ITC VPN Instructions

From ITCwiki
Jump to navigation Jump to search

Some ITC lab equipment can be accessed via VPN connection to ITCnet. The OpenVPN software is used to securely connect to ITCnet from off campus locations. You will not be able to VPN into ITCnet from the IHCC campus network (wired or wireless).

Prerequisites

  • You must have an ITC domain account (contact your instructor for more information)
  • Your domain account must have VPN access enabled (contact your instructor for more information)
  • You must have a system which is supported by OpenVPN
  • You must have an account with administrative permissions on the system which you will be installing and running the OpenVPN client. OpenVPN modifies network drivers and system routing tables in a way which requires administrative permissions for both installation and operation of the client.
  • You must NOT be on a network which utilizes the 172.17.0.0/16 address space.

Windows Systems

Installation

Files

You will need to download an OpenVPN client for your system. If you are using a 64-bit system you SHOULD use a 64-bit client with 64-bit TUN/TAP virtual network adapter; 32-bit systems must use a 32-bit client. It is suggested that you use the latest version (2.3.2) unless you have problems in which case you may want to try the 2.2.2 version (only available in 32-bit).

You will also need the ITC OpenVPN configuration and certificate files.

Installation Steps

  1. Install the OpenVPN client software. Make a note of the installation directory (e.g. C:\Program Files\OpenVPN, for 32-bit on 64-bit system, C:\Program Files (x86)\OpenVPN)
    • Note: This installation will require administrative privileges as network drivers are being modified.
    • Note: Installation of the TAP network driver will temporarily cause your network connection to drop during the installation process. You may be notified of this with a warning dialog box during the install.
  2. Unpack the ITC OpenVPN configuration and certificate files to the config directory inside of the OpenVPN installation directory (e.g. C:\Program Files\OpenVPN\config). You should end up with an "IHCC-ITC" subdirectory with a few files in it inside of the config directory.
    • Note: Depending on your version of Windows you may need to have administrative permissions and/or confirm that you want to modify files in order to manipulate files inside of the C:\Program Files\ directory.
    • Note: The network adapter will self-identify as TAP-something, but we are using a routed connection and tunneling, reflected as dev-tun in the client config file.
    • Note: If you need Windows Explorer to delete or move files, say in the event of uninstalling/reinstalling, run it as Administrator.
  3. Your installation is now complete and you should be able to launch OpenVPN and connect following the instructions in the connection section of this guide.

Connection

  1. Launch the "OpenVPN GUI" program which can be found in your Start Menu or Start Screen.
    • Note: The OpenVPN GUI MUST be started with administrative permissions each time it is run. On Windows Vista/7/8 this means you will need to click "Yes" on a UAC dialog box when the program starts. By default the program is not setup to ask for administrative permission but it will not work properly without it. You can set the program to always run with administrative permissions by navigating to the bin directory inside of the OpenVPN installation directory (e.g. C:\Program Files\OpenVPN\bin) and right clicking on openvpn-gui.exe and selecting Properties. On the Compatibility tab of the properties dialog box place a checkmark next to "Run this program as an administrator" and click "OK". From now on anytime you run the OpenVPN GUI program you will be prompted with a UAC dialog to allow the program to "Run as Administrator".
  2. You should now have an OpenVPN icon in your system tray (by the clock). The unconnected icon looks like two computers with red screens and a globe between them.
  3. Right click on the OpenVPN icon in the system tray and choose "Connect" from the context menu.
    • Hint: If you don't see a "Connect" option you probably have not correctly installed the ITC OpenVPN configuration files. Refer to the installation section of this guide for instructions on installing these files.
  4. Enter your ITC domain credentials in the provided dialog box and click OK.
  5. You should see the log scroll by as the connection is made.
  6. Once the connection is complete the log dialog box should go away by itself and the OpenVPN tray icon should now show two computers with green screens and a globe between them.
  7. You can verify that you have connected to ITCnet by opening a command prompt and pinging 172.17.99.1 which is a router on ITCnet and you should receive replies back.
  8. You should now be able to access all ITCnet resources in the same way as when you are seated in the ITC labs connected to ITCnet.
  9. When you are finished with your session you should disconnect from ITCnet by right clicking on the OpenVPN tray icon and selecting disconnect.
  10. You can then exit the GUI client or leave it idle in the background, still visible in the system tray, until you need to connect again.

Other Operating Systems

If OpenVPN has a client available for your OS you should be able to use it to connect. Clients are available for at least Mac, Linux, and Android. In addition to the client software for your OS you will need the ITC OpenVPN configuration and certificate files. The ITC lab assistant MAY be able to provide assistance getting clients operational on alternative platforms but be aware it will probably require some trial and error on your part.