Jump to: navigation, search

Difference between revisions of "VPN Service"

Difference between revisions of "VPN Service"

(Disable Internet Tunneling)
Line 76: Line 76:
# Enable TCP mode.
# Enable TCP mode.
# Enable TAP device.
# Enable TAP device.
==== Disable Internet Tunneling ====

Revision as of 13:10, 8 November 2013

VPN Service can give access to internal network of labaki for remote members. All you need is an openvpn client and enabled LABaki credentials. This service can also be used to tunnel your internet requests through LABaki. This should not be enabled by default as it produces uneeded traffic to LABaki but it is a robust way to gain full internet access in restricted enviroments.

OpenVPN Configuration

In any type of OpenVPN client you will need the CA certificate. Copy-paste the following lines in a file named labaki-openvpn-ca.crt before continuing configure OpenVPN client.


Plain-Text OpenVPN configuration

If you have a client that accepts plain-text OpenVPN configuration then you can copy-paste the following text to a configuration file like labaki-vpn.conf.

dev tap
remote vpn.tolabaki.gr 443
proto tcp
ca labaki-openvpn-ca.crt

To connect to VPN then execute

openvpn labaki-vpn.conf

If you run linux and you don't have root privileges then you need to prefix command with sudo.

sudo openvpn labaki-vpn.conf

When the client starts it will ask for username and password. You must give the same credentials as the one you use to login at wiki/email or any other LABaki service.

Sat Oct 26 15:22:37 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6]  [IPv6 payload 20110424-2 (2.2RC2)] built on Jun  4 2013
Enter Auth Username: example-user
Enter Auth Password:

Gnome Configuration

Gnome network-manager comes with built in support to various VPN subsystems. You have to ensure though, that the needed plugins are installed on your system.

On Debian/Ubuntu/Mint you can install the needed OpenVPN support by running

sudo apt-get install network-manager-openvpn-gnome

After you have installed OpenVPN plugin, open the network settings

Create new VPN interface

Labaki vpn step1.png

  1. Press + button to add a new interface and choose VPN
  2. Choose OpenVPN on the type and press Create

Labaki vpn step2.png

  1. Setup a friendly name for the vpn
  2. Set gateway to vpn.tolabaki.gr
  3. Change authentication type to password
  4. Put your LABaki username
  5. Put your LABaki password and choose saved if you want to store the password
  6. Choose the certificate file that you saved in the very first step of this guide.
  7. Click Advanced to setup more options

Labaki vpn step3.png

  1. Enable custom port and set it to 443
  2. Enable TCP mode.
  3. Enable TAP device.

Labaki vpn step4.png

  1. Choose IPv4 Settings Tab
  2. Select Automatic (VPN) addresses only
  3. Add DNS Servers,
  4. Click on the Routes button

By default VPN subsystem tunnels all traffic through the VPN connection. It is advised to NOT use this feature unless you really need to use Internet through LABaki (restricted environments).

Labaki vpn step5.png

  1. Ensure that is checked Use this connection only for resources on its network