vpnaccess
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
vpnaccess [2018/06/29 15:57] djgalloway |
vpnaccess [2023/10/06 20:04] ljflores People need to add sudo before this command. |
||
|---|---|---|---|
| Line 11: | Line 11: | ||
| **NOTE:** You will need VPN credentials for each machine/workstation you intend to connect to the Sepia VPN. **Client credentials can not be used on more than one machine at a time!** | **NOTE:** You will need VPN credentials for each machine/workstation you intend to connect to the Sepia VPN. **Client credentials can not be used on more than one machine at a time!** | ||
| + | |||
| ==== Linux ==== | ==== Linux ==== | ||
| <code> | <code> | ||
| sudo [apt-get|yum] install openvpn | sudo [apt-get|yum] install openvpn | ||
| + | |||
| + | sudo mkdir -p /run/openvpn | ||
| + | |||
| + | ## Fedora 28 and later | ||
| + | cd /etc/openvpn/client | ||
| + | |||
| + | ## All others | ||
| cd /etc/openvpn | cd /etc/openvpn | ||
| - | wget http://ceph.com/sage/sepia-vpn-client.tar.gz | + | |
| + | ## filedump.ceph.com is temporarily unavailable; contact akraitma@redhat.com or dmick@redhat.com regarding this file - sepia-vpn-client.tar.gz | ||
| + | sudo wget https://filedump.ceph.com/sepia-vpn-client.tar.gz | ||
| sudo tar zxvf sepia-vpn-client.tar.gz | sudo tar zxvf sepia-vpn-client.tar.gz | ||
| + | |||
| # Generate client credentials | # Generate client credentials | ||
| Line 31: | Line 42: | ||
| OR | OR | ||
| sudo systemctl restart openvpn@sepia | sudo systemctl restart openvpn@sepia | ||
| + | OR | ||
| + | sudo systemctl restart openvpn-client@sepia | ||
| + | |||
| + | # Try all 3. One of them should work. | ||
| + | # Whichever works, enable the systemd service | ||
| + | |||
| + | sudo systemctl enable openvpn@sepia | ||
| + | OR | ||
| + | sudo systemctl enable openvpn-client@sepia | ||
| </code> | </code> | ||
| === Linux Gotchas === | === Linux Gotchas === | ||
| - | You may need to modify ''user'' and ''group'' in ''/etc/openvpn/sepia/client.conf'' depending on what user the service runs as. This could be ''nobody'', ''nogroup'', or ''openvpn''. | + | You may need to edit ''user'' and ''group'' in ''/etc/openvpn/sepia/client.conf'' depending on what user the service runs as. This could be ''nobody'', ''nogroup'', or ''openvpn''. |
| <code> | <code> | ||
| - | - user nobody | + | sed -i 's/nobody/openvpn/g' /etc/openvpn/sepia/client.conf || sed -i 's/nobody/openvpn/g' /etc/openvpn/client/sepia/client.conf |
| - | - group nogroup | + | sed -i 's/nogroup/openvpn/g' /etc/openvpn/sepia/client.conf || sed -i 's/nogroup/openvpn/g' /etc/openvpn/client/sepia/client.conf |
| - | + user openvpn | + | |
| - | + group openvpn | + | |
| </code> | </code> | ||
| + | |||
| + | ---- | ||
| If you're using OpenVPN for any other VPN connection (e.g., Red Hat's), you may need to change the ''dev'' name in ''/etc/openvpn/sepia/client.conf''. See below. | If you're using OpenVPN for any other VPN connection (e.g., Red Hat's), you may need to change the ''dev'' name in ''/etc/openvpn/sepia/client.conf''. See below. | ||
| <code> | <code> | ||
| - | - dev tun | + | # ERASE |
| - | + dev sepia0 | + | dev tun |
| - | + dev-type tun | + | |
| + | # REPLACE WITH | ||
| + | dev sepia0 | ||
| + | dev-type tun | ||
| </code> | </code> | ||
| - | If you have a ''/etc/openvpn/client/'' directory, you may need to ''sudo mv /etc/openvpn/sepia* /etc/openvpn/client/'' before you can run ''openvpn-client@sepia.service''. This is because the OpenVPN systemd unit file looks in ''/etc/openvpn/client/'' for configuration files by default. | + | ---- |
| + | |||
| + | If the ''new-client'' script throws an error about ''/usr/bin/python'' not being found, run: | ||
| + | |||
| + | <code> | ||
| + | sudo sed -i 's|/usr/bin/python|/usr/bin/python3|g' sepia/new-client | ||
| + | </code> | ||
| === Troubleshooting === | === Troubleshooting === | ||
| + | Please disable SELinux on rhel clients | ||
| + | |||
| To troubleshoot your VPN connection, try running the following command to determine where the connection is failing: | To troubleshoot your VPN connection, try running the following command to determine where the connection is failing: | ||
| <code> | <code> | ||
| openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5 | openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5 | ||
| + | OR | ||
| + | openvpn --config /etc/openvpn/client/sepia.conf --cd /etc/openvpn/client --verb 5 | ||
| </code> | </code> | ||
| Line 72: | Line 105: | ||
| - Enter the second line in your ''/etc/openvpn/sepia/secret'' file for **Password** | - Enter the second line in your ''/etc/openvpn/sepia/secret'' file for **Password** | ||
| + | |||
| + | ==== Fedora Network Manager GUI -- Fedora 34 ==== | ||
| + | |||
| + | This procedure was confirmed to work on Fedora 34 on 14 July 2021. | ||
| + | |||
| + | - Make sure you've followed all the prerequisite steps [[vpnaccess#linux|here]] | ||
| + | - Right click the NetworkManager icon | ||
| + | - Select **Settings** --> **Network** | ||
| + | - Click the **+** symbol under VPN | ||
| + | - Select **Import from file...** from the bottom | ||
| + | - Browse to ''/etc/openvpn/client/sepia.conf'' | ||
| + | - Enter your the first line in ''/etc/openvpn/client/sepia/secret'' (e.g., ''USER@HOST'') under **User name** | ||
| + | - Enter the second line in your ''/etc/openvpn/client/sepia/secret'' file for **Password** | ||
| ==== Mac/OS X ==== | ==== Mac/OS X ==== | ||
| Line 77: | Line 123: | ||
| === Tunnelblick **UNTESTED** === | === Tunnelblick **UNTESTED** === | ||
| - | - Download and untar the Sepia VPN client [[http://ceph.com/sage/sepia-vpn-client.tar.gz|tarball]] <code> | + | - Download and untar the Sepia VPN client [[https://filedump.ceph.com/sepia-vpn-client.tar.gz|tarball]] <code> |
| mkdir /etc/openvpn | mkdir /etc/openvpn | ||
| cd /etc/openvpn | cd /etc/openvpn | ||
| - | wget http://ceph.com/sage/sepia-vpn-client.tar.gz | + | wget https://filedump.ceph.com/sepia-vpn-client.tar.gz |
| sudo tar zxvf sepia-vpn.client.tar.gz | sudo tar zxvf sepia-vpn.client.tar.gz | ||
| Line 97: | Line 143: | ||
| === Viscosity === | === Viscosity === | ||
| - | - Download http://ceph.com/sage/Sepia.visz | + | - Download https://filedump.ceph.com/Sepia.visz |
| - | - Download http://ceph.com/sage/sepia-vpn-client.tar.gz | + | - Download https://filedump.ceph.com/sepia-vpn-client.tar.gz |
| - Import the Sepia.visz config into Viscosity | - Import the Sepia.visz config into Viscosity | ||
| - Extract sepia-vpn-client.tar.gz | - Extract sepia-vpn-client.tar.gz | ||
vpnaccess.txt · Last modified: 2023/12/02 06:30 by dmick
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
