Differences between revisions 14 and 46 (spanning 32 versions)
Revision 14 as of 2015-10-05 18:12:15
Size: 1287
Editor: csadmin
Comment:
Revision 46 as of 2024-02-28 01:15:26
Size: 3261
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= The school of Computing uses OpenVPN = = The School of Computing uses OpenVPN =
Line 4: Line 5:
== IMPORTANT NOTE: ==
 1. As of Fall 2023, you must have '''OpenVPN GUI 2.5.X''' or later installed or your connection may fail to connect (Not sure what the versions for other clients are, but you should be safe with the latest version). If you get a fail to connect message on Windows, '''uninstall your version of OpenVPN GUI and install the one below.''' If you have a MAC, make sure you are on the latest version of the client.
 1. We are using 2FA!!! If you had an account before, you probably don't anymore. See Dr. A about getting an account - needs to be in person.

== Everyone Prerequisite ==

 1. Install an authenticator app if you don't have one (Most of you will have the Microsoft Authenticator app installed.
 1. In the Authenticator app, click the + to add a new account.
 1. Select "Other Account..."
 1. Point your phone at the QR code that you received (or are looking at because you are in my office) OR enter the SECRET that you got in your email.
 1. It recognized it? Good! Move on to your specific platform directions below.
Line 5: Line 18:
 1. Install: [[attachment:firewall-udp-1194-install x86.exe]] or [[attachment:firewall-udp-1194-install x64.exe]]
 1. Install: [[attachment:OpenVPN2023-x64.exe|64-bit Version]], [[attachment:OpenVPN2023_x86.exe|32-bit Version]]
 1. '''Run OpenVPN GUI as administrator''' when you install - this is required or your connection will not work. Ever after that you should not have to run it as administrator.
Line 7: Line 22:
 1. Enter your CS username and Password  1. Enter your southern username '''without''' the @southern.edu.
 1. Enter your pin followed by your Time-based One Time Password (TOTP) from the Authenticator app as your password
Line 10: Line 26:
== OS X ==
 1. Download and install tunnelblick from https://tunnelblick.net/ or use your favorite OpenVPN client
 1. Download [[attachment:csfirewall.ovpn]]
 1. Double click the file and it will start OpenVPN with the configuration.		 == OS X/Android and others ==

For Mac:

 1. Download and install Tunnelblick from https://tunnelblick.net/ or use your favorite OpenVPN client
 1. Download the .opvn file [[attachment:OpenVPN2023.ovpn]]
 1. Double-click the .ovpn file. This will add the configuration to Tunnelblick.
Line 15: Line 34:
 1. Enter your southern username '''without''' the @southern.edu.
 1. Enter your pin followed by your Time-based One Time Password (TOTP) from the Authenticator app as your password
Line 16: Line 37:
== Other ==
 1. Download the zip file [[attachment:firewall-udp-1194-config.zip]]
 1. Follow the instructions for your distribution
  * [[http://www.linux.com/learn/tutorials/459675-configure-linux-clients-to-connect-to-openvpn-server|Ubuntu and somewhat generic instructions]]		 For Linux/Android/Others:
 1. [[https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-linux/|Ubuntu and somewhat generic instructions]]
Line 22: Line 41:
'''Symptom''': Your connection yo-yo's up and down every 60 seconds.
Line 24: Line 42:
'''Fix''': You are connected to the VPN with two computers using the same account. Disconnect from the VPN on one of your computers. '''Problem''': Your connection yo-yo's up and down every 60 seconds.

'''Solution''': You are connected to the VPN with two computers using the same account. Disconnect from the VPN on one of your computers.

----

'''Problem''': You want to use the VPN for traffic that goes to the school, but not for any other traffic.

'''Solution''': Add the following lines to your config file.

{{{
pull-filter ignore "redirect-gateway"
route 10.10.0.0 255.255.0.0 vpn_gateway
}}}

 1. Does not consider the server redirect-gateway in order to avoid all traffic through VPN Gateway
 1. Re-add the CS network you need to reach from client through VPN Gateway

The School of Computing uses OpenVPN

If you have an account on the CS domain, you may access campus resources through our VPN server.

IMPORTANT NOTE:

  1. As of Fall 2023, you must have OpenVPN GUI 2.5.X or later installed or your connection may fail to connect (Not sure what the versions for other clients are, but you should be safe with the latest version). If you get a fail to connect message on Windows, uninstall your version of OpenVPN GUI and install the one below. If you have a MAC, make sure you are on the latest version of the client.

  2. We are using 2FA!!! If you had an account before, you probably don't anymore. See Dr. A about getting an account - needs to be in person.

Everyone Prerequisite

  1. Install an authenticator app if you don't have one (Most of you will have the Microsoft Authenticator app installed.
  2. In the Authenticator app, click the + to add a new account.
  3. Select "Other Account..."
  4. Point your phone at the QR code that you received (or are looking at because you are in my office) OR enter the SECRET that you got in your email.
  5. It recognized it? Good! Move on to your specific platform directions below.

Windows

  1. Install: 64-bit Version, 32-bit Version

  2. Run OpenVPN GUI as administrator when you install - this is required or your connection will not work. Ever after that you should not have to run it as administrator.

  3. Right click the icon in the system tray and click connect

  4. Enter your southern username without the @southern.edu.

  5. Enter your pin followed by your Time-based One Time Password (TOTP) from the Authenticator app as your password
  6. If you have problems try again running the program as administrator

OS X/Android and others

For Mac:

  1. Download and install Tunnelblick from https://tunnelblick.net/ or use your favorite OpenVPN client

  2. Download the .opvn file OpenVPN2023.ovpn

  3. Double-click the .ovpn file. This will add the configuration to Tunnelblick.
  4. Connect or disconnect using the icon running on the right side of the menu bar.

  5. Enter your southern username without the @southern.edu.

  6. Enter your pin followed by your Time-based One Time Password (TOTP) from the Authenticator app as your password

For Linux/Android/Others:

  1. Ubuntu and somewhat generic instructions

Troubleshooting

Problem: Your connection yo-yo's up and down every 60 seconds.

Solution: You are connected to the VPN with two computers using the same account. Disconnect from the VPN on one of your computers.

Problem: You want to use the VPN for traffic that goes to the school, but not for any other traffic.

Solution: Add the following lines to your config file. 

pull-filter ignore "redirect-gateway" 
route 10.10.0.0 255.255.0.0 vpn_gateway
  1. Does not consider the server redirect-gateway in order to avoid all traffic through VPN Gateway
  2. Re-add the CS network you need to reach from client through VPN Gateway

NetworkConfiguration/OpenVpnConfiguration (last edited 2024-02-28 01:15:26 by scot)