OpenVPN Service, Chemistry Network Access from home

What?

A VPN (Virtual Private Network) allows access to "internal" computing resources from "outside" across the internet, in a more transparent and general way than current methods of remote access (ssh, remote desktop etc.). Effectively the home/remote machine will acquire the same access as if it were on the internal Departmental network.

Why?

User benefits include:

easy to configure and use, giving a Chemistry Department IP address which allows access to otherwise restricted resources (journals, file-servers etc.)
secure access (once connected, all traffic is encrypted)
supported for Windows, Mac and Linux/Unix
supported by more ISPs than the other VPN solution

How?

The password you need to supply is your Admitto password. You will need to liaise with the Computer Officers to have this account created if you don't already have one (if you don't know whether you have an account or not, please email us to enquire or if you know your Raven password click here to check for an Admitto account).

Installing: Windows

To set it up on Windows (2000 or later), download and run the OpenVPN installer.

You may be asked if you want to allow the program to make changes to the computer: select "Yes".
You will be shown a "Welcome to the setup wizard" screen: click "Next".
You will be asked to review the licence agreement: Click "I agree."
You will be asked to choose components. Leave all the components ticked and click 'Next'.
You will asked to choose a location for OpenVPN. Accept the default and click 'Install'.
You will see some messages which should end with the line 'Completed'. Click 'Next'.
You will be given the option to show the 'README' file. Click 'Finish'.

To configure OpenVPN to connect to the Chemistry department, you will need to download the configuration files for windows. Open the zip file and drag the contents into the 'config' directory within OpenVPN: if you installed to the default location (c:\Program Files (x86)\OpenVPN), that directory will be c:\Program Files (x86)\OpenVPN\config\

Connecting: Windows

To connect to the department, find the 'OpenVPN GUI' start icon, right-click it and select 'Run as Administrator'. (If you find it tedious to perform this step every time, use this script to save you the bother.) The icon will appear in the system tray with red computer screens. Right click that icon and select 'connect': you will be asked for your Admitto credentials. The icon screens will change to yellow, then green once you have connected.

The tray icon conveys meaning through colour:

Icon with red screens: disconnected.
Icon with yellow screens: connecting.
Icon with green screens: connected.
Icon with orange screens: reconnecting.

Troubleshooting: Windows

The most common problem is not running OpenVPN GUI as administrator: it will not work as an ordinary user. Errors about failing to add a 'route' in the output usually mean that this is the problem.

Right-click the tray icon and select 'Exit'.
Find the 'OpenVPN GUI' start icon, right-click it and select 'Run as Administrator'. (If you find it tedious to perform this step every time, use this script to save you the bother.)

If you can start the OpenVPN GUI but get no 'Connect' option then your installation is missing its config files, or they are in the wrong place, or have been given the wrong names. Download and open the windows config files and drag the contents into the 'config' directory within OpenVPN: if you installed to the default location (c:\Program Files (x86)\OpenVPN), that directory will be c:\Program Files (x86)\OpenVPN\config\

Installing: OSX

To set it up on OSX, download and run the OSX installer. Then download the config file. The configuration file is compressed, so double-click it to expand it: you should then get a file 'Chemistry.tblk'. Double-click that to install the configuration.

Connecting: OSX

Select 'Connect Chemistry' from the TunnelBlick icon.

Installing: Linux

To set it up on Linux, use the OpenVPN package provided by your distribution (or hand-compile if you feel like it) and the files below.

If you are using Network Manager, there are some detailed instructions.

Files for configuring the OpenVPN client

Most OpenVPN interfaces provide the ability to import a config file. If not, configure the client to authenticate with "Password using certificates". It should use a custom port (443), LZO data compression and a TCP connection. (You will need to tell the OpenVPN client to use the certificate authority, client certificate and client key above.)