OpenVPN
Contents
Download certificate
Visit https://openvpn.imm.dtu.dk and use your DTU initials to log in.
Here you will be presented with two options:
Download old: should be used if you would like to redownload your existing certificate. E.g. if you would like to put it on multiple computers.
Download new: should be used if don't already have a certificate or if you would like to block your previous certificate (revoke your old certificate) and get a new certificate.
Linux
Connecting using commandline
unzip openvpn-mttj-2372ce1bea8340915a4129952a25a2d3235197d0.zip cd openvpn-mttj/Linux sudo openvpn --config client.conf
Connecting using GUI
- Open "Network Connections".
- Select the VPN tab and click Add.
- Select OpenVPN
On the VPN tab set the following values
Gateway: openvpn.imm.dtu.dk Type: password with Certificates (TLS) Username: Your IMM username Password: Your IMM password User Certificate: mttj--20120305133738.crt CACertificate: ca.crt Private Key: mttj--20120305133738.key
On the VPN tab click Advanced and set the following values
Use LZO data compression: TRUE
Verify VPN connection is working
ssh your_username_here@serv1.imm.dtu.dk echo $SSH_CLIENT
If the return IP address is
130.225.68.58 54448 22
then the VPN connection is working, and you can now exit the SSH connection. The second value (54448) may differ.
Or your can test that the VPN connection is working by opening a Nautilus window. Press CTRL-L and type
smb://nas1.imm.dtu.dk
You will be prompted for:
Username: Enter the username that works for SunRay terminals and IMM's Linux servers Domain: win Password: your password
If success you will be able to see several shares.
Windows
- Connect to: https://openvpn.imm.dtu.dk and authenticate using DTUlogin. Click the Download link.
- Unpack the zip file and open the Windows folder
- Run setup.exe and click "Install"
- Click "Yes" to install TAP-Win32 Provider V9 Network adapter when prompted (in Windows XPchoose "Continue Anyway")
- Click "Next", then locate the cert.zip file in the Windows folder using button "Locate your OpenVPN configuration...", click "Next" and "Close" and OpenVPN is installed.
- On the desktop right-click the OpenVPN GUI icon andgo to Properties - Compatibility: Mark "Run this program as an administrator"
NB: If OpenVPN is already installed and you only need to update cert files, either run the setup.exe again or unpack cert.zip and move the cert files to the config folder:
C:\Program Files\OpenVPN\config
On Windows 7 64 bit:
C:\Program Files (x86)\OpenVPN\config
Now run OpenVPN - in the taskbar right-click OpenVPNicon and choose Connect. Login using your DTUusername and password.
Verify VPN connection is working
Type:
\\nas1.imm.dtu.dk
as the location in a window. If you see several shares, then the VPN connection is working.
If you want to access your private home directory, then type
\\nas1.imm.dtu.dk\home\your_username_here
Mac (tested on 10.7.3)
Install Tunnelblick for Mac (tested on 3.2beta30+) from http://tunnelblick.net (Tunnelblick is free software: you can redistribute it and/or modify it under the terms of the |GNU General Public License version 2 as published by the |Free Software Foundation.)
Once installed - follow the Tunnelblick guides on How To Add a Configuration.
BUT start with downloading a Certificat here https://openvpn.imm.dtu.dk
Once authentificated, download the zipped certificate
Once downloaded, unzip it to any folder. THEN you are back info the Tunnelblick-guide on how-to-create-a-connection, and NOW you have the configuration files.
Place them in the opened folder, and you are ready.
Click on Tunnelblick icon in top bar and connect using your DTU login.
ps - you might want to rename the connection just created - "client" is not a very good name, but you cannot do this while connected.
Test your connection: use Finder to connect to server: smb://nas1.imm.dtu.dk
You will be prompted for:
Username: Enter the same username that works for SunRay terminals and IMM's Linux servers Domain: win Password: your password
If success you will be able to see several shares. If you should do anything wrong - or a new cetificate should be issued, just delete the connection and create a new one with the proper certificate etc.
Android
At the moment (may 2012) FEAT VPN is the only android client which does not require root and works with openvpn.
There is a free Lite version, which can run 1 hour a day and a paid version without limits which costs about 25 kr.
It will give you a VPN connection to IMMs network. If you install apps for it, it may give you access to your files on the fileserver nas1.imm.dtu.dk (with i.e. ASTRO File Manager) or remote desktop access to a PC connected to IMMs network, but it will not enable you to print to IMMs printers (unless you find an app which can communicate with a CUPS printserver).
To set it up:
- Connect to: https://openvpn.imm.dtu.dk and authenticate using DTUlogin. Click the Download link.
- Unpack the zip file and open the Windows folder
- Copy the certs.zip file to you phone
- Follow the instructions on the FEAT website for general setup and then add the tunnel following: http://www.featvpn.com/07-adding-and-editing-vpn-tunnels
Known problems: If you change between different wireless networks or between phone network and wireless, you may have to stop and start the service.