OpenVPN
Contents
Download certificate
Visit https://openvpn.imm.dtu.dk and use your DTU initials to log in.
Here you will be presented with two options:
Download old: should be used if you would like to redownload your existing certificate. E.g. if you would like to put it on multiple computers.
Download new: should be used if don't already have a certificate or if you would like to block your previous certificate (revoke your old certificate) and get a new certificate.
Linux
Connecting using commandline
unzip openvpn-mttj-2372ce1bea8340915a4129952a25a2d3235197d0.zip cd openvpn-mttj/Linux sudo openvpn --config client.conf
Connecting using GUI
- Open "Network Connections".
- Select the VPN tab and click Add.
- Select OpenVPN
On the VPN tab set the following values
Gateway: openvpn.imm.dtu.dk Type: password with Certificates (TLS) Username: Your DTU Compute username Password: Your DTU Compute password User Certificate: mttj--20120305133738.crt CACertificate: ca.crt Private Key: mttj--20120305133738.key
On the VPN tab click Advanced and set the following values
Use LZO data compression: TRUE
Verify VPN connection is working
ssh your_username_here@serv1.imm.dtu.dk echo $SSH_CLIENT
If the return IP address is
130.225.68.58 54448 22
then the VPN connection is working, and you can now exit the SSH connection. The second value (54448) may differ.
Or your can test that the VPN connection is working by opening a Nautilus window. Press CTRL-L and type
smb://nas1.imm.dtu.dk
You will be prompted for:
Username: Enter the username that works for SunRay terminals and DTU Compute's Linux servers Domain: win Password: your password
If success you will be able to see several shares.
Windows
- Connect to: https://openvpn.imm.dtu.dk and authenticate using DTUlogin. Click the Download link.
- Unpack the zip file and browse to the "Windows" folder
- Run setup.exe and click "Install"
- Click "Yes" to install TAP-Win32 Provider V9 Network adapter when prompted (in Windows XP choose "Continue Anyway")
- Click "Next", then locate the cert.zip file in the Windows folder using button "Locate your OpenVPN configuration...", click "Next" and "Close" and OpenVPN is installed.
- On the desktop right-click the OpenVPN GUI icon andgo to Properties - Compatibility: Mark "Run this program as an administrator"
NB: If OpenVPN is already installed and you only need to update cert files, either run the setup.exe again or unpack cert.zip and move the cert files to the config folder:
C:\Program Files\OpenVPN\config
On Windows 7 64 bit:
C:\Program Files (x86)\OpenVPN\config
Now run OpenVPN - in the taskbar right-click OpenVPNicon and choose Connect. Login using your DTUusername and password.
Verify VPN connection is working
Type:
\\nas1.imm.dtu.dk
as the location in a window. If you see several shares, then the VPN connection is working.
If you want to access your private home directory, then type
\\nas1.imm.dtu.dk\home\your_username_here or \\nas1.imm.dtu.dk\winhome\your_username_here
Note: Username must be prefixed with WIN\ (e.g. "WIN\abcd")
Mac (tested on 10.8.2)
Install Tunnelblick 3.3beta21a (build 3114.1) from http://tunnelblick.net (Tunnelblick is free software: you can redistribute it and/or modify it under the terms of the |GNU General Public License version 2 as published by the |Free Software Foundation.)
PLEASE NOTE THE HOMEPAGE - They are pretty good at telling you what version to download/install - - - - - - - > - - - - > - - - -
Once installed - follow the Tunnelblick guides on How To Add a Configuration.
Start with downloading a Certificat here https://openvpn.imm.dtu.dk
Once authentificated, download the zipped certificate
Once downloaded, unzip it to any folder. THEN you are back info the Tunnelblick-guide on how-to-create-a-connection, and NOW you have the configuration files.
Place them in the opened folder, and you are ready.
Click on Tunnelblick icon in top bar and connect using your DTU login.
ps - you might want to rename the connection just created - "client" is not a very good name, but you cannot do this while connected.
Test your connection: use Finder to connect to server: smb://nas1.imm.dtu.dk
You will be prompted for:
Username: Enter the same username that works for SunRay terminals and DTU Compute's Linux servers Domain: win Password: your password
If success you will be able to see several shares. If you should do anything wrong - or a new cetificate should be issued, just delete the connection and create a new one with the proper certificate etc.
Android
VPN will give you a VPN connection to DTU Compute's network. If you install apps for it, it may give you access to your files on the fileserver nas1.imm.dtu.dk (with i.e. ASTRO File Manager) or remote desktop access to a PC connected to DTU Compute's network, but it will not enable you to print to DTU Compute's printers (unless you find an app which can communicate with a CUPS printserver).
For Android 4.* you can use The app OpenVPN for Android
- Connect to: https://openvpn.imm.dtu.dk and authenticate using DTUlogin. Click the Download link.
- Unpack the zip file and open the Windows folder
- Unpack the certs.zip file and copy the contents to your phone - in the example they where copied to /sdcard0/files
Example setup:
Profile Name: IMM
Server Address: openvpn.imm.dtu.dk
Server Port: 1194 UDP
choose LZO
Type: User/PW + Certificates
Choose the certificates:
CA Certificate: /storage/sdcard0/files/ca.crt
Client Certificates: /storage/sdcard0/files/client.crt
Client Certificate Key: /storage/sdcard0/files/client.key
Username <your DTU windows login>
Password <enter your password>
Android versions before 4.0
The app FEAT VPN can be used for Android versions before 4.0. It does not require root and works with openvpn.
There is a free Lite version, which can run 1 hour a day and a paid version without limits which costs about 25 kr.
To set it up:
- Connect to: https://openvpn.imm.dtu.dk and authenticate using DTUlogin. Click the Download link.
- Unpack the zip file and open the Windows folder
- Copy the certs.zip file to you phone
- Follow the instructions on the FEAT website for general setup and then add the tunnel following: http://www.featvpn.com/07-adding-and-editing-vpn-tunnels
Known problems: If you change between different wireless networks or between phone network and wireless, you may have to stop and start the service.
