====== VPN ====== Out dated. Use WireGuard now. ===== Connection to nomad clients VPN ===== ==== Asking for a certificate ==== To be able to connect to the VPN, it is necessary to have a client certificate and the certification authority chain which has created the certificate. To have this the VPN administrator should be contacted. He is the person who manages the certification authority. Once the certificate created, the following files should be used to modify the VPN client configuration: * **ca-chain-users.pem** which is the certification authority chain ; * **hostname.crt** which is the public key of the certificate and ; * **hostname.key** which is the private key of the certificate (it must be absolutely stay secret). ==== GNU/Linux client with Network Manager ==== FIXME ==== Windows with OpenVPN GUI ==== === Download === One of the following clients must be downloaded depending on the used Windows' version. * [[https://swupdate.openvpn.org/community/releases/openvpn-install-2.3.10-I603-i686.exe|Client for Windows 32bit]] * [[https://swupdate.openvpn.org/community/releases/openvpn-install-2.3.10-I603-x86_64.exe|Client for Windows 64bit]] === Installation === Like lots of softwares, the installer of the OpenVPN client requires to complete several steps. Once the installer donwloaded, it can be started by double-clicking on it. After clicking on //Next// and accepting the terms of use, you need to ensure that the installater's options are the following. The default selection should be enough (in theory). {{ :network:openvpn_with_tap.png?direct |}} During the installation process, the driver for the virtual interface that will be used by the VPN must be installed. So you need to accept its installation when it will be asked. {{ :network:openvpn_tap_driver.png?direct |}} Once the installation done, it might be useful to rename the virtual interface with a better name so you can remember it and use it in the VPN configuration. In the network interfaces list, you need to look for the TAP interface and then rename it by doing a right click and selecting //Rename//. {{ :network:vpn_interface.png?direct |}} === Configuration === You need to download the file [[http://respawner.fr/rnd/vpn/gravitons.ovpn|gravitons.ovpn]] and put it in the configuration directory of OpenVPN which is //C:\Program Files\OpenVPN\config// by default. After opening the file, you need to change the values of the **dev-node**, **ca**, **cert** and **key** options to use the proper interface and certificate. It is recommended to put the certificate files in the directory where the configuration file is. {{ :network:openvpn_files.png?direct |}} === Utilisation === To use the VPN you need to start the OpenVPN GUI client with the administrator rights. Then you can right click the icon in the taskbar and click on the //Connect// entry of the menu. A window should pop up and show logs, few seconds later the connection should be established. OpenVPN will, with a notification, display the allocated IP address. {{ :network:openvpn_gui_result.png?direct |}}