ITC VPN Instructions: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
(update for new configuration file location)
Line 16: Line 16:
*[http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.8-I001-i686.exe OpenVPN 2.3.8 32-bit for Windows XP]
*[http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.8-I001-i686.exe OpenVPN 2.3.8 32-bit for Windows XP]
*[https://tunnelblick.net/downloads.html TunnelBlick for Mac OS X] (should work, but unsupported by ITC)
*[https://tunnelblick.net/downloads.html TunnelBlick for Mac OS X] (should work, but unsupported by ITC)
You will also need the [http://netacad.inverhills.edu/files/vpn/IHCC-ITC.zip ITC OpenVPN configuration and certificate files].
You will also need the [https://wiki.ihitc.net/IHCC-ITC.ovpn ITC OpenVPN configuration file].


===Installation Steps===
===Installation Steps===
Line 23: Line 23:
#* Note: This installation will require administrative privileges as network drivers are being modified.
#* Note: This installation will require administrative privileges as network drivers are being modified.
#* Note: Installation of the TAP network driver will temporarily cause your network connection to drop during the installation process. You may be notified of this with a warning dialog box during the install.
#* Note: Installation of the TAP network driver will temporarily cause your network connection to drop during the installation process. You may be notified of this with a warning dialog box during the install.
# Unpack the [http://netacad.inverhills.edu/files/vpn/IHCC-ITC.zip ITC OpenVPN configuration and certificate files] to the config directory inside of the OpenVPN installation directory (e.g. C:\Program Files\OpenVPN\config). You should end up with an "IHCC-ITC" subdirectory with a few files in it inside of the config directory.
# Download and copy the [https://wiki.ihitc.net/IHCC-ITC.ovpn ITC OpenVPN configuration file] to the config directory inside of the OpenVPN installation directory (e.g. C:\Program Files\OpenVPN\config).
#* Note: Depending on your version of Windows you may need to have administrative permissions and/or confirm that you want to modify files in order to manipulate files inside of the C:\Program Files\ directory.
#* Note: Depending on your version of Windows you may need to have administrative permissions and/or confirm that you want to modify files in order to manipulate files inside of the C:\Program Files\ directory.
#* Note: The network adapter will self-identify as TAP-something, but we are using a routed connection and tunneling, reflected as '''dev-tun''' in the client config file.
#* Note: The network adapter will self-identify as TAP-something, but we are using a routed connection and tunneling, reflected as '''dev-tun''' in the client config file.
Line 32: Line 32:
# Launch the "OpenVPN GUI" program which can be found in your Start Menu or Start Screen.
# Launch the "OpenVPN GUI" program which can be found in your Start Menu or Start Screen.
#* Note: The OpenVPN GUI MUST be started with administrative permissions each time it is run. On Windows Vista/7/8 this means you will need to click "Yes" on a UAC dialog box when the program starts. By default the program is not setup to ask for administrative permission but it will not work properly without it. You can set the program to always run with administrative permissions by navigating to the bin directory inside of the OpenVPN installation directory (e.g. C:\Program Files\OpenVPN\bin) and right clicking on openvpn-gui.exe and selecting Properties. On the Compatibility tab of the properties dialog box place a checkmark next to "Run this program as an administrator" and click "OK". From now on anytime you run the OpenVPN GUI program you will be prompted with a UAC dialog to allow the program to "Run as Administrator".
#* Note: The OpenVPN GUI MUST be started with administrative permissions each time it is run. On Windows Vista/7/8 this means you will need to click "Yes" on a UAC dialog box when the program starts. By default the program is not setup to ask for administrative permission but it will not work properly without it. You can set the program to always run with administrative permissions by navigating to the bin directory inside of the OpenVPN installation directory (e.g. C:\Program Files\OpenVPN\bin) and right clicking on openvpn-gui.exe and selecting Properties. On the Compatibility tab of the properties dialog box place a checkmark next to "Run this program as an administrator" and click "OK". From now on anytime you run the OpenVPN GUI program you will be prompted with a UAC dialog to allow the program to "Run as Administrator".
#* Note: If you don't want to be prompted every time to run as administrator you can create a "Scheduled Task" in Windows which will automatically run the OpenVPN program with administrative permissions every time you log in to the system. There are some security implications on your computer if you do this. See the tutorial video for further information.
# You should now have an OpenVPN icon in your system tray (by the clock). The unconnected icon looks like two computers with red screens and a globe between them.
# You should now have an OpenVPN icon in your system tray (by the clock). The unconnected icon looks like two computers with red screens and a globe between them.
# Right click on the OpenVPN icon in the system tray and choose "Connect" from the context menu.
# Right click on the OpenVPN icon in the system tray and choose "Connect" from the context menu.
Line 44: Line 45:


=Other Operating Systems=
=Other Operating Systems=
If OpenVPN has a client available for your OS you should be able to use it to connect. Clients are available for at least Mac, Linux, and Android. In addition to the client software for your OS you will need the [http://www.ihcc-netacad.net/files/vpn/IHCC-ITC.zip ITC OpenVPN configuration and certificate files]. The ITC lab assistant MAY be able to provide assistance getting clients operational on alternative platforms but be aware it will probably require some trial and error on your part.
If OpenVPN has a client available for your OS you should be able to use it to connect. Clients are available for at least Mac, Linux, and Android. In addition to the client software for your OS you will need the [https://wiki.ihitc.net/IHCC-ITC.ovpn ITC OpenVPN configuration file]. The ITC lab assistant MAY be able to provide assistance getting clients operational on alternative platforms but be aware it will probably require some trial and error on your part.

Revision as of 21:22, 13 January 2016

Some ITC lab equipment can be accessed via VPN connection to ITCnet. The OpenVPN software is used to securely connect to ITCnet from off campus locations. You will not be able to VPN into ITCnet from the IHCC campus network (wired or wireless).

Prerequisites

  • You must have an ITC domain account (contact your instructor for more information)
  • Your domain account must have VPN access enabled (contact your instructor for more information)
  • You must have a system which is supported by OpenVPN
  • You must have an account with administrative permissions on the system which you will be installing and running the OpenVPN client. OpenVPN modifies network drivers and system routing tables in a way which requires administrative permissions for both installation and operation of the client.
  • You will not be able to use OpenVPN for connecting to ITC when your local system is connected to the internet using the IHCC campus network, wired or wireless. Such use is blocked by design.

Windows Systems

Installation

Files

You will need to download an OpenVPN client for your system. If you are using a 64-bit system you SHOULD use a 64-bit client with 64-bit TUN/TAP virtual network adapter; 32-bit systems must use a 32-bit client. It is suggested that you use the latest version (2.3.8) unless you encounter problems in which case you may want to try an older one.

You will also need the ITC OpenVPN configuration file.

Installation Steps

  • A video tutorial of the installation is available here
  1. Install the OpenVPN client software. Make a note of the installation directory (e.g. C:\Program Files\OpenVPN, for 32-bit on 64-bit system, C:\Program Files (x86)\OpenVPN)
    • Note: This installation will require administrative privileges as network drivers are being modified.
    • Note: Installation of the TAP network driver will temporarily cause your network connection to drop during the installation process. You may be notified of this with a warning dialog box during the install.
  2. Download and copy the ITC OpenVPN configuration file to the config directory inside of the OpenVPN installation directory (e.g. C:\Program Files\OpenVPN\config).
    • Note: Depending on your version of Windows you may need to have administrative permissions and/or confirm that you want to modify files in order to manipulate files inside of the C:\Program Files\ directory.
    • Note: The network adapter will self-identify as TAP-something, but we are using a routed connection and tunneling, reflected as dev-tun in the client config file.
    • Note: If you need Windows Explorer to delete or move files, say in the event of uninstalling/reinstalling, run it as Administrator.
  3. Your installation is now complete and you should be able to launch OpenVPN and connect following the instructions in the connection section of this guide.

Connection

  1. Launch the "OpenVPN GUI" program which can be found in your Start Menu or Start Screen.
    • Note: The OpenVPN GUI MUST be started with administrative permissions each time it is run. On Windows Vista/7/8 this means you will need to click "Yes" on a UAC dialog box when the program starts. By default the program is not setup to ask for administrative permission but it will not work properly without it. You can set the program to always run with administrative permissions by navigating to the bin directory inside of the OpenVPN installation directory (e.g. C:\Program Files\OpenVPN\bin) and right clicking on openvpn-gui.exe and selecting Properties. On the Compatibility tab of the properties dialog box place a checkmark next to "Run this program as an administrator" and click "OK". From now on anytime you run the OpenVPN GUI program you will be prompted with a UAC dialog to allow the program to "Run as Administrator".
    • Note: If you don't want to be prompted every time to run as administrator you can create a "Scheduled Task" in Windows which will automatically run the OpenVPN program with administrative permissions every time you log in to the system. There are some security implications on your computer if you do this. See the tutorial video for further information.
  2. You should now have an OpenVPN icon in your system tray (by the clock). The unconnected icon looks like two computers with red screens and a globe between them.
  3. Right click on the OpenVPN icon in the system tray and choose "Connect" from the context menu.
    • Hint: If you don't see a "Connect" option you probably have not correctly installed the ITC OpenVPN configuration files. Refer to the installation section of this guide for instructions on installing these files.
  4. Enter your ITC domain credentials in the provided dialog box and click OK.
  5. You should see the log scroll by as the connection is made.
  6. Once the connection is complete the log dialog box should go away by itself and the OpenVPN tray icon should now show two computers with green screens and a globe between them.
  7. You can verify that you have connected to ITCnet by opening a command prompt and pinging 172.17.99.1 which is a router on ITCnet and you should receive replies back.
  8. You should now be able to access all ITCnet resources in the same way as when you are seated in the ITC labs connected to ITCnet.
  9. When you are finished with your session you should disconnect from ITCnet by right clicking on the OpenVPN tray icon and selecting disconnect.
  10. You can then exit the GUI client or leave it idle in the background, still visible in the system tray, until you need to connect again.

Other Operating Systems

If OpenVPN has a client available for your OS you should be able to use it to connect. Clients are available for at least Mac, Linux, and Android. In addition to the client software for your OS you will need the ITC OpenVPN configuration file. The ITC lab assistant MAY be able to provide assistance getting clients operational on alternative platforms but be aware it will probably require some trial and error on your part.