vpnaccess
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
vpnaccess [2024/06/09 14:50] akraitman [Requesting Access] |
vpnaccess [2024/12/20 01:01] (current) dmick [VPN Client Access] |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| To request access to the Sepia lab, | To request access to the Sepia lab, | ||
| - Generate login credentials by following directions under **VPN Client Access** below. | - Generate login credentials by following directions under **VPN Client Access** below. | ||
| - | - [[http://tracker.ceph.com/projects/lab/issues/new?issue[tracker_id]=3|File a ticket]]. Select **Sepia Lab Access Request** , copy those questions and write your answers in the ticket. | + | - [[http://tracker.ceph.com/projects/lab/issues/new?issue[tracker_id]=3|File a ticket]]. Select **Sepia Lab Access Request** and ***copy those questions and answer them in the ticket.*** |
| <code> | <code> | ||
| Line 32: | Line 32: | ||
| ===== VPN Client Access ===== | ===== VPN Client Access ===== | ||
| Follow the instructions corresponding to your workstation's operating system below. | Follow the instructions corresponding to your workstation's operating system below. | ||
| + | |||
| + | ==== The 'secret' file ==== | ||
| + | |||
| + | |||
| + | The new-client script will generate a secret in a file named 'secret'. This is your secret VPN password. Do not share this in any way to anyone. Do not overwrite it for any reason. It is precious unrecoverable data, and losing it will lose your access to the VPN. | ||
| + | |||
| + | ==== The 'secret.hash' file: ==== | ||
| + | |||
| + | new-client will also generate a file named 'secret.hash', which corresponds to, but is not the same as, 'secret'. new-client also prints out this secret.hash. This is public information, derived from your secret, but not your secret. This is what you put in the tracker ticket to be added to the OpenVPN server. | ||
| + | |||
| + | ==== The secrets tarball: ==== | ||
| + | |||
| + | |||
| + | new-client will also generate a tarball named 'secrets.YYMMDD_HHMMSS.tar.gz' (where YYMMDD_HHMMSS represents the current date and time) containing both secret and secret.hash files. Since they go together, this will help track problems in their creation and use. | ||
| **NOTE:** You will need VPN credentials for each machine/workstation you intend to connect to the Sepia VPN. **Client credentials can not be used on more than one machine at a time!** | **NOTE:** You will need VPN credentials for each machine/workstation you intend to connect to the Sepia VPN. **Client credentials can not be used on more than one machine at a time!** | ||
| Line 150: | Line 164: | ||
| cd /etc/openvpn | cd /etc/openvpn | ||
| wget https://filedump.ceph.com/sepia-vpn-client.tar.gz | wget https://filedump.ceph.com/sepia-vpn-client.tar.gz | ||
| - | sudo tar zxvf sepia-vpn.client.tar.gz | + | sudo tar zxvf sepia-vpn-client.tar.gz |
| # Generate client credentials | # Generate client credentials | ||
| Line 179: | Line 193: | ||
| - **Tls-Auth:** ta.key | - **Tls-Auth:** ta.key | ||
| - When connecting to the VPN for the first time, | - When connecting to the VPN for the first time, | ||
| - | - Enter your ''USER@HOST'' combination as the username | + | - Enter your ''USER@HOST'' combination as the username(the username is the first line in secret file) |
| - | - Enter the second line of ''sepia/secret'' as the password | + | - Enter the second line of ''sepia/secret'' as the password(the password is the second line in secret file) |
| - Save the credentials to your keychain | - Save the credentials to your keychain | ||
| - You can now delete any downloaded and created files (except ca.crt) | - You can now delete any downloaded and created files (except ca.crt) | ||
vpnaccess.1717944639.txt.gz · Last modified: 2024/06/09 14:50 by akraitman
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
