Windows

Installing

  1. Download the Windows OpenVPN installer from: https://openvpn.net/index.php/open-source/downloads.html
  2. Run the installer
    1. During the installation process, a second installer for the TAP/TUN driver will start. You also need to install this driver.
    2. When asked to select components of the OpenVPN installation, you do NOT need the easy-rsa component.
    3. You may also want to check, under Advanced, to not remember passwords.
    4. Whether or not to have the OpenVPN gui start at login is up to you.
  3. If you wish to be able to run OpenVPN as a non-administrative user:
    1. Add the user to the "OpenVPN Administrators" group
      1. For Windows10, login as an administrative user.
      2. Right click the Start menu
      3. Choose "Computer Management"
      4. In the left tab, expand Computer Management, System Tools, Local Users and Groups, Groups
      5. In the right tab, double click "OpenVPN Administrators" (you might first need to create this group)
      6. Click "Add"
      7. Type in the username or domain\username and click "OK"
      8. Again click "OK"
      9. The user will need to re-login if already login'ed to the computer
    2. Reboot the PC (necessary to start the "OpenVPN Interactive" service
  4. Login as the user who will be running OpenVPN (administrative or otherwise)

  5. Create a new folder:

    C:\users\[username]\openvpn\config

     

  6. Copy the config and key files to the folder just created.

Connecting

  1. Login as the user to start OpenVPN
  2. Double click the "OpenVPN GUI" icon on the desktop. This will not do anything other than to put the OpenVPN systray icon in the systray.
  3. In the systray, double click the OpenVPN icon. This will start OpenVPN on the config files you created earlier.
  4. For AUTH username, enter your netid
  5. For AUTH password, enter in a code from your DUO token, or enter in an alias for the device you want DUO to call or push via the DUO app
    1. Aliases for devices can be found at: https://twostep.netid.cornell.edu
  6. You can now Map the CNF510 server.
  7. To disconnect, again double click the OpenVPN icon in the system tray.
    1. Click "Disconnect"

Macintosh

Installing

  1. Store, someplace you know where they are (eg your Desktop) the configuration and key files received from CNF Computing
  2. Download the latest stable release of Tunnelblick from https://tunnelblick.net/downloads.html
  3. Open the downloaded DiskImage
    1. To start the install, double-click the TunnelBlick installer icon in the DiskImage
  4. GateKeeper will ask you to confirm Open ing the application. Click "Open".
    1. If you are upgrading from a previous version, you will be prompted for an administrative username and password to replace the old version of Tunnelblick.
    2. If you are upgrading, you will be prompted to confirm shutting down the old version of Tunnelblick.
  5. On the "Welcome to Tunnelblick" screen, leave "Check for updates" checked and uncheck Check for IP  address changes
    1. Enter in an administrative username and password to install Tunnelblick.
  6. On the "Welcome to Tunnelblick" screen, click "I have configuration files"
    1. Click "OK" on the information screen for howto Add a Configuration
  7. Open the folder where you stored your configuration and key files.
    1. Drag the configuration file (usually named something like cnf510-dwb7.ovpn) to the Tunnelblick icon in the top menu bar – release the mouse when the green plus sign appears on top of the icon you are dragging
    2. Select Install Configuration for "Only Me"
    3. Enter in an administrative username and password to install the configuration

Connecting

  1. Left click the Tunnelblick icon in the menu bar
  2. Click "Connect cnf510-netid" where netid is your netid
  3. For the username, enter in your Cornell NetID
  4. For the password, enter in a code from your DUO token, or enter in an alias for the device you want DUO to call or push via the DUO app
    1. Aliases for devices can be found at: https://twostep.netid.cornell.edu
  5. Click "OK"
  6. The Tunnelblick icon in your menu bar will change from grey to black to indicate that you are connected.
  7. You can now connect to the CNF510 server

 

Linux

Installing

  1. Either install OpenVPN if available as a package from your distribution, or download from: https://openvpn.net/index.php/open-source/downloads.html
  2. Obtain configs and certificates from CNF Computing
  3. Place the configs and certificates in a directory
    1. This can either be the OpenVPN system config directory, usually /etc/openvpn
    2. OR a local directory

Connecting

  1. If you placed the OpenVPN configs in the system directory, just start the openvpn client with:

    sudo openvpnor your choice of OpenVPN GUI.

  2. If you placed the OpenVPN configs in a different directory, cd to that directory and then (the configfile will usually be named something like: cnf510-netid.conf):

    sudo openvpn --config confgfile

  3. When prompted, enter your netid for the AUTH username

  4. When prompted, for the AUTH password,  enter in a code from your DUO token, or enter in an alias for the device you want DUO to call or push via the DUO app
    1. Aliases for devices can be found at: https://twostep.netid.cornell.edu
  5. You can now connect to the CNF510 server.
    1. Note you will need Samba4 to be able to connect.
    2. You may need to add to the "[global]" portion of your smb.conf file the following two lines:
      client min protocol = SMB2
      client max protocol = SMB3

       

    3. OR if running smbclient from the commandline, specify "-m SMB3" to use the SMB3 protocol.

  6. To disconnect, either use the Disconnect option in your OpenVPN gui or press CTRL-C in the OpenVPN terminal window in which you started the openvpn client.

  • No labels