User Tools

Site Tools


vpnaccess

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
vpnaccess [2018/06/29 15:59]
djgalloway
vpnaccess [2023/12/02 06:30] (current)
dmick [Linux]
Line 11: Line 11:
  
 **NOTE:** You will need VPN credentials for each machine/​workstation you intend to connect to the Sepia VPN.  **Client credentials can not be used on more than one machine at a time!** **NOTE:** You will need VPN credentials for each machine/​workstation you intend to connect to the Sepia VPN.  **Client credentials can not be used on more than one machine at a time!**
 +
  
 ==== Linux ==== ==== Linux ====
 <​code>​ <​code>​
 sudo [apt-get|yum] install openvpn sudo [apt-get|yum] install openvpn
 +
 +sudo mkdir -p /​run/​openvpn
 +
 +## Fedora 28 and later
 +cd /​etc/​openvpn/​client
 +
 +## All others
 cd /​etc/​openvpn cd /​etc/​openvpn
-wget http://ceph.com/sage/​sepia-vpn-client.tar.gz+ 
 + 
 +sudo wget https://filedump.ceph.com/​sepia-vpn-client.tar.gz
 sudo tar zxvf sepia-vpn-client.tar.gz sudo tar zxvf sepia-vpn-client.tar.gz
 +
  
 # Generate client credentials # Generate client credentials
Line 31: Line 42:
 OR OR
 sudo systemctl restart openvpn@sepia sudo systemctl restart openvpn@sepia
 +OR
 +sudo systemctl restart openvpn-client@sepia
  
-If you have a /​etc/​openvpn/​client/​ directoryyou may need to:+Try all 3.  One of them should work. 
 +# Whichever worksenable the systemd service
  
-sudo mv /etc/openvpn/sepia* /​etc/​openvpn/​client/​ +sudo systemctl enable ​openvpn@sepia 
- +OR 
-# before you can run openvpn-client@sepia.service. +sudo systemctl enable ​openvpn-client@sepia
-# This is because the OpenVPN systemd unit file looks in /​etc/​openvpn/​client/​ for configuration files by default.+
 </​code>​ </​code>​
  
 === Linux Gotchas === === Linux Gotchas ===
-You may need to modify ​''​user''​ and ''​group''​ in ''/​etc/​openvpn/​sepia/​client.conf''​ depending on what user the service runs as.  This could be ''​nobody'',​ ''​nogroup'',​ or ''​openvpn''​.+You may need to edit ''​user''​ and ''​group''​ in ''/​etc/​openvpn/​sepia/​client.conf''​ depending on what user the service runs as.  This could be ''​nobody'',​ ''​nogroup'',​ or ''​openvpn''​.
  
 <​code>​ <​code>​
-user nobody +sed -i 's/nobody/​openvpn/​g'​ /​etc/​openvpn/​sepia/​client.conf || sed -i '​s/​nobody/​openvpn/​g'​ /​etc/​openvpn/​client/​sepia/​client.conf 
-group nogroup +sed -i 's/nogroup/openvpn/g' /​etc/​openvpn/​sepia/​client.conf || sed -i '​s/​nogroup/​openvpn/​g'​ /etc/openvpn/​client/​sepia/​client.conf
-+ user openvpn +
-+ group openvpn+
 </​code>​ </​code>​
 +
 +----
  
 If you're using OpenVPN for any other VPN connection (e.g., Red Hat'​s),​ you may need to change the ''​dev''​ name in ''/​etc/​openvpn/​sepia/​client.conf''​. ​ See below. If you're using OpenVPN for any other VPN connection (e.g., Red Hat'​s),​ you may need to change the ''​dev''​ name in ''/​etc/​openvpn/​sepia/​client.conf''​. ​ See below.
  
 <​code>​ <​code>​
-dev tun +# ERASE 
-dev sepia0 +dev tun 
-dev-type tun+ 
 +# REPLACE WITH 
 +dev sepia0 
 +dev-type tun 
 +</​code>​ 
 + 
 +---- 
 + 
 +If the ''​new-client''​ script throws an error about ''/​usr/​bin/​python''​ not being found, run: 
 + 
 +<​code>​ 
 +sudo sed -i '​s|/​usr/​bin/​python|/​usr/​bin/​python3|g'​ sepia/​new-client
 </​code>​ </​code>​
  
 === Troubleshooting === === Troubleshooting ===
 +Please disable SELinux on rhel clients
 +
 To troubleshoot your VPN connection, try running the following command to determine where the connection is failing: To troubleshoot your VPN connection, try running the following command to determine where the connection is failing:
  
 <​code>​ <​code>​
 openvpn --config /​etc/​openvpn/​sepia.conf --cd /​etc/​openvpn --verb 5 openvpn --config /​etc/​openvpn/​sepia.conf --cd /​etc/​openvpn --verb 5
 +OR
 +openvpn --config /​etc/​openvpn/​client/​sepia.conf --cd /​etc/​openvpn/​client --verb 5
 </​code>​ </​code>​
  
Line 77: Line 105:
   - Enter the second line in your ''/​etc/​openvpn/​sepia/​secret''​ file for **Password**   - Enter the second line in your ''/​etc/​openvpn/​sepia/​secret''​ file for **Password**
  
 +
 +==== Fedora Network Manager GUI -- Fedora 34 ====
 +
 +This procedure was confirmed to work on Fedora 34 on 14 July 2021.
 +
 +   - Make sure you've followed all the prerequisite steps [[vpnaccess#​linux|here]]
 +   - Right click the NetworkManager icon
 +   - Select **Settings** --> **Network**
 +   - Click the **+** symbol under VPN
 +   - Select **Import from file...** from the bottom
 +   - Browse to ''/​etc/​openvpn/​client/​sepia.conf''​
 +   - Enter your the first line in ''/​etc/​openvpn/​client/​sepia/​secret''​ (e.g., ''​USER@HOST''​) under **User name**
 +   - Enter the second line in your ''/​etc/​openvpn/​client/​sepia/​secret''​ file for **Password**
  
 ==== Mac/OS X ==== ==== Mac/OS X ====
Line 82: Line 123:
  
 === Tunnelblick **UNTESTED** === === Tunnelblick **UNTESTED** ===
-  - Download and untar the Sepia VPN client [[http://ceph.com/sage/​sepia-vpn-client.tar.gz|tarball]] <​code>​+  - Download and untar the Sepia VPN client [[https://filedump.ceph.com/​sepia-vpn-client.tar.gz|tarball]] <​code>​
 mkdir /​etc/​openvpn mkdir /​etc/​openvpn
 cd /​etc/​openvpn cd /​etc/​openvpn
-wget http://ceph.com/sage/​sepia-vpn-client.tar.gz+wget https://filedump.ceph.com/​sepia-vpn-client.tar.gz
 sudo tar zxvf sepia-vpn.client.tar.gz sudo tar zxvf sepia-vpn.client.tar.gz
  
Line 102: Line 143:
 === Viscosity === === Viscosity ===
  
-  - Download ​http://ceph.com/sage/​Sepia.visz +  - Download ​https://filedump.ceph.com/​Sepia.visz 
-  - Download ​http://ceph.com/sage/​sepia-vpn-client.tar.gz+  - Download ​https://filedump.ceph.com/​sepia-vpn-client.tar.gz
   - Import the Sepia.visz config into Viscosity   - Import the Sepia.visz config into Viscosity
   - Extract sepia-vpn-client.tar.gz   - Extract sepia-vpn-client.tar.gz
vpnaccess.1530287965.txt.gz · Last modified: 2018/06/29 15:59 by djgalloway