ClueNet:ClueVPN User Connection
From ClueWiki
Contents |
This page is out of date. It will be updated when gateway servers are added to the new VPN.
Ubuntu 8.04 or newer
First, install the needed packages:
sudo apt-get install openvpn network-manager-openvpn
Next, download the needed CA certificate from NOC:
http://sine.cluenet.org/~fahad/ca-cert.pem
Finally, configure the VPN connection:
Go to Configure VPN and +Add
Next, fill in the data, replacing your information where needed:
PLEASE NOTE: Do NOT enter vector.cluenet.org, but instead, use openvpn.cluenet.org
TODO: Fix screenshot
Required tab
Optional tab
And finally connect to the network by clicking on Vector - ClueNet. You will have to enter your ClueNet password.
Windows 2000/XP/Vista/7
Prequisites
- Download the OpenVPN GUI installer here.
- Download the ClueVPN CA certificate here. Note where you save the file.
- Administrator rights, and answering of multiple UAC prompts on Windows Vista/7
Installing
- Launch the OpenVPN GUI installer.
- Under the component selection screen, check only the options below. Uncheck the ones not listed below. Items labeled "(Optional)" are optional.
- OpenVPN user-space components
- OpenVPN RSA certificate management scripts
- OpenVPN GUI
- (Optional) AutoStart OpenVPN GUI
- OpenVPN service
- OpenVPN file associations
- OpenSSL DLLs
- OpenSSL utilities
- TAP-Win32 (or TAP-Win64 if you have a 64 bit system) Virtual Ethernet Adapter
- Add OpenVPN to PATH
- (Optional) Add shortcuts to Start Menu
- Proceed with installation. Note the install location (in this example, we'll use C:\Program Files\OpenVPN)
Preparing to Connect
Rename the TAP driver
You should rename the TAP driver to something more easily recognizable.
- Launch Control Panel
- Navigate to Network Connections
- Look for a new LAN connection with the description "TAP-Win32 (or -Win64) Adapter Vn," where n is a number (currently 8)
- Select it and press <F2>
- Rename it "OpenVPN TAP"
- Tip: When not using the VPN, disable the driver (right click > Disable) to save time booting up Windows.
Writing the Config File
- Note: You will need to know where you installed OpenVPN and where you saved the ClueNet CA for this section.
- Navigate to the OpenVPN installation directory. In this example, it's C:\Program Files\OpenVPN.
- Open the config folder.
- Open your favorite text editor and create a file here called "ClueNet.ovpn".
- Paste the config file shown at the end of this section into the file and save. Do not close the file yet.
- Find the section of the config file starting with "# SSL/TLS params." Erase (or comment out) the configuration directives there and replace it with
ca "C:\\PATH\\TO\\ca-cert.pem", replacing the path with the path to the copy of the CA you saved.- Note: The path must be enclosed in "double quotes" and you must use two backslashes instead of one (for example,
F:\Certificates\ca-cert.pemshould be written as"F:\\Certificates\\ca-cert.pem").
- Note: The path must be enclosed in "double quotes" and you must use two backslashes instead of one (for example,
- Save and close the configuration file.
Configuration File
# OpenVPN configuration for ClueVPN # Edit to match your configuration. #------------------------------------------------------------------------------- # Replace "path-to-cert" with the path to Cluenet CA certificate. # On Windows, you must use either \\ or / as separator. ca "path-to-cert" # Examples: # "/etc/cluenet.cer" # "C:\\Windows\\Cluenet.cer" # "C:/Documents and Settings/All Users/Cluenet.cer" #------------------------------------------------------------------------------- # Servers remote openvpn.cluenet.org 1194 #------------------------------------------------------------------------------- # If you're on Windows, and have more than one TAP adapter, uncomment # the following line and replace OpenVPN with the name of the adapter. ;dev-node "OpenVPN" #------------------------------------------------------------------------------- # Keep trying indefinitely to resolve the host name of the OpenVPN server. # Very useful on machines which are not permanently connected to the internet. resolv-retry infinite #------------------------------------------------------------------------------- # Downgrade privileges after initialization (does NOT work on Windows) ;user nobody ;group nobody #------------------------------------------------------------------------------- # If you are connecting through an HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and port number here. See the man page # if your proxy server requires authentication. ;http-proxy-retry # retry on connection failures ;http-proxy proxy.example.com 8080 #------------------------------------------------------------------------------- # Wireless networks often produce a lot of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings ################################################################################ # OTHER CONFIGURATION - You shouldn't touch these. client proto udp dev tun nobind persist-key persist-tun ns-cert-type server auth-user-pass comp-lzo verb 3 mute 20
Connecting
- Start the OpenVPN GUI if it isn't already started.
- Navigate to the Network Connections control panel and verify that OpenVPN TAP is started. It is normal to get a "A network cable is unplugged" warning at this point.
- Right-click the OpenVPN GUI icon in the system tray and select Connect. (Fig. 1)
- In the prompt (that you should get), enter your username and password. (Fig. 2)
- You should eventually see a balloon notice reading "Vector - ClueNet is now connected - IP Address: 10.n.n.n" and/or a balloon reading "OpenVPN TAP is now connected - Speed: 10.0 mbps".
Disconnecting
- To disconnect, right-click the now green OpenVPN try icon and click Disconnect.
- It is recommended that you also disable the TAP driver in Network Connections to save time when booting Windows. Right-click OpenVPN TAP in Network Connections and select Disable.
Figures
 Figure 1 |
 Figure 2 |
Vista Issues
If you get Add Route Errors add this to your config
route-method exe route-delay 2
