Jump to: navigation, search

Difference between revisions of "VPN Service"

Difference between revisions of "VPN Service"

m (Plain-Text OpenVPN configuration)
(Create new VPN interface)
Line 66: Line 66:
 
# Setup a friendly name for the vpn
 
# Setup a friendly name for the vpn
 
# Set gateway to '''vpn.tolabaki.gr'''
 
# Set gateway to '''vpn.tolabaki.gr'''
# Change authentication type to password
+
# Change authentication type to '''password'''
# Put your LABaki username
+
# Put your LABaki '''username'''
# Put your LABaki password and choose '''saved''' if you want to store the password
+
# Put your LABaki '''password''' and choose '''saved''' if you want to store the password
# Choose the certificate file that you saved in the very first step of this guide.
+
# Choose the '''certificate''' file that you saved in the very first step of this guide.
 
# Click '''Advanced''' to setup more options
 
# Click '''Advanced''' to setup more options
 
----
 
----
Line 76: Line 76:
 
# Enable TCP mode.
 
# Enable TCP mode.
 
# Enable TAP device.
 
# Enable TAP device.
 +
==== Disable Internet Tunneling ====
 +
By default VPN subsystem tunnels all traffic through the VPN connection. It is adviced to '''NOT''' use this feature unless you really need to use Internet through LABaki (restricted enviroments).
 +
----
 +
[[File:Labaki_vpn_step4.png]]
 +
# Choose '''IPv4 Settings''' Tab
 +
# Click on the '''Routes''' button
 +
----
 +
[[File:Labaki_vpn_step5.png]]
 +
# Ensure that is checked '''Use this connection only for resources on its network'''

Revision as of 03:19, 27 October 2013

VPN Service can give access to internal network of labaki for remote members. All you need is an openvpn client and enabled LABaki credentials. This service can also be used to tunnel your internet requests through LABaki. This should not be enabled by default as it produces uneeded traffic to LABaki but it is a robust way to gain full internet access in restricted enviroments.

OpenVPN Configuration

In any type of OpenVPN client you will need the CA certificate. Copy-paste the following lines in a file named labaki-openvpn-ca.crt before continuing configure OpenVPN client.

-----BEGIN CERTIFICATE-----
MIIDaTCCAtKgAwIBAgIJAOLJSHklCJs2MA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD
VQQGEwJHUjEOMAwGA1UECBMFQ3JldGUxEzARBgNVBAcTCkhlcmFrbGVpb24xEjAQ
BgNVBAoTCVRvIExBQmFraTEVMBMGA1UEAxMMVG8gTEFCYWtpIENBMSEwHwYJKoZI
hvcNAQkBFhJzYWxvbmlAdG9sYWJha2kuZ3IwHhcNMTExMTE5MjIzMDI5WhcNMjEx
MTE2MjIzMDI5WjCBgDELMAkGA1UEBhMCR1IxDjAMBgNVBAgTBUNyZXRlMRMwEQYD
VQQHEwpIZXJha2xlaW9uMRIwEAYDVQQKEwlUbyBMQUJha2kxFTATBgNVBAMTDFRv
IExBQmFraSBDQTEhMB8GCSqGSIb3DQEJARYSc2Fsb25pQHRvbGFiYWtpLmdyMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0/9f5SHglvAv5dY2PgWzwRx8Gtx+C
Xd1HdHUKRnuTGk7uPyC4bfaTD1kHXo8kZm6jlMjYgBGiXyOL/GFBO4WbEZdaABL1
abdUt3tMx93g/MkHEpOxPs1t4iH9u+ZZFG6bXIXSyz6uTirnA/AVc4wDCAo/M5P6
awcp2rxAR1ecHQIDAQABo4HoMIHlMB0GA1UdDgQWBBQku4VQlRgsRt+1p+sZVszL
bFV/bDCBtQYDVR0jBIGtMIGqgBQku4VQlRgsRt+1p+sZVszLbFV/bKGBhqSBgzCB
gDELMAkGA1UEBhMCR1IxDjAMBgNVBAgTBUNyZXRlMRMwEQYDVQQHEwpIZXJha2xl
aW9uMRIwEAYDVQQKEwlUbyBMQUJha2kxFTATBgNVBAMTDFRvIExBQmFraSBDQTEh
MB8GCSqGSIb3DQEJARYSc2Fsb25pQHRvbGFiYWtpLmdyggkA4slIeSUImzYwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCO9YoXGMd4Yp2Cf4HUWGRNP/tg
n3zVMVuXLILPZRIvxqTJHyWVCcdXGIllEgX4wZ+PvtjtFAGC9AOrQlCQMUsxuouj
xzRbSFTAWyYEnlDBOJ36577vaa/Dvrz98+k8/C6uUmHmdMBPxpR1ee4K/rzGDr6x
ZR3C2CYa5TLJJA64VA==
-----END CERTIFICATE-----

Plain-Text OpenVPN configuration

If you have a client that accepts plain-text OpenVPN configuration then you can copy-paste the following text to a configuration file like labaki-vpn.conf.

client
dev tap
remote vpn.tolabaki.gr 443
proto tcp
ca labaki-openvpn-ca.crt
auth-user-pass

To connect to VPN then execute

openvpn labaki-vpn.conf

If you run linux and you don't have root privileges then you need to prefix command with sudo.

sudo openvpn labaki-vpn.conf

When the client starts it will ask for username and password. You must give the same credentials as the one you use to login at wiki/email or any other LABaki service.

Sat Oct 26 15:22:37 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6]  [IPv6 payload 20110424-2 (2.2RC2)] built on Jun  4 2013
Enter Auth Username: example-user
Enter Auth Password:

Gnome Configuration

Gnome network-manager comes with built in support to various VPN subsystems. You have to ensure though, that the needed plugins are installed on your system.

On Debian/Ubuntu/Mint you can install the needed OpenVPN support by running

sudo apt-get install network-manager-openvpn-gnome

After you have installed OpenVPN plugin, open the network settings

Create new VPN interface

Labaki vpn step1.png

  1. Press + button to add a new interface and choose VPN
  2. Choose OpenVPN on the type and press Create

Labaki vpn step2.png

  1. Setup a friendly name for the vpn
  2. Set gateway to vpn.tolabaki.gr
  3. Change authentication type to password
  4. Put your LABaki username
  5. Put your LABaki password and choose saved if you want to store the password
  6. Choose the certificate file that you saved in the very first step of this guide.
  7. Click Advanced to setup more options

Labaki vpn step3.png

  1. Enable custom port and set it to 443
  2. Enable TCP mode.
  3. Enable TAP device.

Disable Internet Tunneling

By default VPN subsystem tunnels all traffic through the VPN connection. It is adviced to NOT use this feature unless you really need to use Internet through LABaki (restricted enviroments).


Labaki vpn step4.png

  1. Choose IPv4 Settings Tab
  2. Click on the Routes button

Labaki vpn step5.png

  1. Ensure that is checked Use this connection only for resources on its network