Difference between revisions of "VPN Service"
Difference between revisions of "VPN Service"
(→Gnome Configuration: Added screenshots from Debian 8 Stable "Jessie".) |
(Add to HowTo category) |
||
(4 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
[[Category:Services]] | [[Category:Services]] | ||
+ | [[Category:HowTo]] | ||
'''VPN Service''' can give access to internal network of labaki for remote members. All you need is an openvpn client and enabled LABaki credentials. This service can also be used to tunnel your internet requests through LABaki. This should not be enabled by default as it produces uneeded traffic to LABaki but it is a robust way to gain full internet access in restricted enviroments. | '''VPN Service''' can give access to internal network of labaki for remote members. All you need is an openvpn client and enabled LABaki credentials. This service can also be used to tunnel your internet requests through LABaki. This should not be enabled by default as it produces uneeded traffic to LABaki but it is a robust way to gain full internet access in restricted enviroments. | ||
Line 5: | Line 6: | ||
In any type of OpenVPN client you will need the CA certificate. Copy-paste the following lines in a file named '''labaki-openvpn-ca.crt''' before continuing configure OpenVPN client. | In any type of OpenVPN client you will need the CA certificate. Copy-paste the following lines in a file named '''labaki-openvpn-ca.crt''' before continuing configure OpenVPN client. | ||
+ | Download [https://owncloud.tolabaki.gr/index.php/s/lWCgrh6L1OLvJKD link] | ||
<pre> | <pre> | ||
-----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | ||
Line 28: | Line 30: | ||
-----END CERTIFICATE----- | -----END CERTIFICATE----- | ||
</pre> | </pre> | ||
+ | |||
=== Plain-Text OpenVPN configuration === | === Plain-Text OpenVPN configuration === | ||
If you have a client that accepts plain-text OpenVPN configuration then you can copy-paste the following text to a configuration file like '''labaki-vpn.conf'''. | If you have a client that accepts plain-text OpenVPN configuration then you can copy-paste the following text to a configuration file like '''labaki-vpn.conf'''. | ||
+ | <p>Download [https://owncloud.tolabaki.gr/index.php/s/kD8hVHOrPHaiSlQ link] | ||
<pre> | <pre> | ||
client | client | ||
Line 57: | Line 61: | ||
After you have installed OpenVPN plugin, open the network settings: | After you have installed OpenVPN plugin, open the network settings: | ||
− | (For the most recent Gnome 3.14, which comes with the new stable Debian 8 "Jessie", look [[#Gnome 3.14 Configuration | below]].) | + | |
+ | ('''For the most recent Gnome 3.14, which comes with the new stable Debian 8 "Jessie", look [[#Gnome 3.14 Configuration | below]].''') | ||
==== Create new VPN interface ==== | ==== Create new VPN interface ==== | ||
[[File:Labaki_vpn_step1.png| |]] | [[File:Labaki_vpn_step1.png| |]] |
Latest revision as of 21:00, 1 October 2017
VPN Service can give access to internal network of labaki for remote members. All you need is an openvpn client and enabled LABaki credentials. This service can also be used to tunnel your internet requests through LABaki. This should not be enabled by default as it produces uneeded traffic to LABaki but it is a robust way to gain full internet access in restricted enviroments.
Contents
OpenVPN Configuration[edit]
In any type of OpenVPN client you will need the CA certificate. Copy-paste the following lines in a file named labaki-openvpn-ca.crt before continuing configure OpenVPN client.
Download link
-----BEGIN CERTIFICATE----- MIIDaTCCAtKgAwIBAgIJAOLJSHklCJs2MA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD VQQGEwJHUjEOMAwGA1UECBMFQ3JldGUxEzARBgNVBAcTCkhlcmFrbGVpb24xEjAQ BgNVBAoTCVRvIExBQmFraTEVMBMGA1UEAxMMVG8gTEFCYWtpIENBMSEwHwYJKoZI hvcNAQkBFhJzYWxvbmlAdG9sYWJha2kuZ3IwHhcNMTExMTE5MjIzMDI5WhcNMjEx MTE2MjIzMDI5WjCBgDELMAkGA1UEBhMCR1IxDjAMBgNVBAgTBUNyZXRlMRMwEQYD VQQHEwpIZXJha2xlaW9uMRIwEAYDVQQKEwlUbyBMQUJha2kxFTATBgNVBAMTDFRv IExBQmFraSBDQTEhMB8GCSqGSIb3DQEJARYSc2Fsb25pQHRvbGFiYWtpLmdyMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0/9f5SHglvAv5dY2PgWzwRx8Gtx+C Xd1HdHUKRnuTGk7uPyC4bfaTD1kHXo8kZm6jlMjYgBGiXyOL/GFBO4WbEZdaABL1 abdUt3tMx93g/MkHEpOxPs1t4iH9u+ZZFG6bXIXSyz6uTirnA/AVc4wDCAo/M5P6 awcp2rxAR1ecHQIDAQABo4HoMIHlMB0GA1UdDgQWBBQku4VQlRgsRt+1p+sZVszL bFV/bDCBtQYDVR0jBIGtMIGqgBQku4VQlRgsRt+1p+sZVszLbFV/bKGBhqSBgzCB gDELMAkGA1UEBhMCR1IxDjAMBgNVBAgTBUNyZXRlMRMwEQYDVQQHEwpIZXJha2xl aW9uMRIwEAYDVQQKEwlUbyBMQUJha2kxFTATBgNVBAMTDFRvIExBQmFraSBDQTEh MB8GCSqGSIb3DQEJARYSc2Fsb25pQHRvbGFiYWtpLmdyggkA4slIeSUImzYwDAYD VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCO9YoXGMd4Yp2Cf4HUWGRNP/tg n3zVMVuXLILPZRIvxqTJHyWVCcdXGIllEgX4wZ+PvtjtFAGC9AOrQlCQMUsxuouj xzRbSFTAWyYEnlDBOJ36577vaa/Dvrz98+k8/C6uUmHmdMBPxpR1ee4K/rzGDr6x ZR3C2CYa5TLJJA64VA== -----END CERTIFICATE-----
Plain-Text OpenVPN configuration[edit]
If you have a client that accepts plain-text OpenVPN configuration then you can copy-paste the following text to a configuration file like labaki-vpn.conf.
Download link
client dev tap remote vpn.tolabaki.gr 443 proto tcp ca labaki-openvpn-ca.crt auth-user-pass
To connect to VPN then execute
openvpn labaki-vpn.conf
If you run linux and you don't have root privileges then you need to prefix command with sudo.
sudo openvpn labaki-vpn.conf
When the client starts it will ask for username and password. You must give the same credentials as the one you use to login at wiki/email or any other LABaki service.
Sat Oct 26 15:22:37 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 4 2013 Enter Auth Username: example-user Enter Auth Password:
Gnome Configuration[edit]
Gnome network-manager comes with built in support to various VPN subsystems. You have to ensure though, that the needed plugins are installed on your system.
You can either install the needed software through your favourite package management tool (e.g. Synaptic) or on Debian/Ubuntu/Mint you can install the needed OpenVPN support by running
sudo apt-get install network-manager-openvpn-gnome
After you have installed OpenVPN plugin, open the network settings:
(For the most recent Gnome 3.14, which comes with the new stable Debian 8 "Jessie", look below.)
Create new VPN interface[edit]
- Press + button to add a new interface and choose VPN
- Choose OpenVPN on the type and press Create
- Setup a friendly name for the vpn
- Set gateway to vpn.tolabaki.gr
- Change authentication type to password
- Put your LABaki username
- Put your LABaki password and choose saved if you want to store the password
- Choose the certificate file that you saved in the very first step of this guide.
- Click Advanced to setup more options
- Enable custom port and set it to 443
- Enable TCP mode.
- Enable TAP device.
- Choose IPv4 Settings Tab
- Select Automatic (VPN) addresses only
- Add DNS Servers 10.176.0.10,10.176.0.11
- Click on the Routes button
By default VPN subsystem tunnels all traffic through the VPN connection. It is advised to NOT use this feature unless you really need to use Internet through LABaki (restricted environments).
- Ensure that is checked Use this connection only for resources on its network
Gnome 3.14 Configuration[edit]
