OpenVPN

From PDP/Grid Wiki
Jump to navigationJump to search

This article explains how to configure your vpn client, so that you can access the network at NIKHEF.

Configuration Files

The following configuration files need to be copy to $HOME/Library/Application Support/Tunnelblick/Configurations/; the owner:group of the files are root:wheel and the permissions are rw-r--r--. The two CA crt files (salado-ca.crt & nikhef-ca.crt) need to be place in $HOME/.globus. The generate the proper CA bundles on the client side, use the bundle generator!

You can use Sloot as the primary vpn server and Boswachter as an alternative. Remote is for the remote location. Tunnel is to Schrepel and to put all your traffic over the line. Openvpn is to Schrepel and normal use. Wipkip-tunnel is handy if you want to encrypt all your traffic but don't want to use TCP for it.


NOTE: change the names between '<' & '>' by either the hostname or the location of the CRTs/PEMs.

openvpn.conf

client
comp-lzo
comp-noadapt
proto	udp
remote	<SCHREPEL>
port	1194
dev	tun
tun-mtu	1500
nobind
persist-key
persist-tun
# security/certificate stuff:
ns-cert-type	server
ca 	<NIKHEF-CA.CRT>
cert 	<USERCERT.PEM>
key 	<USERKEY.PEM>

boswachter.conf

client
comp-lzo
comp-noadapt
proto	udp
remote	<BOSWACHTER>
port	1194
dev	tun
tun-mtu	1500
nobind
persist-key
persist-tun 
# security/certificate stuff:
ns-cert-type	server
ca 	<NIKHEF-CA.CRT>
cert 	<USERCERT.PEM>
key 	<USERKEY.PEM>

remote.conf

client
comp-lzo
comp-noadapt
proto	udp
#remote salado.nikhef.nl
remote	<KONIJN>
remote	<CAVIA>
remote-random
port	1194
dev	tap
tun-mtu	1500
nobind
persist-key
persist-tun
# security/certificate stuff:
ns-cert-type	server
ca 	<SALADO-CA.CRT>
cert 	<USERCERT.PEM>
key 	<USERKEY.PEM>

sloot.conf

client
comp-lzo
comp-noadapt
proto	udp
remote	<SLOOT>
port	1194
dev	tun
tun-mtu	1500
nobind
persist-key
persist-tun
# security/certificate stuff:
ns-cert-type	server
ca 	<NIKHEF-CA.CRT>
cert 	<USERCERT.PEM>
key 	<USERKEY.PEM>

tunnel.conf

client
comp-lzo
comp-noadapt
proto	tcp
remote	194.171.97.13
#remote	boswachter.nikhef.nl
port	443
dev	tun
tun-mtu	1500
nobind
persist-key
persist-tun
# security/certificate stuff:
ns-cert-type	server
ca 	<NIKHEF-CA.CRT>
cert 	<USERCERT.PEM>
key 	<USERKEY.PEM>

wipkip-tunnel.conf

client
comp-lzo
comp-noadapt
proto	udp
remote	194.171.96.49
port	1195
dev	tun
tun-mtu	1500
nobind
persist-key
persist-tun
# security/certificate stuff:
ns-cert-type	server
ca 	<SALADO-CA.CRT>
cert 	<USERCERT.PEM>
key 	<USERKEY.PEM>
Retrieved from "https://wiki.nikhef.nl/grid/index.php?title=OpenVPN&oldid=9380"