OpenVPN
Jump to navigation
Jump to search
Contents
VPN Access
We use OpenVPN (http://openvpn) as our VPN solution.
Gaining Access
Your FreeIPA account needs to be a member of the openvpn_users group.
Requirements
- You must have a copy of our HMAC key, please contact tech@sshchicago.org to get it.
- You'll also need a copy of our SSHCHICAGO.ORG Certificate Authority (CA) certicate.
Connection Information
Gateway: space.sshchicago.org
Port: 1194 (this is the default in OpenVPN)
Transport Protocol: UDP (also the default in OpenVPN)
Authentication type: Username/Password (PKI disabled)
Compression: LZO
Connection Instructions
Mac OS X
- Install Tunnelblick (https://code.google.com/p/tunnelblick/)
- Get the SSH-Chicago.tblk config package from another member
- Double-click it.
- Log in with your SSH:Chicago (wiki) username and password
Linux (Tested on Fedora Core 20)
- Create a certs directory and restore the SELinux context (mkdir ~/.certs && restorecon -R ~/.certs)
- Grab the HMAC key and store it in ~/.certs/
- Download a copy of the SSHCHICAGO.ORG Certificate Authority (CA) and store that in ~/.certs/ as well. (These two steps are required to comply with default SELinux regulations in Fedora)
- Launch your Network Manager UI
- Add a VPN connection. Set stuff up like this:
- Name: ssh-c
- Gateway: space.sshchicago.org
- Authentication:
- Type: Password
- User name: Your SSH:Chicago username.
- Password: Your SSH:Chicago password.
- CA Certificate: Choose the certificate you put in ~/.certs/
- Click Advanced.
- General:
- Check the "Use LZO data compression" box.
- TLS Authentication:
- Check "Use additional TLS authentication".
- For Key File, chose the HMAC key you stored in ~/.certs/
- Key direction: "1"
- General:
- Flip to the IPv4 Settings Tab
- Click Routes...
- Check "Use this connection only for resources on its network"
- Click OK
- Click Routes...
- Click OK, and Apply
- Connect.
Windows (Tested on Windows 7 x64 Professional)
- Install the Windows OpenVPN client from https://openvpn.net/index.php/open-source/downloads.html
- Get the sshc-openvpn-windows zip file, which contains a config file, HMAC key, and certificate.
- Copy the contents of the zip into C:\Program Files\OpenVPN\Config.
- Launch the OpenVPN UI using Run As Administrator
- Right-click on the OpenVPN icon in your system tray and choose "Connect". When prompted, enter your wiki username and password.
Testing that you have connected properly
Navigate to a server somewhere on our network that's not exposed to the internet. An example is:
This one will say "It works!" if you've talked to it.