OpenVPN

OpenVPN is used as a way to “bridge” an external network with our own here at Shippensburg University.  Basically, it creates the illusion that you are connected directly to our network, when in reality you could be anywhere in the world.  This offers many benefits, the greatest of which is access to our in house services no matter where you are.  Installation is fairly simple, and is explained here.

NOTE: When asked for your Shippensburg University Computer Science credentials, do not add the @cs.ship.edu to the end of your username.

The updated OpenVPN Access server has clients for Windows, Linux, OSX, IOS and Android devices. Please follow these instructions and select the appropriate client for the type of device you are trying to configure. There will be subtle differences in how you initiate a connection. The following directions are tailored to Windows users but are similar enough to other clients.

The easiest solution is to simply install the default client for your device prepackaged with the personalized connection profile using the installer available from our VPN server. Login to the server located at the https://vpn.cs.ship.edu using your CS&E credentials and download the client installer for your device. Simply follow the directions and you will install the OpenVPN Connect client already configured with your configuration file. To connect, simply launch OpenVPN Connect, right click on the icon which will appear in your task bar, and select “Connect to vpn.cs.ship.edu” from the menu. Use your CS&E credentials and it will initiate a connection. Check the task bar icon for connection status. Please remember to disconnect when your are finished.

Windows

These directions should only be used in the event that you are having issues with the installer available from our server. If you are you can try the older method for configuring OpenVPN under Windows. First, download the installer located here:  http://www.openvpn.net/index.php/open-source/downloads.html  Next, run the installer to install OpenVPN.  Download your connection profile by going to https://vpn.cs.ship.edu and logging in with your Shippensburg University Computer Science Department credentials and saving the file with the .ovpn extension to a location where you will be able to easily find it.  To start OpenVPN using the configuration file, you can either right click on the configuration file and select Start OpenVPN on this configuration file or you can open it from the commandline and type openvpn <location and name of configuration file>.  You should then be prompted for your Shippensburg University Computer Science credentials.  You should then be connected to our network.  Once OpenVPN is running, you can stop it by pressing the F4 key.

To run OpenVPN as a service, put your desired .ovpn configuration file in \Program Files\OpenVPN\config and start the OpenVPN service, which can be controlled by going to the Control Panel ==> Administrative Tools ==> Services and finding the OpenVPN Service.

WARNING! When using the OpenVPN client for Windows, users MUST disconnect their active session before closing the client. If the connection is active when the client is closed, the routing information used for all SHIP.EDU traffic does not get reset. This can be verified by using either of the following methods: ipconfig /all when using the command prompt or ifconfig when using mobaxterm. If either of these commands display an additional local area connection with the Connection-Specific DNS Suffix of cs.ship.edu and the Description TAP-Win32 Adapter, this is most likely the root cause of any connectivity issues the user may be experiencing. The only solution I have found was to manually kill the openvpn.exe process which was left running as the system user. Once this is completed, another check should return a result showing that the adapter is now in a Media State of  Media disconnected.

Linux

The easiest way to install openvpn under Linux is to use the package management tools provided for the particular distro you are using. The most common commands and the distros they work with are:

yum install openvpn

  • Redhat
  • CentOS
  • Fedora

apt-get install openvpn

  • Ubuntu
  • Debian
  • Mint

In the event that your selected distribution does not have a prepackaged install option for openVPN, you will need to build from source. To install from source, download the source archive here:  http://www.openvpn.net/index.php/open-source/downloads.html

Unextract the archive by typing

tar xfz openvpn-[version].tar.gz

Move to the directory you just extracted, and type:

./configure
make
make install

** When installing from source, please read the documentation and make sure that all the required dependencies are met or you will have a difficult time getting it to build.

Next, grab our configuration by going to https://vpn.cs.ship.edu, logging in with your Shippensburg University Computer Science credentials, and downloading the file with the .ovpn extension.

To start OpenVPN, open a terminal, and type

openvpn <location and name of configuration file>     

**NOTE:  You will need to run this as the “super user”, so for example if you are on a Debian based distribution, use the “sudo” command in front of this.

You should then be prompted for your Shippensburg University Computer Science credentials, and the vpn will be running. To then stop the OpenVPN client, ensure your terminal window is active and press Control + c

Mac OSX

*** The latest upgrade of our VPN server now offers the new OpenVPN Connect client for OSX, please follow the instructions for downloading and installing the client as stated above. You should only use the following instructions if you are having issues with the OpenVPN Connect client or if you prefer to stay with Tunnelblick.

A GUI for OpenVPN has been created by Angelo Laub and Dirk Theisen called tunnelblick.  It is located at: http://code.google.com/p/tunnelblick/      To install, simply download and mount the dmg on the tunnelblick google site, and drag the tunnelblick application to the Applications symlink inside the dmg.  The tunnelblick application contains both the tunnelblic GUI and the OpenVPN program so it is not needed to grab the official OpenVPN source and compile.  **Note, the version of OpenVPN contained in tunnelblick is the newer “unfinished” 2.1 version as it is most recommended by the OpenVPN team.

OpenVPN uses configuration files that contain various bits of information required to establish the “link” between your own network and ours.  You can find the configuration file by going to https://vpn.cs.ship.edu   and loging in using your Shippensburg University Computer Science credentials.  There you will see a configuration file with a .opvn extension.  This file should be downloaded and placed in your  ~/Library/openvpn  folder.  Initially, you will not have a folder named openvpn in this directory if you have never used OpenVPN before, thus it will be necessary to manually create it.

Next, run tunnelblick; it will ask you for the user name and password in order to setup network connections that need to be done by root.  This should only happen once.  You should see the tunnelblick icon in your menubar.  You can then click on the icon, and select Connect ‘client’ in the menu that appears.  If everything goes well, you should see the icon “flicker” and eventually stay light, indicating you have sucessfully connected to your network.  To test, you can open up a terminal session, and type nslookup clipper.  The lookup should be successful and display the pertinent information regarding clipper.  To disconnect, simply select Disconnect ‘client’ from the menu.

By following the above steps, you have now successfully setup tunnelblick and OpenVPN on your Mac to connect to our network.  One last note: tunnelblick will run automatically on startup if you do not manually quit it before you reboot.  If you use it often and wish for it to always start up when your Mac boots, than you may leave it alone.  Otherwise, you will need to manually select quit from the menu to prevent it from opening upon each boot.