For the IPG Vpn connection, we use the openvpn protocol. This protocol is a lot more simple to manage respect the IPSEC and the security level is, for the moment, good.

When you connect to the IPG network using this protocol, only the transmissions to and from out network are encrypted, the remaining connections travel as usual, without using the vpn.

To simplify the installation/management and to raise the security level of the connections, we don't use login/password couples for the authentication, but personal certificates. Every user that need to use the VPN connections must ask for a personal certificate, else the connection is impossible. The certificates aren't shareable (in case someone share his/hers certificate with someone else the connections are automatically blocked).

1. Download the openvpn client program for Os X.
2. Explode it, copy the program TunnelBlick in Applications and launch it.
3. Answer yes to the requests.
4. Close all the windows it opens.
5. After the launch You'll find his icon in the menu bar (at right), click on the icon and then quit the program.
6. You must now ask for the personal certificate to the System Administrators (In order to obtain it you must be an user of the I.P.G. network).
7. You will receive the certificate and all the configuration files needed
8. Explode all the files inside the directory ~/Library/openvpn
9. Verify that the scripts up.sh and down.sh are executable
10. Restart TunnelBlick (from /Application), show the menu and click on Detail….
11. Select the openvpn tab
12. Click on Connect
13. The TunnelBlick Icon (the one on the menubar) should start to blink and then change from grey to whyte in the center (teorically it's a tunnel). if this is the case, the tunnel is working.
14. Now you can connect directly to all the servers in our network. From the point of view of the servers your requests come from a workstation connected to the local network, so your requests aren't subject to firewall filtering.
15. Try to connect to your home dir: Command-K and then insert

    afp://arachne.epfl.ch

    on the address field. Insert your login/password when prompted and select your homedir (it's your name) from the list. If you can connect, the tunnel is working.

1. As root install the package openvpn (maybe it's already installed, check if the /etc/init.d/openvpn is present).
2. You must now ask for the personal certificate to the System Administrators (In order to obtain it you must be an user of the I.P.G. network).
3. You will receive the certificate and all the configuration files needed in a zip file
4. Explode the package and copy all files inside the directory /etc/openvpn
5. Start the vpn using this command (as root): /etc/init.d/openvpn start
6. To connect to your home dir (you have to start the portmap, nfs and autofs daemons, in order to do this) connect to /net/melpomene.epfl.ch/home/<your login>.

1. Refer to the OpenVpn Faq for the limitation or the problem that can arise with windows clients.
2. Download and Install the openvpn client for Windows.
3. You must now ask for the personal certificate to the System Administrators (In order to obtain it you must be an user of the I.P.G. network).
4. You will receive the certificate and all the configuration files needed
5. Copy all files from the package inside the directory where openvpn was installed (under C:\Program files\…)
6. Right click on the *.conf file and instruct the system to open it using the program openvpn
7. Double click on the file icon and your vpn tunnel will start

1. Of course the Vpn will work only if you connect from outside the Epfl network.
2. If you try to use it from inside the EPFL the connection to the vpn server will work, but all the other network communications will be blocked until you close the vpn connection.
3. Sometimes the tunnel stop working without notice in the first 20 secs, don't know way at the moment. just restart the connection.
4. Remember that only the traffic 128.178.0.0/16 ↔ <laptop> is encripted, all the remaining connections travel as usual.
5. If the tunnel don't start at all right after you installed TunnelBlick, you must reset the computer (some libraries needs to be registered).
6. Don't share the certificate you received with anyone, it is your accreditation to enter the system.
   Abuses means the cancellation of the certificate.