You are here

OpenVPN configuration files

Printer-friendly versionPrinter-friendly version

The available Informatics client configuration consists of several short files, described below, which you should download and save as appropriate for your system. If you have AFS available you can copy these directly from /afs/; if not, you can download them from here (we recommend that you right-click on the individual links and 'save link as').

If there are platform-specific versions of the configurations we recommend that you use those in preference to the generic versions, as there may be additional tweaks intended to improve your experience.

Please note that all of these configurations require the use of at least version 2.4.x of OpenVPN. They will not work with 2.3.x or earlier, due to configuration-language drift between these versions. The Android and iOS versions will probably not work on other systems, and those intended for other systems will likely not work on Android or iOS either.

NOTE: As a temporary measure to increase OpenVPN capacity during the COVID-19 crisis, we have added an additional (IPv4-only) endpoint. The configuration files for this are named '-Covid', and are downloaded and used in exactly the same way as are the -Forum and -AT configurations described below.

Which configuration file to use?

We make available six principal configuration files:

  • Informatics-InfNets-AT.ovpn
  • Informatics-InfNets-Forum.ovpn
  • Informatics-EdLAN-AT.ovpn
  • Informatics-EdLAN-Forum.ovpn
  • Informatics-AllNets-AT.ovpn
  • Informatics-AllNets-Forum.ovpn

The -InfNets- files pass traffic for some selected Informatics subnets through the tunnel.

The -EdLAN- files pass all EdLAN traffic (i.e. all University network traffic) through the tunnel.

The -AllNets- files pass all non-local traffic through the tunnel.

And, in all cases, the -AT files use the our Appleton Tower OpenVPN endpoint, while the -Forum files use our Forum endpoint.

If you are connecting from within EdLAN itself (for example, via a connection to the University's wifi system), we recommend that you use one of the -InfNets- configurations. These will set up your OpenVPN to pass traffic for a selection of Informatics networks over the tunnel, including for managed Linux machines (desktops as well as servers) and for self-managed servers with static addresses. All other traffic will continue to flow directly as normal.

If you are connecting from outside EdLAN, we recommend that you use one of the -EdLAN- configurations. These will pass traffic for all of EdLAN's global addresses over the tunnel. All traffic for the rest of the Internet will flow directly.

NOTE: an increasing number of central University services are being given private IPv4 addresses. These ranges were defined to be for internal use only, and it's arguably wrong to be using them in this way. However, we recognise that some people may need to access these services from outside, and so we have provided additional configuration files to allow this to happen. These are named -EdLAN+10+efin-, and you can download and use them in the same way as any of the others. However, if you are using them from a remote site we DON'T (can't!) guarantee that they won't interfere with some other entirely legitimate use of the same range of private addresses at that site.

The -AllNets- configurations are useful as workarounds in some specific circumstances (for example, when you are attached through a heavily-restricted connection method, such as the University's 'central' wireless service; or where you need to present an EdLAN (i.e. 129.215/16) address to end sites), but are generally not nearly as robust or as efficient. We recommend that you DO NOT use these unless you have to for some reason.

All of the configuration files we offer will normally authenticate you using your DICE username and password. It is also possible for us to set up a secondary identity for you, which may be useful if you find it uncomfortable to have your mobile device remember your DICE password. Contact us using the support form if you would like to discuss this.

There may be additional configuration files in the directory which are not described here. These are for test or development purposes, and you should only attempt to use them if we have asked you to. They may refer to facilities which are experimental or not always running, and we do not guarantee that these will work at all, or will not break without notice.

The OpenVPN home site's FAQ and documents linked from it contain a lot of useful information which may help resolve problems.

OpenVPN for macOS
OpenVPN for Windows
Local OpenVPN FAQ

Last reviewed: 

System Status

Home dirs (AFS)
Other services
University services
Scheduled downtime

Choose a topic