You are here

OpenVPN - How and Why

Printer-friendly versionPrinter-friendly version

There are a couple of problems which a VPN (Virtual Private Network) can help solve. The first is where you're working at a remote site but you need to appear as though you are a local network user in order to access some resources. The second is where there are restrictions on your network access, often for audit-trail reasons. A "VPN tunnel" is, essentially, a way to make your machine appear as though it's attached to the network somewhere other than where it really is. An additional benefit is that the tunnel is encrypted end-to-end, thus protecting the traffic going over it.

The system we have adopted is OpenVPN. We have it configured in "road-warrior" mode, suitable for users who would like to tunnel to inside Informatics from outside sites.

Using the Informatics OpenVPN service means that you appear inside the Informatics network. This is in contrast with the central University VPN service, which will tunnel you to inside EdLAN but outside Informatics. This distinction may be important when accessing internal Informatics resources.

There are two Informatics OpenVPN endpoint servers, one located in the Forum and one in Appleton Tower. Each manages its own address ranges and has separate client-configuration files. We suggest that you download and install for both of these, and then select the appropriate endpoint when you bring a tunnel up.

(It would be possible to create a unified configuration which would try both endponts and connect to whichever one answered first. In practice this is likely to lead to surprising-to-the-user behaviour, so we haven't provided such a configuration here; but it is easy to adapt these files.)

Note that OpenVPN uses its own transport protocol. OpenVPN clients cannot connect to IPsec endpoints or PPTP endpoints, such as the University's central VPN service, nor can their clients connect to an OpenVPN endpoint.

See also:

Last reviewed: 
13/09/2019

System Status

Home dirs (AFS)
Network
Mail
Other services
Scheduled downtime

Choose a topic