VPN Access

Introduction

VPN let you access RTCL Network (10.0.0.0/8) without login to a gateway host (e.g., kabru) first.

Tutorial

1. Install OpenVPN
   • Windows installer and source code can be download from OpenVPN download page
   • Linux rpm/deb is available in most distributions
2. Open your OpenVPN configuration file directory
   • In Microsoft Windows XP, click on Start, All Programs, OpenVPN, OpenVPN configuration file directory
   • In Linux, change the current directory to /etc/openvpn
3. Download the following 4 files to your OpenVPN configuration directory:
   • OpenVPN client configuration file client.ovpn
     • You may need to change the extension of this file to .conf if you want to use /etc/init.d/openvpn script to run openvpn on Linux
   • The CA certificate of kabru root.crt
   • A client certificate (not really being used) client.crt
   • A client key (not really being used) client.key
4. Right-click on the file client.ovpn and select "Start OpenVPN on this config file"
5. Login with your kabru user name and password
6. Voila!

Useful Tips

1. openvpn GUI on windows
   • It is easier to maintain openvpn connections with GUI. Recommended if you use Windows.
2. To make more than one connections simultaneously
   • Using the setting described above, you can make only one connection. However, there is simple solution if you need only two simultaneous connections; you can make one connection using udp (default), and the other using tcp. Modify the configuration file client.ovpn on one client as

     ...
     proto tcp
     ;proto udp
     ...
              

3. To make openvpn connection on CAEN Wireless
   • If you use CAEN wireless using Cisco VPN, Cisco VPN will not allow openvpn connection. Also, if you use CAEN wireless using web-based authentication, your openvpn connection will be dropped due to the CAEN policy, which allows only secure connections when a user is authenticated using web page. Next version of OpenVPN? (2.1) will support port sharing with HTTPS. We will update the software once it has a stable release.
   • You can make openvpn connection using tcp protocol + ssh tunneling
   • First, modify the openvpn configuration file to use tcp as above, and add one line to use localhost as follows. This configuration file make openvpn try direct connection to kabru first, and then localhost.

     ...
     remote kabru.eecs.umich.edu 1194
     remote localhost 1194
     ;remote my-server-2 1194
     ...
              

   • Then, run the following command on cygwin. Or make an equivalent ssh tunnel using putty or any other ssh client supporting ssh tunneling

     # ssh -v -g -C -N -2 -L 1194:localhost:1194 uniqname@kabru.eecs.umich.edu
              

   • Then, run openvpn command.
4. When vpn is NOT working, ssh port forwarding can be used.
   • For accessing samba server on kabru, use the instruction in the following page link
     • Use 192.168.0.1/176.16.0.1 instead of 10.0.0.0 for loopback device since 10.0.0.0 address is used by vpn
     • When setting up port forwarding, the destination port should be set to 10.0.0.1:139
   • For accessing a remote desktop on VM
     • From a linux/unix box,
       • Run the following command on unix environment

         % ssh -v -g -C -N -2 -L 3389:numeric.ip.of.vm:3389 your_id@kabru.eecs.umich.edu
                        

     • On a Windows box,
       • Use putty or any other ssh client with ssh port forwarding support.
       • In putty, use can set up a local forwarding with source port 3390, and destination port as numerical.ip.of.vm:3389
         • You need to use the different port number other than the default RDC port (3389) in case RDC is enabled on a local machine.
       • In Cygwin, you can use the unix-like command as follows.

         % ssh -v -g -C -N -2 -L 3390:numeric.ip.of.vm:3389 your_id@kabru.eecs.umich.edu
                        

     • After setting up a port forwarding, run remote desktop client, and connect to localhost (or localhost:3390 if you use port # 3390 instead of 3389).

-- Main.chtsai - 28 Feb 2007