ITC VPN Instructions: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
 
(31 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Some ITC lab equipment can be accessed via VPN connection to ITCnet. The OpenVPN software is used to securely connect to ITCnet from off campus locations. You will not be able to VPN into ITCnet from the IHCC campus network (wired or wireless).
Some ITC lab equipment can be accessed via VPN connection to ITCnet. The OpenVPN software is used to securely connect to ITCnet from off campus locations or the eduroam wireless network on campus.


=Prerequisites=
=Prerequisites=
Line 5: Line 5:
* Your domain account must have VPN access enabled (contact your instructor for more information)
* Your domain account must have VPN access enabled (contact your instructor for more information)
* You must have a system which is supported by OpenVPN
* You must have a system which is supported by OpenVPN
* You must have an account with administrative permissions on the system which you will be installing and running the OpenVPN client. OpenVPN modifies network drivers and system routing tables in a way which requires administrative permissions for both installation and connection of the client.
* You must have an account with administrative permissions on the system which you will be installing and running the OpenVPN client. OpenVPN modifies network drivers and system routing tables in a way which requires administrative permissions for installation of the client.
* You must NOT be on a network which utilizes the 172.17.0.0/16 address space.
* If you want to connect via the wireless network on campus you need to be using the "eduroam" network. The VPN will not work from the unsecured "ihcc" network. For instructions on connecting to eduroam see the [[Connecting to Eduroam|eduroam connection page]].


=Windows Systems=
=Windows Systems=
==Installation==
==Installation==
===Files===
===Files===
You will need to download an OpenVPN client for your system. If you are using a 64-bit system you SHOULD use a 64-bit client with 64-bit TUN/TAP virtual network adapter; 32-bit systems must use a 32-bit client. It is suggested that you use the latest version (2.3.2) unless you have problems in which case you may want to try the 2.2.2 version (only available in 32-bit).
You will need to download an OpenVPN client for your system. It is suggested that you use the latest version (2.5.8) unless you encounter problems in which case you may want to try an older one.
*[http://www.ihcc-netacad.net/files/vpn/openvpn-install-2.3.2-I003-i686.exe OpenVPN 2.3.2 32-bit]
*[https://swupdate.openvpn.org/community/releases/OpenVPN-2.5.8-I601-amd64.msi OpenVPN 2.5.8 for Windows (64-bit)]
*[http://www.ihcc-netacad.net/files/vpn/openvpn-install-2.3.2-I003-x86_64.exe OpenVPN 2.3.2 64-bit]
*[https://tunnelblick.net/downloads.html TunnelBlick for Mac OS X] (should work, but unsupported by ITC) Note, you may need the most recent beta version in order to connect.
*[http://www.ihcc-netacad.net/files/vpn/openvpn-2.2.2-install.exe OpenVPN 2.2.2 32-bit]
*[https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=en OpenVPN for Android] (should work, but unsupported by ITC)
You will also need the [http://www.ihcc-netacad.net/files/vpn/IHCC-ITC.zip ITC OpenVPN configuration and certificate files].
You will also need the [https://wiki.ihitc.net/files/IHCC-ITC.ovpn ITC OpenVPN configuration file].


===Installation Steps===
===Installation Steps===
# Install the OpenVPN client software. Make a note of the installation directory (e.g. C:\Program Files\OpenVPN, for 32-bit on 64-bit system, C:\Program Files (x86)\OpenVPN)
* A video tutorial of the installation is [https://youtu.be/zSbtpbgKsd8 available here]
# Download and install the OpenVPN client software.
#* Note: This installation will require administrative privileges as network drivers are being modified.
#* Note: This installation will require administrative privileges as network drivers are being modified.
#* Note: Installation of the TAP network driver will temporarily cause your network connection to drop during the installation process. You may be notified of this with a warning dialog box during the install.
#* Note: Installation of the TAP network driver will temporarily cause your network connection to drop during the installation process. You may be notified of this with a warning dialog box during the install.
# Unpack the [http://www.ihcc-netacad.net/files/vpn/IHCC-ITC.zip ITC OpenVPN configuration and certificate files] to the config directory inside of the OpenVPN installation directory (e.g. C:\Program Files\OpenVPN\config). You should end up with an "IHCC-ITC" subdirectory with a few files in it inside of the config directory.
# Download the [https://wiki.ihitc.net/files/IHCC-ITC.ovpn ITC OpenVPN configuration file].
#* Note: Depending on your version of Windows you may need to have administrative permissions and/or confirm that you want to modify files in order to manipulate files inside of the C:\Program Files\ directory.
# Start the OpenVPN GUI application if it is not already running on your system.
#* Note: The network adapter will self-identify as TAP-something, but we are using a routed connection and tunneling, reflected as '''dev-tun''' in the client config file.
# Right-click on the OpenVPN GUI icon in your system tray (next to the clock, the icon looks like a computer with a padlock on it) and choose "Import File..."
#* Note: If you need Windows Explorer to delete or move files, say in the event of uninstalling/reinstalling, run it as Administrator.  
# Locate the IHCC-ITC.ovpn file which you previously downloaded.
# Your installation is now complete and you should be able to launch OpenVPN and connect following the instructions in the connection section of this guide.
# Your installation is now complete and you should be able to launch OpenVPN and connect following the instructions in the connection section of this guide.


==Connection==
==Connection==
# Launch the "OpenVPN GUI" program which can be found in your Start Menu or Start Screen.
* A video tutorial on the ITCnet VPN connection and disconnection process is [https://youtu.be/CoOVENnSGOQ available here].
#* Note: The OpenVPN GUI MUST be started with administrative permissions each time it is run. On Windows Vista/7/8 this means you will need to click "Yes" on a UAC dialog box when the program starts. By default the program is not setup to ask for administrative permission but it will not work properly without it. You can set the program to always run with administrative permissions by navigating to the bin directory inside of the OpenVPN installation directory (e.g. C:\Program Files\OpenVPN\bin) and right clicking on openvpn-gui.exe and selecting Properties. On the Compatibility tab of the properties dialog box place a checkmark next to "Run this program as an administrator" and click "OK". From now on anytime you run the OpenVPN GUI program you will be prompted with a UAC dialog to allow the program to "Run as Administrator".
# If it is not already started on your system launch the "OpenVPN GUI" program which can be found in your Start Menu or Start Screen.
# You should now have an OpenVPN icon in your system tray (by the clock). The unconnected icon looks like two computers with red screens and a globe between them.
# You should now have an OpenVPN icon in your system tray (by the clock). The unconnected icon looks like a computer with a padlock on it.
# Right click on the OpenVPN icon in the system tray and choose "Connect" from the context menu.
# Right click on the OpenVPN icon in the system tray and choose "Connect" from the context menu.
#* Hint: If you don't see a "Connect" option you probably have not correctly installed the ITC OpenVPN configuration files. Refer to the installation section of this guide for instructions on installing these files.
#* Hint: If you don't see a "Connect" option you probably have not correctly installed the ITC OpenVPN configuration file. Refer to the installation section of this guide for instructions on installing this file.
# Enter your ITC domain credentials in the provided dialog box and click OK.
# Enter your ITC domain credentials in the provided dialog box and click OK.
# You should see the log scroll by as the connection is made.
# You should see the log scroll by as the connection is made.
# Once the connection is complete the log dialog box should go away by itself and the OpenVPN tray icon should now show two computers with green screens and a globe between them.
# Once the connection is complete the log dialog box should go away by itself and the OpenVPN tray icon should now show a computer with a green screen and a padlock.
# You can verify that you have connected to ITCnet by opening a command prompt and pinging 172.17.99.1 which is a router on ITCnet and you should receive replies back.
# You can verify that you have connected to ITCnet by opening a command prompt and pinging 172.17.99.1 which is a router on ITCnet and you should receive replies back.
# You should now be able to access all ITCnet resources in the same way as when you are seated in the ITC labs connected to ITCnet.
# You should now be able to access all ITCnet resources in the same way as when you are seated in the ITC labs connected to ITCnet.
Line 42: Line 43:


=Other Operating Systems=
=Other Operating Systems=
If OpenVPN has a client available for your OS you should be able to use it to connect. Clients are available for at least Mac, Linux, and Android. In addition to the client software for your OS you will need the [http://www.ihcc-netacad.net/files/vpn/IHCC-ITC.zip ITC OpenVPN configuration and certificate files]. The ITC lab assistant MAY be able to provide assistance getting clients operational on alternative platforms but be aware it will probably require some trial and error on your part.
If OpenVPN has a client available for your OS you should be able to use it to connect. Clients are available for at least Mac, Linux, and Android. In addition to the client software for your OS you will need the [https://wiki.ihitc.net/files/IHCC-ITC.ovpn ITC OpenVPN configuration file]. The ITC lab assistant MAY be able to provide assistance getting clients operational on alternative platforms but be aware it will probably require some trial and error on your part.

Latest revision as of 23:08, 16 November 2022

Some ITC lab equipment can be accessed via VPN connection to ITCnet. The OpenVPN software is used to securely connect to ITCnet from off campus locations or the eduroam wireless network on campus.

Prerequisites

  • You must have an ITC domain account (contact your instructor for more information)
  • Your domain account must have VPN access enabled (contact your instructor for more information)
  • You must have a system which is supported by OpenVPN
  • You must have an account with administrative permissions on the system which you will be installing and running the OpenVPN client. OpenVPN modifies network drivers and system routing tables in a way which requires administrative permissions for installation of the client.
  • If you want to connect via the wireless network on campus you need to be using the "eduroam" network. The VPN will not work from the unsecured "ihcc" network. For instructions on connecting to eduroam see the eduroam connection page.

Windows Systems

Installation

Files

You will need to download an OpenVPN client for your system. It is suggested that you use the latest version (2.5.8) unless you encounter problems in which case you may want to try an older one.

You will also need the ITC OpenVPN configuration file.

Installation Steps

  1. Download and install the OpenVPN client software.
    • Note: This installation will require administrative privileges as network drivers are being modified.
    • Note: Installation of the TAP network driver will temporarily cause your network connection to drop during the installation process. You may be notified of this with a warning dialog box during the install.
  2. Download the ITC OpenVPN configuration file.
  3. Start the OpenVPN GUI application if it is not already running on your system.
  4. Right-click on the OpenVPN GUI icon in your system tray (next to the clock, the icon looks like a computer with a padlock on it) and choose "Import File..."
  5. Locate the IHCC-ITC.ovpn file which you previously downloaded.
  6. Your installation is now complete and you should be able to launch OpenVPN and connect following the instructions in the connection section of this guide.

Connection

  • A video tutorial on the ITCnet VPN connection and disconnection process is available here.
  1. If it is not already started on your system launch the "OpenVPN GUI" program which can be found in your Start Menu or Start Screen.
  2. You should now have an OpenVPN icon in your system tray (by the clock). The unconnected icon looks like a computer with a padlock on it.
  3. Right click on the OpenVPN icon in the system tray and choose "Connect" from the context menu.
    • Hint: If you don't see a "Connect" option you probably have not correctly installed the ITC OpenVPN configuration file. Refer to the installation section of this guide for instructions on installing this file.
  4. Enter your ITC domain credentials in the provided dialog box and click OK.
  5. You should see the log scroll by as the connection is made.
  6. Once the connection is complete the log dialog box should go away by itself and the OpenVPN tray icon should now show a computer with a green screen and a padlock.
  7. You can verify that you have connected to ITCnet by opening a command prompt and pinging 172.17.99.1 which is a router on ITCnet and you should receive replies back.
  8. You should now be able to access all ITCnet resources in the same way as when you are seated in the ITC labs connected to ITCnet.
  9. When you are finished with your session you should disconnect from ITCnet by right clicking on the OpenVPN tray icon and selecting disconnect.
  10. You can then exit the GUI client or leave it idle in the background, still visible in the system tray, until you need to connect again.

Other Operating Systems

If OpenVPN has a client available for your OS you should be able to use it to connect. Clients are available for at least Mac, Linux, and Android. In addition to the client software for your OS you will need the ITC OpenVPN configuration file. The ITC lab assistant MAY be able to provide assistance getting clients operational on alternative platforms but be aware it will probably require some trial and error on your part.