External access to wired network
To gain authenticated access to the wired network of the Physics Department
from external networks (e.g. at home), via X.509 certificate authentication and OpenVPN software,
fill the
request web form.
The VPN service may be used for remote desktop connections, data transfers,
direct SSH connection to servers on the internal network
(without the need of using SSH gateways).
User is authenticated via X.509 certificate and the connection is encrypted.
NOTICE:
registered users only.
Use of virtual private network
To use the service, the software package OpenVPN must be installed
on the machine that starts the connection (client):
- Linux: install the package suitable for your distribution
(e.g. Debian 9 Stretch apt-get install openvpn)
- Windows 7 and higher: install the latest version of
OpenVPN on the official web site,
or version 2.4.6 (as of 2018-04-24) on the
department web site.
- MacOS X 10.7.5 and higher: install the latest version of
Tunnelblick on the official web site,
or version 3.7.6a (as of 2018-06-26) on the
department web site.
OpenVPN/Tunnelblick configuration files are sent via
email soon after service activation inside a ZIP archive.
The archive contains the following files (file names vary according to user and VPN),
which must be installed in the configuration directory of OpenVPN (Linux
and Windows) or Tunnelblick (MacOS X) on the client machine:
- Name.Surname.crt: X.509 client certificate
- NameSurname.key: client private key (keep it private!)
- ca.crt: CA certificate
- ta.key: pre-shared server key
- xxx.ovpn: OpenVPN configuration file
Once client configuration is done, the OpenVPN service must be started
(the software can be configured to automatically start
after operating system boot).
When the OpenVPN service is running on the client, it is
possible to connect to machines on the department wired
network simply using their IP address (e.g. SSH
connection to altair: ssh 172.31.0.16).
NOTICE: no additional software package is needed on the internal machines.