OpenVPN - How and Why

The University VPN

If you simply need a VPN, you should use the University VPN, and you can find out more here:

• ⇒ The University of Edinburgh VPN service.
  
• ⇒ Virtual Private Networks - what is a VPN?

Detailed instructions for Informatics OpenVPN

To get the Informatics OpenVPN up and running, see these detailed instructions:

• ⇒ OpenVPN for Ubuntu.
  
• ⇒ OpenVPN for macOS.
  
• ⇒ OpenVPN for Windows.
  
• ⇒ OpenVPN for iOS (not currently supported, sorry).
  
• ⇒ OpenVPN for Android.
  
• ⇒ OpenVPN for Linux and *BSD.
  
• ⇒ Configuration files for OpenVPN.
  
• ⇒ Authentication for OpenVPN.
  
• ⇒ OpenVPN FAQ.
  
• ⇒ OpenVPN.net

Explanation

Here in the School of Informatics we have several layers of extra protection from internet attacks:

1. The University network has a firewall which doesn't let traffic in from outside unless it looks legitimate.
2. Inside the University network, the School of Informatics network is firewalled off from the rest of the University network.
3. Inside the School of Informatics, DICE computers are firewalled off from other Informatics computers.

Here are some examples of DICE computers which are protected by all these firewalls:

• DICE computers in the student labs in Appleton Tower.
• The personal DICE computers of Informatics staff or research students.
• DICE servers such as the compute servers.

If you're trying to connect in through these firewalls, you will need to use the University VPN or Informatics' own OpenVPN.
Most of the time the University VPN will do the job, but sometimes you will need to use OpenVPN.

When you might need OpenVPN

• If you're at home and you want to access a computer in Informatics.
• If you're on the University WiFi and you want to access a computer in Informatics.
• If your non-DICE computer is on the Informatics network, and you want to access a DICE computer from it.
• If you're at home or elsewhere, and you need to appear to be on the Informatics network, while accessing some other site.

Notes

One device per endpoint

There are four Informatics OpenVPN endpoint servers, two located in the Forum and two in Appleton Tower. Each manages its own address ranges and has separate client-configuration files. We suggest that you download and install all of these, and then select the appropriate endpoint when you bring a tunnel up. In particular, you should connect only one device to each endpoint at a time. If you try to connect two devices to one endpoint they will compete against each other, and throughput for both will suffer.

(It would be possible to create a unified configuration which would try both endponts and connect to whichever one answered first. In practice this is likely to lead to surprising-to-the-user behaviour, so we haven't provided such a configuration here; but it is easy to adapt these files.)

Not compatible

Note that OpenVPN uses its own transport protocol. OpenVPN clients cannot connect to IPsec endpoints or PPTP endpoints, such as the University's central VPN service, nor can their clients connect to an OpenVPN endpoint.

Blocking

It seems that some service providers, such as academic institutions, might block access to the university or school VPN. You might notice this when connected to eduroam while travelling. If you notice this, please contact us for help with alternative access methods, and so that we can record these locations below. We believe that the following universities are deliberately blocking OpenVPN connections being made from their networks:

• Grenoble, France
• Uppsala, Sweden
• Dundee, Scotland