This is an old revision of the document!
Use Of IPG VPN connection
For the IPG Vpn connection, we use the openvpn protocol. This protocol is a lot more simple to manage respect ti the IPSEC protocol and the security level is, for the moment, good.
When you connect to the IPG network using this protocol, only the transmissions to and from the network are encrypted, the remaining connections that go to servers externa to the EPFL network travel as usual.
To simplify the installation/management and the raise the security level of the connections, we don't use login/password for the autentication of the VPN, but personal certificates. Every single user that need to use the VPN connections must ask for a personal certificate, else the connection is impossible. The certificates aren't shareable (in case someone share his/hers certificate with someone else the connections are blocked).
Mac Os X Configuration
- Download the openvpn client program for Os X.
- Explode it, copy the program TunnelBlick in /Applications and launch it.
- Answer yes to the requests.
- Close all the windows it opens.
- After the launch You'll find his icon in the menu bar (at right), click on the icon and then quit the program.
- You must now ask for the personal certificate to the System Administrators (In order to obtain it you must be an user of the I.P.G. network).
- You will receive a mail with the certificate and all the configuration files needed
- Explode all the files inside the directory ~/Library/openvpn
- Verify that the scripts and are executable
- Restart TunnelBlick (from /Application), show the menu and click on “Detail…”.
- Select the “openvpn” tab
- Click on “Connect”
- The TunnelBlick Icon (the one on the menubar) should start to blink and then change from grey to whyte in the center (teorically it's a tunnel). if this is the case, the tunnel is working.
- Now you can connect to all the servers in our network. From the point of view of the servers your requests come from a workstation connected to the local network, so your requests aren't subject to firewall filtering.
- Try to connect to your home dir: Command-K and then afp:lthiserv3, insert your login/password and select your homedir (you name) from the list. if you can connect the tunnel is working. Of course the Vpn will work only if you connect from outside the Epfl network. If you try to use it from inside the EPFL the connection to the vpn server will work, but all the other network comunications will be blocked until you close the vpn connection. ===== Linux Configuration ===== ===== Windows Configuration ===== ===== Things to know ===== - Sometimes the tunnel stop working without notice in the first 20 secs, don't know way at the moment. just restart the connection. - Remember that only the traffic ↔ <laptop> is encripted, all the remaining connections travel as usual. - If the tunnel don't start at all whe you installed TunnelBlick you must reset the computer (some libraries needs to be registered) - Don't share the certificate you received with anyone, it is your accreditation to enter the system.