect". When prompted, enter your wiki username and password.

Testing that you have connected properly

Navigate to a server somewhere on our network that's not exposed to the internet. An example is:


This one will say "It works!" if you've talked to it.