You are here
OpenVPN configuration files
The available Informatics client configuration consists of several short files, described below, which you should download and save as appropriate for your system. If you have AFS available you can copy these directly from /afs/inf.ed.ac.uk/group/inf-unit/OpenVPN/Config/; if not, you can download them from here (we recommend that you right-click on the individual links and 'save link as'). You may also find that emailing the files to yourself as attachments works as a way to download them to phones or other similar devices.
If there are platform-specific versions of the configurations you should use those in preference to the generic versions, as there may be additional tweaks intended to improve your experience.
Please note that all of these configurations require the use of at least version 2.4.x of OpenVPN. They will not work with 2.3.x or earlier, due to configuration-language drift between these versions. The Android and iOS versions will probably not work on other systems, and those intended for other systems will likely not work on Android or iOS either.
Which configuration file to use?
We make available the following configuration files:
Informatics-InfNets-AT.ovpnInformatics-InfNets-AT2.ovpnInformatics-InfNets-Forum.ovpnInformatics-InfNets-Forum2.ovpn
Informatics-EdLAN-AT.ovpnInformatics-EdLAN+10_efin-AT.ovpnInformatics-EdLAN+10-AT2.ovpnInformatics-EdLAN-Forum.ovpnInformatics-EdLAN+10+efin-Forum.ovpnInformatics-EdLAN+10-Forum2.ovpn
Informatics-AllNets-AT.ovpnInformatics-AllNets-Forum.ovpn
The -InfNets- files pass traffic for some selected Informatics subnets through the tunnel. If you are connecting from a wired port within the University or are using the University's wireless service then we recommend that you use one of these.
The -EdLAN- files pass all EdLAN traffic (i.e. all University network traffic) through the tunnel. These are most appropriate when connecting from outside the University.
The -AllNets- files pass all non-local traffic through the tunnel. They are intended to be used only when absolutely required, and are quite likely not to work as expected under most circumstances. We recommend that you DO NOT use these unless you really have to.
AT, AT2, Forum and Forum2 indicate which of our endpoints will be used for the connection. We have two located in Appleton Tower and two located in the Forum. The two with the "2" in their name use net-10 RFC1918 IPv4 addresses for the tunnel, while the ones without use globally-routed IPv4 addresses. Other than that, there is no functional difference between the endpoints, and any of them will provide access to Informatics or to the University networks as appropriate.
NOTE: our endpoints enforce the restriction that a given user can connect only once to each. If you connect a second device, the first will be implicitly disconnected. If it then automatically reconnects it will disconnect the second, and so on. This is likely to be very disruptive for you, so if you do want to connect two devices simultaneously you will need to arrange to use different endpoints for each.
NOTE: an increasing number of central University services are being given private ("RFC1918") IPv4 addresses. These ranges were defined to be for internal use only, and it's arguably wrong to be using them in this way. However, we recognise that some people may need to access these services from outside, and so we have provided additional configuration files to allow this to happen. These are named -EdLAN+10+efin-. However, if you are using them from a remote site we DON'T (can't!) guarantee that they won't interfere with some other entirely legitimate use of the same range of private addresses at that site.
The -AllNets- configurations are useful as workarounds in some specific circumstances (for example, when you are attached through a heavily-restricted connection method, such as the University's 'central' wireless service; or where you need to present an EdLAN (i.e. 129.215/16) address to end sites), but are generally not nearly as robust or as efficient. We recommend that you DO NOT use these unless you have to for some reason.
All of the configuration files we offer will normally authenticate you using your DICE username and password. It is also possible for us to set up a secondary ("/ovpn") identity for you, which may be useful if you find it uncomfortable to have your mobile device remember your DICE password. Contact us using the support form if you would like to discuss this.
There may be additional configuration files in the directory which are not described here. These are for test or development purposes, and you should only attempt to use them if we have asked you to. They may refer to facilities which are experimental or not always running, and we do not guarantee that these will work at all, or will not break without notice.
The OpenVPN home site's FAQ and documents linked from it contain a lot of useful information which may help resolve problems.