Linux/BSD - OpenVPN / general info¶
Use of the VPN is required to access department resources from off-campus. This provides greater security than if department-operated systems were exposed directly to the Internet.
The configuration file avaiable
at this link should be used when connecting to the department VPN service. It contains not only the configuration options necessary for connecting, but also an embedded SSL certificate that is use for verifying the authenticity of the service.
The OpenVPN package may need to be installed before use. The exact package names can vary from distribution to distribution, but here are some common ones, along with their easy copy/paste install lines:
Debian / Ubuntu and derivatives
sudo apt install openvpn
sudo dnf install openvpn
Arch and derivatives
sudo pacman -S openvpn
pkgsrc (NetBSD / Multiple operating systems)
cd /usr/pkgsrc/net/openvpn && sudo make install clean clean-depends
pkgin (NetBSD / Multiple operating systems)
sudo pkgin install openvpn
doas pkg_add openvpn
sudo pkg install openvpn
Using your distribution’s package manager, install the package and proceed to Connect to the VPN.
Connecting to the VPN¶
The quickest way to connect to the vpn is to call
openvpn from the command line (with
sudo, since it requires root privileges to operate) with the configuration file, available at the top of this page, as the first and only parameter.
sudo openvpn CSCI-VPN.ovpn
You will be prompted first your local account password (for
sudo), then for your VPN username, then password in separate prompts, where the output to establish a session should look something like this:
$ sudo openvpn CSCI-VPN.ovpn [sudo] password for your_computer_username: Sun Sep 12 22:43:29 2021 Unrecognized option or missing or extra parameter(s) in CSCI-VPN.ovpn:11: block-outside-dns (2.4.4) Sun Sep 12 22:43:29 2021 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021 Sun Sep 12 22:43:29 2021 library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.08 Enter Auth Username: your_cs_username Enter Auth Password: ************ Sun Sep 12 22:46:22 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]22.214.171.124:922 Sun Sep 12 22:46:22 2021 UDP link local (bound): [AF_INET][undef]:0 Sun Sep 12 22:46:22 2021 UDP link remote: [AF_INET]126.96.36.199:922 Sun Sep 12 22:46:22 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sun Sep 12 22:46:22 2021 [vpn.cs.wwu.edu] Peer Connection Initiated with [AF_INET]188.8.131.52:922 Sun Sep 12 22:46:23 2021 TUN/TAP device tun0 opened Sun Sep 12 22:46:23 2021 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Sun Sep 12 22:46:23 2021 /sbin/ip link set dev tun0 up mtu 1500 Sun Sep 12 22:46:23 2021 /sbin/ip addr add dev tun0 172.30.64.2/22 broadcast 172.30.67.255 Sun Sep 12 22:46:23 2021 Initialization Sequence Completed
Leave this terminal open with the session running, then type Ctrl-C to terminate the VPN connection at the end of your work session.
Be particularly careful if you leverage the
--auth-user-pass in a script. Do not save your password in a plaintext configuration file or script.
Alternative installation / use¶
As an alternative to the above installation/usage instructions, The OpenVPN website contains a detailed walkthrough on installing and using the laest version of the software, avaiable at https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux. The software does not require root privileges to operate, which may be preferable over the previous method.
This walkthrough references use of a configuration file, which is available at the top of this page.