This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
vpnaccess [2018/06/29 15:59] djgalloway |
vpnaccess [2023/12/02 06:30] (current) dmick [Linux] |
||
---|---|---|---|
Line 11: | Line 11: | ||
**NOTE:** You will need VPN credentials for each machine/workstation you intend to connect to the Sepia VPN. **Client credentials can not be used on more than one machine at a time!** | **NOTE:** You will need VPN credentials for each machine/workstation you intend to connect to the Sepia VPN. **Client credentials can not be used on more than one machine at a time!** | ||
+ | |||
==== Linux ==== | ==== Linux ==== | ||
<code> | <code> | ||
sudo [apt-get|yum] install openvpn | sudo [apt-get|yum] install openvpn | ||
+ | |||
+ | sudo mkdir -p /run/openvpn | ||
+ | |||
+ | ## Fedora 28 and later | ||
+ | cd /etc/openvpn/client | ||
+ | |||
+ | ## All others | ||
cd /etc/openvpn | cd /etc/openvpn | ||
- | wget http://ceph.com/sage/sepia-vpn-client.tar.gz | + | |
+ | |||
+ | sudo wget https://filedump.ceph.com/sepia-vpn-client.tar.gz | ||
sudo tar zxvf sepia-vpn-client.tar.gz | sudo tar zxvf sepia-vpn-client.tar.gz | ||
+ | |||
# Generate client credentials | # Generate client credentials | ||
Line 31: | Line 42: | ||
OR | OR | ||
sudo systemctl restart openvpn@sepia | sudo systemctl restart openvpn@sepia | ||
+ | OR | ||
+ | sudo systemctl restart openvpn-client@sepia | ||
- | # If you have a /etc/openvpn/client/ directory, you may need to: | + | # Try all 3. One of them should work. |
+ | # Whichever works, enable the systemd service | ||
- | sudo mv /etc/openvpn/sepia* /etc/openvpn/client/ | + | sudo systemctl enable openvpn@sepia |
- | + | OR | |
- | # before you can run openvpn-client@sepia.service. | + | sudo systemctl enable openvpn-client@sepia |
- | # This is because the OpenVPN systemd unit file looks in /etc/openvpn/client/ for configuration files by default. | + | |
</code> | </code> | ||
=== Linux Gotchas === | === Linux Gotchas === | ||
- | You may need to modify ''user'' and ''group'' in ''/etc/openvpn/sepia/client.conf'' depending on what user the service runs as. This could be ''nobody'', ''nogroup'', or ''openvpn''. | + | You may need to edit ''user'' and ''group'' in ''/etc/openvpn/sepia/client.conf'' depending on what user the service runs as. This could be ''nobody'', ''nogroup'', or ''openvpn''. |
<code> | <code> | ||
- | - user nobody | + | sed -i 's/nobody/openvpn/g' /etc/openvpn/sepia/client.conf || sed -i 's/nobody/openvpn/g' /etc/openvpn/client/sepia/client.conf |
- | - group nogroup | + | sed -i 's/nogroup/openvpn/g' /etc/openvpn/sepia/client.conf || sed -i 's/nogroup/openvpn/g' /etc/openvpn/client/sepia/client.conf |
- | + user openvpn | + | |
- | + group openvpn | + | |
</code> | </code> | ||
+ | |||
+ | ---- | ||
If you're using OpenVPN for any other VPN connection (e.g., Red Hat's), you may need to change the ''dev'' name in ''/etc/openvpn/sepia/client.conf''. See below. | If you're using OpenVPN for any other VPN connection (e.g., Red Hat's), you may need to change the ''dev'' name in ''/etc/openvpn/sepia/client.conf''. See below. | ||
<code> | <code> | ||
- | - dev tun | + | # ERASE |
- | + dev sepia0 | + | dev tun |
- | + dev-type tun | + | |
+ | # REPLACE WITH | ||
+ | dev sepia0 | ||
+ | dev-type tun | ||
+ | </code> | ||
+ | |||
+ | ---- | ||
+ | |||
+ | If the ''new-client'' script throws an error about ''/usr/bin/python'' not being found, run: | ||
+ | |||
+ | <code> | ||
+ | sudo sed -i 's|/usr/bin/python|/usr/bin/python3|g' sepia/new-client | ||
</code> | </code> | ||
=== Troubleshooting === | === Troubleshooting === | ||
+ | Please disable SELinux on rhel clients | ||
+ | |||
To troubleshoot your VPN connection, try running the following command to determine where the connection is failing: | To troubleshoot your VPN connection, try running the following command to determine where the connection is failing: | ||
<code> | <code> | ||
openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5 | openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5 | ||
+ | OR | ||
+ | openvpn --config /etc/openvpn/client/sepia.conf --cd /etc/openvpn/client --verb 5 | ||
</code> | </code> | ||
Line 77: | Line 105: | ||
- Enter the second line in your ''/etc/openvpn/sepia/secret'' file for **Password** | - Enter the second line in your ''/etc/openvpn/sepia/secret'' file for **Password** | ||
+ | |||
+ | ==== Fedora Network Manager GUI -- Fedora 34 ==== | ||
+ | |||
+ | This procedure was confirmed to work on Fedora 34 on 14 July 2021. | ||
+ | |||
+ | - Make sure you've followed all the prerequisite steps [[vpnaccess#linux|here]] | ||
+ | - Right click the NetworkManager icon | ||
+ | - Select **Settings** --> **Network** | ||
+ | - Click the **+** symbol under VPN | ||
+ | - Select **Import from file...** from the bottom | ||
+ | - Browse to ''/etc/openvpn/client/sepia.conf'' | ||
+ | - Enter your the first line in ''/etc/openvpn/client/sepia/secret'' (e.g., ''USER@HOST'') under **User name** | ||
+ | - Enter the second line in your ''/etc/openvpn/client/sepia/secret'' file for **Password** | ||
==== Mac/OS X ==== | ==== Mac/OS X ==== | ||
Line 82: | Line 123: | ||
=== Tunnelblick **UNTESTED** === | === Tunnelblick **UNTESTED** === | ||
- | - Download and untar the Sepia VPN client [[http://ceph.com/sage/sepia-vpn-client.tar.gz|tarball]] <code> | + | - Download and untar the Sepia VPN client [[https://filedump.ceph.com/sepia-vpn-client.tar.gz|tarball]] <code> |
mkdir /etc/openvpn | mkdir /etc/openvpn | ||
cd /etc/openvpn | cd /etc/openvpn | ||
- | wget http://ceph.com/sage/sepia-vpn-client.tar.gz | + | wget https://filedump.ceph.com/sepia-vpn-client.tar.gz |
sudo tar zxvf sepia-vpn.client.tar.gz | sudo tar zxvf sepia-vpn.client.tar.gz | ||
Line 102: | Line 143: | ||
=== Viscosity === | === Viscosity === | ||
- | - Download http://ceph.com/sage/Sepia.visz | + | - Download https://filedump.ceph.com/Sepia.visz |
- | - Download http://ceph.com/sage/sepia-vpn-client.tar.gz | + | - Download https://filedump.ceph.com/sepia-vpn-client.tar.gz |
- Import the Sepia.visz config into Viscosity | - Import the Sepia.visz config into Viscosity | ||
- Extract sepia-vpn-client.tar.gz | - Extract sepia-vpn-client.tar.gz |