Windows
Installing
- Download the Windows OpenVPN installer from: https://openvpn.net/index.php/open-source/downloads.html
- Run the installer
- During the installation process, a second installer for the TAP/TUN driver will start. You also need to install this driver.
- When asked to select components of the OpenVPN installation, you do NOT need the easy-rsa component.
- You may also want to check, under Advanced, to not remember passwords.
- Whether or not to have the OpenVPN gui start at login is up to you.
- If you wish to be able to run OpenVPN as a non-administrative user:
- Add the user to the "OpenVPN Administrators" group
- For Windows10, login as an administrative user.
- Right click the Start menu
- Choose "Computer Management"
- In the left tab, expand Computer Management, System Tools, Local Users and Groups, Groups
- In the right tab, double click "OpenVPN Administrators" (you might first need to create this group)
- Click "Add"
- Type in the username or domain\username and click "OK"
- Again click "OK"
- The user will need to re-login if already login'ed to the computer
- Reboot the PC (necessary to start the "OpenVPN Interactive" service
- Add the user to the "OpenVPN Administrators" group
- Login as the user who will be running OpenVPN (administrative or otherwise)
Create a new folder:
C:\users\[username]\openvpn\config
- Copy the config and key files to the folder just created.
Connecting
- Login as the user to start OpenVPN
- Double click the "OpenVPN GUI" icon on the desktop. This will not do anything other than to put the OpenVPN systray icon in the systray.
- In the systray, double click the OpenVPN icon. This will start OpenVPN on the config files you created earlier.
- For AUTH username, enter your netid
- For AUTH password, enter in a code from your DUO token, or enter in an alias for the device you want DUO to call or push via the DUO app
- Aliases for devices can be found at: https://twostep.netid.cornell.edu
- You can now Map the CNF510 server.
- To disconnect, again double click the OpenVPN icon in the system tray.
- Click "Disconnect"
Macintosh
Installing
- Store, someplace you know where they are (eg your Desktop) the configuration and key files received from CNF Computing
- Download the latest stable release of Tunnelblick from https://tunnelblick.net/downloads.html
- Open the downloaded DiskImage
- To start the install, double-click the TunnelBlick installer icon in the DiskImage
- GateKeeper will ask you to confirm Open ing the application. Click "Open".
- If you are upgrading from a previous version, you will be prompted for an administrative username and password to replace the old version of Tunnelblick.
- If you are upgrading, you will be prompted to confirm shutting down the old version of Tunnelblick.
- On the "Welcome to Tunnelblick" screen, leave "Check for updates" checked and uncheck Check for IP address changes
- Enter in an administrative username and password to install Tunnelblick.
- On the "Welcome to Tunnelblick" screen, click "I have configuration files"
- Click "OK" on the information screen for howto Add a Configuration
- Open the folder where you stored your configuration and key files.
- Drag the configuration file (usually named something like cnf510-dwb7.ovpn) to the Tunnelblick icon in the top menu bar – release the mouse when the green plus sign appears on top of the icon you are dragging
- Select Install Configuration for "Only Me"
- Enter in an administrative username and password to install the configuration
Connecting
- Left click the Tunnelblick icon in the menu bar
- Click "Connect cnf510-netid" where netid is your netid
- For the username, enter in your Cornell NetID
- For the password, enter in a code from your DUO token, or enter in an alias for the device you want DUO to call or push via the DUO app
- Aliases for devices can be found at: https://twostep.netid.cornell.edu
- Click "OK"
- The Tunnelblick icon in your menu bar will change from grey to black to indicate that you are connected.
- You can now connect to the CNF510 server
Linux
Installing
- Either install OpenVPN if available as a package from your distribution, or download from: https://openvpn.net/index.php/open-source/downloads.html
- Obtain configs and certificates from CNF Computing
- Place the configs and certificates in a directory
- This can either be the OpenVPN system config directory, usually /etc/openvpn
- OR a local directory
Connecting
If you placed the OpenVPN configs in the system directory, just start the openvpn client with:
sudo openvpnor your choice of OpenVPN GUI.
If you placed the OpenVPN configs in a different directory, cd to that directory and then (the configfile will usually be named something like: cnf510-netid.conf):
sudo openvpn --config confgfile
When prompted, enter your netid for the AUTH username
- When prompted, for the AUTH password, enter in a code from your DUO token, or enter in an alias for the device you want DUO to call or push via the DUO app
- Aliases for devices can be found at: https://twostep.netid.cornell.edu
- You can now connect to the CNF510 server.
- Note you will need Samba4 to be able to connect.
- You may need to add to the "[global]" portion of your smb.conf file the following two lines:
client min protocol = SMB2
client max protocol = SMB3
OR if running smbclient from the commandline, specify "-m SMB3" to use the SMB3 protocol.
To disconnect, either use the Disconnect option in your OpenVPN gui or press CTRL-C in the OpenVPN terminal window in which you started the openvpn client.