You are here

OpenVPN configuration files

Printer-friendly versionPrinter-friendly version

The available Informatics client configuration consists of several short files, described below, which you should download and save as appropriate for your system. If you have AFS available you can copy these directly from /afs/inf.ed.ac.uk/group/inf-unit/OpenVPN/Config/; if not, you can download them from here (we recommend that you right-click on the individual links and "save link as").

If there are platform-specific versions of the configurations we recommend that you use those in preference to the generic versions, as there may be additional tweaks intended to improve your experience.

Please note that all of these configurations require the use of at least version 2.4.x of OpenVPN. They will not work with 2.3.x or earlier, due to configuration-language drift between these versions.

NOTE: As a temporary measure to increase OpenVPN capacity during the COVID-19 crisis, we have added an additional (IPv4-only) endpoint. The configuration files for this are named "-Covid", and are downloaded and used in exactly the same way as are the -Forum and -AT configurations described below.

Which configuration file to use?

We make available six possible configuration files:

  • Informatics-InfNets-AT.ovpn
  • Informatics-InfNets-Forum.ovpn
  • Informatics-EdLAN-AT.ovpn
  • Informatics-EdLAN-Forum.ovpn
  • Informatics-AllNets-AT.ovpn
  • Informatics-AllNets-Forum.ovpn

The -InfNets- files pass traffic for some selected Informatics subnets through the tunnel.

The -EdLAN- files pass all EdLAN traffic through the tunnel.

The -AllNets- files pass all non-local traffic through the tunnel.

And, in all cases, the -AT files use the our Appleton Tower OpenVPN endpoint, while the -Forum files use our Forum endpoint.

If you are connecting from within EdLAN itself (such as by wireless), we recommend that you use one of the -InfNets- configurations. These will set up your OpenVPN to pass traffic for a selection of Informatics networks over the tunnel, including for managed Linux machines (desktops as well as servers) and for self-managed servers with static addresses. All other traffic will continue to flow directly as normal.

If you are connecting from outside EdLAN, we recommend that you use one of the -EdLAN- configurations. These will pass traffic for all of EdLAN's global addresses over the tunnel. All traffic for the rest of the Internet will flow directly.

The -AllNets- configurations are useful as workarounds in some specific circumstances (for example, when you are attached through a heavily-restricted connection method, such as the University's "central" wireless service; or where you need to present an EdLAN (i.e. 129.215/16) address to end sites), but are generally not nearly as robust or as efficient. We recommend that you DO NOT use these unless you have to for some reason.

All of the configuration files listed above will normally authenticate you using your DICE username and password. It is also possible for us to set up a secondary identity for you, which may be useful if you find it uncomfortable to have your mobile device remember your DICE password. Contact us using the support form if you would like to discuss this.

There may be additional configuration files in the directory which are not described here. These are for test or development purposes, and you should only attempt to use them if we have asked you to. They may refer to facilities which are experimental or not always running, and we do not guarantee that these will work at all, or will not break without notice.

The OpenVPN home site's FAQ and documents linked from it contain a lot of useful information which may help resolve problems.

OpenVPN for macOS
OpenVPN for Windows
Local OpenVPN FAQ

Last reviewed: 
30/07/2020

System Status

Home dirs (AFS)
Network
Mail
Other services
Scheduled downtime

Choose a topic