Differences between revisions 5 and 49 (spanning 44 versions)
Revision 5 as of 2015-01-20 19:19:00
Size: 765
Editor: scot
Comment:
Revision 49 as of 2024-10-21 15:42:02
Size: 3503
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= The school of Computing uses OpenVPN = = The School of Computing uses OpenVPN =
Line 3: Line 3:
If you have an account on the CS domain, you may access campus resources through our VPN server. '''UPDATE: 2024-10-17: Download the new .ovpn file if you are having trouble logging in and getting certificate errors. It has been updated below and is [[attachment:OpenVPN2024.ovpn|here]] for your convenience.'''

If you have an account on the CS domain, you may access campus resources through our VPN server.

== IMPORTANT NOTE: ==
 1. As of Fall 2023, you must have '''OpenVPN GUI 2.5.X''' or later installed or your connection may fail to connect (Not sure what the versions for other clients are, but you should be safe with the latest version). If you get a fail to connect message on Windows, '''uninstall your version of OpenVPN GUI and install the one below.''' If you have a MAC, make sure you are on the latest version of the client.
 1. We are using 2FA!!! If you had an account before, you probably don't anymore. See Dr. A about getting an account - needs to be in person.

== Everyone Prerequisite ==

 1. Install an authenticator app if you don't have one (Most of you will have the Microsoft Authenticator app installed.
 1. In the Authenticator app, click the + to add a new account.
 1. Select "Other Account..."
 1. Point your phone at the QR code that you received (or are looking at because you are in my office) OR enter the SECRET that you got in your email.
 1. It recognized it? Good! Move on to your specific platform directions below.
Line 7: Line 21:
 1. Install: [[attachment:firewall-udp-1194-install.exe]]  1. Install: [[attachment:OpenVPN2024-x64.exe|Windows Installer x64]]
 1. '''Run OpenVPN GUI as administrator''' when you install - this is required or your connection will not work. Ever after that you should not have to run it as administrator.
Line 9: Line 24:
 1. Enter your CS username and Password
 1. If you have problems try again running the program as administrator 
 1. Enter your southern username '''without''' the @southern.edu.
 1. Enter your pin followed by your Time-based One Time
Password (TOTP) from the Authenticator app as your password
 1. If you have problems try again running the program as administrator
Line 12: Line 28:
== MAC and Other == == OS X/Android and others ==
Line 14: Line 30:
 1. Download and install tunnelblick from https://code.google.com/p/tunnelblick/ or use your favorite OpenVPN client
 1. Download [[attachment:firewall-udp-1194-config.ovpn]]
 1. Double click the file and it will start OpenVPN with the configuration.
 1. Connect or disconnect using the icon running on the right side of the menu bar.
For Mac:

 1. Download and install Tunnelblick from https://tunnelblick.net/ or use your favorite OpenVPN client
 1. Download the .opvn file [[attachment:OpenVPN2024.ovpn]] or use the [[attachment:OpenVPN2024-visc-mac.zip|Viscosity Bundle]]
 1. Double-click the .ovpn file. This will add the configuration to Tunnelblick.
 1. Connect or disconnect using the icon running on the right side of the menu bar.
 1. Enter your southern username '''without''' the @southern.edu.
 1. Enter your pin followed by your Time-based One Time Password (TOTP) from the Authenticator app as your password

For Linux/Android/Others:
 1. [[https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-linux/|Ubuntu and somewhat generic instructions]]

= Troubleshooting =

'''Problem''': Your connection yo-yo's up and down every 60 seconds.

'''Solution''': You are connected to the VPN with two computers using the same account. Disconnect from the VPN on one of your computers.

----

'''Problem''': You want to use the VPN for traffic that goes to the school, but not for any other traffic.

'''Solution''': Add the following lines to your config file.

{{{
pull-filter ignore "redirect-gateway"
route 10.10.0.0 255.255.0.0 vpn_gateway
}}}

 1. Does not consider the server redirect-gateway in order to avoid all traffic through VPN Gateway
 1. Re-add the CS network you need to reach from client through VPN Gateway

The School of Computing uses OpenVPN

UPDATE: 2024-10-17: Download the new .ovpn file if you are having trouble logging in and getting certificate errors. It has been updated below and is here for your convenience.

If you have an account on the CS domain, you may access campus resources through our VPN server.

IMPORTANT NOTE:

  1. As of Fall 2023, you must have OpenVPN GUI 2.5.X or later installed or your connection may fail to connect (Not sure what the versions for other clients are, but you should be safe with the latest version). If you get a fail to connect message on Windows, uninstall your version of OpenVPN GUI and install the one below. If you have a MAC, make sure you are on the latest version of the client.

  2. We are using 2FA!!! If you had an account before, you probably don't anymore. See Dr. A about getting an account - needs to be in person.

Everyone Prerequisite

  1. Install an authenticator app if you don't have one (Most of you will have the Microsoft Authenticator app installed.
  2. In the Authenticator app, click the + to add a new account.
  3. Select "Other Account..."
  4. Point your phone at the QR code that you received (or are looking at because you are in my office) OR enter the SECRET that you got in your email.
  5. It recognized it? Good! Move on to your specific platform directions below.

Windows

  1. Install: Windows Installer x64

  2. Run OpenVPN GUI as administrator when you install - this is required or your connection will not work. Ever after that you should not have to run it as administrator.

  3. Right click the icon in the system tray and click connect
  4. Enter your southern username without the @southern.edu.

  5. Enter your pin followed by your Time-based One Time Password (TOTP) from the Authenticator app as your password
  6. If you have problems try again running the program as administrator

OS X/Android and others

For Mac:

  1. Download and install Tunnelblick from https://tunnelblick.net/ or use your favorite OpenVPN client

  2. Download the .opvn file OpenVPN2024.ovpn or use the Viscosity Bundle

  3. Double-click the .ovpn file. This will add the configuration to Tunnelblick.
  4. Connect or disconnect using the icon running on the right side of the menu bar.
  5. Enter your southern username without the @southern.edu.

  6. Enter your pin followed by your Time-based One Time Password (TOTP) from the Authenticator app as your password

For Linux/Android/Others:

  1. Ubuntu and somewhat generic instructions

Troubleshooting

Problem: Your connection yo-yo's up and down every 60 seconds.

Solution: You are connected to the VPN with two computers using the same account. Disconnect from the VPN on one of your computers.


Problem: You want to use the VPN for traffic that goes to the school, but not for any other traffic.

Solution: Add the following lines to your config file.

pull-filter ignore "redirect-gateway" 
route 10.10.0.0 255.255.0.0 vpn_gateway 
  1. Does not consider the server redirect-gateway in order to avoid all traffic through VPN Gateway
  2. Re-add the CS network you need to reach from client through VPN Gateway

NetworkConfiguration/OpenVpnConfiguration (last edited 2024-10-21 15:42:02 by scot)