User Tools

Site Tools


filer:vpn:ipg

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
filer:vpn:ipg [2007/06/18 09:28] damirfiler:vpn:ipg [2018/10/23 13:04] (current) – removed damir
Line 1: Line 1:
-====== Use Of IPG VPN connection ====== 
- 
-For the IPG Vpn connection, we use the **[[http://openvpn.net/|openvpn]]** protocol. This protocol is a lot more simple to manage respect ti the IPSEC protocol and the security level is, for the moment, good.\\ 
-\\ 
-When you connect to the IPG network using this protocol, only the transmissions to and from the network 128.178.0.0/16 are encrypted, the remaining connections that go to servers externa to the EPFL network travel as usual.\\ 
-\\ 
-To simplify the installation/management and the raise the security level of the connections, we don't use login/password for the autentication of the VPN, but //personal certificates//. Every single user that need to use the VPN connections must ask for a personal certificate, else the connection is impossible. The certificates aren't shareable (in case someone share his/hers certificate with someone else the connections are blocked).\\ 
-\\ 
- 
-===== Mac Os X Configuration ===== 
- 
-  - Download the [[http://www.tunnelblick.net/Tunnelblick_3.0_B4.zip|openvpn]] client program for Os X. 
-  - Explode it, copy the program TunnelBlick in **Applications** and launch it. 
-  - Answer yes to the requests. 
-  - Close all the windows it opens. 
-  - After the launch You'll find his icon in the menu bar (at right), click on the icon and then quit the program. 
-  - You must now ask for the personal certificate to the System Administrators (In order to obtain it you must be an user of the I.P.G. network). 
-  - You will receive the certificate and all the configuration files needed 
-  - Explode all the files inside the directory ~/Library/openvpn 
-  - Verify that the scripts [[up.sh]] and [[down.sh]] are executable 
-  - Restart TunnelBlick (from /Application), show the menu and click on //Detail...//. 
-  - Select the //openvpn// tab 
-  - Click on //Connect// 
-  - The TunnelBlick Icon (the one on the menubar) should start to blink and then change from grey to whyte in the center (teorically it's a tunnel). if this is the case, the tunnel is working. 
-  - Now you can connect directly to all the servers in our network. From the point of view of the servers your requests come from a workstation connected to the local network, so your requests aren't subject to firewall filtering. 
-  - Try to connect to your home dir: Command-K and then afp://lthiserv3.epfl.ch, insert your login/password and select your homedir (you name) from the list. If you can connect the tunnel is working. 
- 
-===== Linux Configuration ===== 
- 
-===== Windows Configuration ===== 
- 
- 
-===== Things to know ===== 
- 
-  - Of course the Vpn will work only if you connect from outside the Epfl network. If you try to use it from inside the EPFL the connection to the vpn server will work, but all the other network comunications will be blocked until you close the vpn connection. 
-  - Sometimes the tunnel stop working without notice in the first 20 secs, don't know way at the moment. just restart the connection. 
-  - Remember that only the traffic 128.178.0.0/16 <-> <laptop> is encripted, all the remaining connections travel as usual. 
-  - If the tunnel don't start at all whe you installed TunnelBlick you must reset the computer (some libraries needs to be registered) 
-  - ** Don't share the certificate you received with anyone, it is your accreditation to enter the system.** 
  
filer/vpn/ipg.1182151708.txt.gz · Last modified: 2007/06/18 09:28 by damir