23.04.2014 - 11:04
A  A
Contact

Max Planck Institute for Evolutionary Anthropology

Deutscher Platz 6
04103 Leipzig

phone: +49 (341) 3550 - 0
fax: +49 (341) 3550 - 119

e-mail: info@[>>> Please remove the brackets! <<<]eva.mpg.de

VPN (Virtual Private Network)

It is possible to access services/resources of the institute from outside the institute by using VPN.

Resources available via VPN:

  • internal webserver
  • terminal servers
  • SSH-Gateway

To use VPN you need a special software installed on your computer. This software is available for

To use VPN on insitute computers, please ask your department's IT staff to install this software and to issue a digital certificate for you.

VPN-Client on Windows

Installation of SecurePoint SSL VPN

Download the most recent version from the vendors website.

 

Start the installation and choose the language you prefer.

 

 Click NEXT to continue with the installation process.

 

Click I AGREE to accept the license agreement.

 

 

 

 

Choose ALL USERS to install SecurepointSSLVPN for all users of your local device. Click NEXT.

 

 

 

Choose the MANAGEMENT context to edit some important configurations later. Click NEXT.

 

 

 

Choose the installation directory and click NEXT.

 

All important installation components are selected. Click INSTALL.

 

If you use Windows XP a warning appears during the installation process. Click CONTINUE ANYWAY to install a special driver that is needed for SecurepointSSLVPN.

 

To complete the setup click FINISH.

Configuration of SecurePoint SSL VPN

Now the configuration files and certificates that will be provided by the department’s IT staff have to be installed. Create a new subfolder named config in the SecurepointSSLVPN program directory.

 

The program directory may be:

  • C:\Program Files\Securepoint SSL VPN
  • C:\Program Files (x86)\Securepoint SSL VPN
  • C:\Programme\Securepoint SSL VPN

The files MPI_EVAN_ca.crt, MPI_EVAN_client.crt, MPI_EVAN_client.key, MPI_EVAN_emigma2_ta.key, MPI_EVAN_Default.opvn and MPI_EVAN_Fallback.ovpn have to be copied into this subfolder.

 

Start the SecurepointSSLVPN program by clicking on the desktop icon and a new icon will be shown in the taskbar.

 

Double click on it, then press IMPORT.

 

Choose the path to the config subfolder of the SecurepointSSLVPN program directory and import both configuration files:

  • MPI_EVAN_Default.ovpn
  • MPI_EVAN_Fallback.ovpn

 

 

Click CONNECT to establish the connection.

 

Enter your password and click OK.

 

Then the connection will be established.

 

VPN-Client on Linux

Install and configure OpenVPN for Linux clients

1. Install openvpn on your Linux client by using the distribution package.

2. Obtain an OpenVPN certificate from your department's IT administrator.

3. Put all files belonging to the certificate into the /etc/openvpn directory:

  • update-resolv-conf.suse  or
  • update-resolv-conf.ubuntu
  • MPI_EVAN_ca.crt
  • MPI_EVAN_client.crt
  • MPI_EVAN_client.key
  • MPI_EVAN_enigma2_ta.key
  • MPI_EVAN_suse.conf   or
  • MPI_EVAN_ubuntu.conf

4. cd into /etc/openvpn and execute "sudo chmod 755 /etc/openvpn/udate-resolv-conf*"

5. To start OpenVPN tunnel one must have root privileges on the system to load and setup kernel modules and network interfaces.

6. cd into /etc/openvpn and excute openvpn MPI_EVAN_suse.conf or openvpn MPI_EVAN_ubuntu.conf depending on your linux distribution.

root@client:/etc/openvpn# openvpn MPI_EVAN_ubuntu.conf
Fri Mar  7 13:05:19 2008 OpenVPN 2.0.9 arm-angstrom-linux-gnueabi [SSL] [LZO] [EPOLL] built on Aug  6 2007
Fri Mar  7 13:05:19 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Enter Private Key Password:
Fri Mar  7 13:05:21 2008 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Mar  7 13:05:21 2008 LZO compression initialized
Fri Mar  7 13:05:21 2008 UDPv4 link local (bound): [undef]:1194
Fri Mar  7 13:05:21 2008 UDPv4 link remote:
<IP-address of gateway>:1194
Fri Mar  7 13:05:23 2008 [OPENVPN-SERVER] Peer Connection Initiated with
<IP-address of gateway>:1194
Fri Mar  7 13:05:24 2008 NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
Fri Mar  7 13:05:24 2008 TUN/TAP device tun0 opened
Fri Mar  7 13:05:24 2008 /sbin/ifconfig tun0 <IP-address> pointopoint
<IP-address> mtu 1500
Fri Mar  7 13:05:24 2008 ./client.up.linux.sh tun0 1500 1558
<IP-address> <IP-address> init
Fri Mar  7 13:05:25 2008 Initialization Sequence Completed

Changing certificate password (recommended)

root@client:/etc/openvpn# openssl rsa -aes256 <client.key >client.key.new
Enter pass phrase:
writing RSA key
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
root@client:/etc/openvpn# mv client.key.new client.key

VPN-Client on Mac OS X

Download the most recent version of "Tunnelblick" and double-click to open it: Tunnelblick 3.4beta20

Install Tunnelblick

Start the installation by double-clicking at the Tunnelblick icon:

 

Click Open when prompted to confirm that you want to install this application:

Confirm the permission settings:

Finally, Quit the application.

Extract by double-clicking the compressed package (received via email) with your VPN certificates and configurations.

Open the folder MACOSX_CONFG and double-click on file MPI_EVAN_VPN.tblk and choose "Only me"

    

Next, you will be prompted to enter your username and password again to install the VPN configuration.

Starting the "tunnel"

Start Tunnelblick and the icon appear on the far right of your top toolbar. Click and select Connect MPI_EVAN_VPN to connect.

     

Enter the passphrase (also received via separate email).

If the connection attempt was successful, the Tunnelblick icon should now look enlightened and open.

   

Whenever you want to connect to the MPI-EVA just click at the tunnel icon. You may then use the Citrix Server (https://citrix.eva.mpg.de) or ssh-commands.

Changing certificate password (recommended)

Inside your VPN config package (received via email), change to MACOSX_CONFIG folder, there is a file named MPI_EVA_change_vpn_password.dmg.

Double-click this file and follow the instructions to change your password.