Changes for page VPN Access

Summary

• Page properties (2 modified, 0 added, 0 removed)

Details

Page properties

Author

...	...	@@ -1,1 +1,1 @@
1		-XWiki.coelho
	1	+XWiki.authitpuni-frankfurtde-thw

Content

...	...	@@ -3,12 +3,12 @@
3	3	{{/box}}
4	4
5	5	{{warning}}
6		-This page needs to be rework. New screen shots need to be doone.
	6	+Work in progress.
7	7	{{/warning}}
8	8
9	9	To get full access to our network from external locations we provide a VPN access based on openVPN. This is free software and part of every Linux distribution. The following guide has been tested with Ubuntu.
10	10
11		-For Linux we recommend the graphical configuration with ~[~[VPN with Networkmanager]].
	11	+For Linux we recommend the graphical configuration with.
12	12
13	13	It is available for Windows and MacOS too.
14	14
...	...	@@ -34,6 +34,55 @@
34	34
35	35	Again, confirm with your password if necessary.
36	36
	37	+
	38	+We have setup a new VPN gateway. Please use this configuration and report problems.
	39	+
	40	+This configuration routes all traffic trough ITP. This is useful if you want to download papers, which are restricted to the university network.
	41	+The second examples only routes the traffic going directly to the ITP trough the VPN and leaves your default gateway untouched. The only difference is the missing 'redirect-gateway' statement [http://th.physik.uni-frankfurt.de/~thw/vpn/all-via-itp.ovpn]
	42	+
	43	+{{code language="none"}}
	44	+client
	45	+dev tun
	46	+proto udp
	47	+nobind
	48	+remote vgw.itp.uni-frankfurt.de
	49	+verify-x509-name vgw.itp.uni-frankfurt.de name
	50	+remote-cert-tls server
	51	+resolv-retry infinite
	52	+auth-user-pass
	53	+ca private-ca-itp.crt
	54	+# Comment this, if you don't want to redirect the default gateway
	55	+redirect-gateway def1
	56	+{{/code}}
	57	+
	58	+Download our CA (Certificate of Authority) [http://th.physik.uni-frankfurt.de/~thw/vpn/private-ca-itp.crt] and store it in the same place. This file is needed for the verification of the authenticity of the server.
	59	+
	60	+For only accessing internal services and routing your the normal traffic to your normal uplink use the following configuration: [http://th.physik.uni-frankfurt.de/~thw/vpn/itp.ovpn]
	61	+
	62	+=== Start the VPN connection ===
	63	+
	64	+Open a terminal and change to the path where the vpn config file is stored. Start the connection with
	65	+\\ sudo openvpn itp.ovpn
	66	+
	67	+where itp.ovpn is the name of the config file. openvpn needs root access, therefore you must enter your local password for sudo. After this you have to enter your ITP credentials (Username and Password).
	68	+
	69	+If everything went fine the output will look like:
	70	+
	71	+{{{Fri Dec 7 15:03:00 2012 WARNING: Make sure you understand the semantics of tls-remote before using it (see the man page).
	72	+Fri Dec 7 15:03:00 2012 NOTE: OpenVPN 2.1 requires 'script-security 2' or higher to call user-defined scripts or executables
	73	+Fri Dec 7 15:03:00 2012 UDPv4 link local: [undef]
	74	+Fri Dec 7 15:03:00 2012 UDPv4 link remote: [AF_INET]141.2.246.2:1194
	75	+Fri Dec 7 15:03:00 2012 WARNING: this configuration may cache passwords in memory use the auth-nocache option to prevent this
	76	+Fri Dec 7 15:03:00 2012 [FIAS-ITP_Generic_VPN_Service] Peer Connection Initiated with [AF_INET]141.2.246.2:1194
	77	+Fri Dec 7 15:03:02 2012 TUN/TAP device tap0 opened
	78	+Fri Dec 7 15:03:02 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
	79	+Fri Dec 7 15:03:02 2012 /sbin/ifconfig tap0 10.63.131.1 netmask 255.255.0.0 mtu 1500 broadcast 10.63.255.255
	80	+Fri Dec 7 15:03:02 2012 Initialization Sequence Completed}}}
	81	+
	82	+
	83	+Termiate the session by pressing Ctrl-C in this terminal.
	84	+
	85	+
37	37	== Getting Started ==
38	38
39	39	To get VPN access you must set up a new VPN connection first. Click on the two arrow symbol (or the WiFi symbol - depending on which connection you are currently using) in the top right corner.