Linux/BSD - OpenVPN / general info


Use of the VPN is required to access department resources from off-campus. This provides greater security than if department-operated systems were exposed directly to the Internet.


Configuration file

The configuration file avaiable at this link should be used when connecting to the department VPN service. It contains not only the configuration options necessary for connecting, but also an embedded SSL certificate that is use for verifying the authenticity of the service.


Installation

The OpenVPN package may need to be installed before use. The exact package names can vary from distribution to distribution, but here are some common ones, along with their easy copy/paste install lines:

Debian / Ubuntu and derivatives

sudo apt install openvpn

Fedora

sudo dnf install openvpn

Arch and derivatives

sudo pacman -S openvpn

pkgsrc (NetBSD / Multiple operating systems)

cd /usr/pkgsrc/net/openvpn && sudo make install clean clean-depends

pkgin (NetBSD / Multiple operating systems)

sudo pkgin install openvpn

OpenBSD

doas pkg_add openvpn

FreeBSD

sudo pkg install openvpn

Using your distribution’s package manager, install the package and proceed to Connect to the VPN.

Connecting to the VPN

The quickest way to connect to the vpn is to call openvpn from the command line (with sudo, since it requires root privileges to operate) with the configuration file, available at the top of this page, as the first and only parameter.

sudo openvpn CSCI-VPN.ovpn

You will be prompted first your local account password (for sudo), then for your VPN username, then password in separate prompts, where the output to establish a session should look something like this:

$ sudo openvpn CSCI-VPN.ovpn
[sudo] password for your_computer_username:
Sun Sep 12 22:43:29 2021 Unrecognized option or missing or extra parameter(s) in CSCI-VPN.ovpn:11: block-outside-dns (2.4.4)
Sun Sep 12 22:43:29 2021 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Sun Sep 12 22:43:29 2021 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Enter Auth Username: your_cs_username
Enter Auth Password: ************
Sun Sep 12 22:46:22 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]140.160.30.46:922
Sun Sep 12 22:46:22 2021 UDP link local (bound): [AF_INET][undef]:0
Sun Sep 12 22:46:22 2021 UDP link remote: [AF_INET]140.160.30.46:922
Sun Sep 12 22:46:22 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Sep 12 22:46:22 2021 [vpn.cs.wwu.edu] Peer Connection Initiated with [AF_INET]140.160.30.46:922
Sun Sep 12 22:46:23 2021 TUN/TAP device tun0 opened
Sun Sep 12 22:46:23 2021 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Sep 12 22:46:23 2021 /sbin/ip link set dev tun0 up mtu 1500
Sun Sep 12 22:46:23 2021 /sbin/ip addr add dev tun0 172.30.64.2/22 broadcast 172.30.67.255
Sun Sep 12 22:46:23 2021 Initialization Sequence Completed

Leave this terminal open with the session running, then type Ctrl-C to terminate the VPN connection at the end of your work session.

Note

Be particularly careful if you leverage the --auth-user-pass in a script. Do not save your password in a plaintext configuration file or script.

Alternative installation / use

As an alternative to the above installation/usage instructions, The OpenVPN website contains a detailed walkthrough on installing and using the laest version of the software, avaiable at https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux. The software does not require root privileges to operate, which may be preferable over the previous method.

This walkthrough references use of a configuration file, which is available at the top of this page.