VPN

From Socs Info Wiki

This document describes how holders of computer accounts at the School of Computer Science of McGill University can access the SOCS network through a secure connection.

SOCS currently supports 3 types of VPN:

PPTP, OpenVPN and IPsec/L2TP where all of them uses the SOCS username and password

Contents 1 Linux 2 Mac OS X 3 Windows 2000 4 Windows XP

Linux

PPTP

For Linux help please consult the PPTP Client document. The hostname for the SOCS VPN server is pptp.cs.mcgill.ca and it uses the Point-to-Point Tunneling Protocol.

OpenVPN

Install the openvpn package. You can use NetworkManager to configure the connection:

1. Download the certificate and config files "vpn.zip" ( This can only be downloaded within the CS network )
2. For authentication, use password and enter your username and password
3. Point to where you put the ca.crt file

IPsec/L2TP

Currently linux has no GUI client for ipsec over l2tp, the user will have to install packages and create config files manually for it to work.

This is mainly for linux (ubuntu/debian) clients, for Unix/FreeBSD clients, it should also work but it's not tested. If tested, please let us know.

1. Install openswan package for ipsec, xl2tpd for l2tp and lastly the ppp package.
2. Download the sample config files "here" ( This can only be downloaded within the CS network )
3. Add a connection entry in ipsec.conf as in the sample config file.
4. Add the PSK to the ipsec.secrets file
5. Configure xl2tpd.conf
6. Add a pppd option file
7. Add an entry to chap-secrets file
8. Use the script provided to start/stop the connection. This script is very rudimentary, you are more than welcome to modify and submit to us your improved version.

Mac OS X

PPTP

1. Launch the Finder.
2. Launch Internet Connect from the Applications folder located within the Finder window.
3. Select VPN.
4. Select pptp.
5. Enter the server address as pptp.cs.mcgill.ca, your CS login and password
6. Under Advanced tick send all traffic
7. Apply your changes then click Connect
8. At this point you should be connected to the SOCS network.
9. To disconnect your VPN session, click on Disconnect from the Internet Connect application.

OpenVPN

1. You can download the client from http://code.google.com/p/tunnelblick/
2. Once downloaded you'll need to set the configuration file and get the certificate "vpn.zip" ( This can only be downloaded within the CS network )
3. Remember to put the path for the ca.crt in the config file

IPsec/L2TP

1. Launch the Finder.
2. Launch Internet Connect from the Applications folder located within the Finder window.
3. Select VPN.
4. Click on File --> New VPN Connections
5. Select L2TP over IPsec.
6. Enter the server address as ipsec.cs.mcgill.ca, your CS login and password
7. Under Configuration, select Edit Configurations
8. Under Machine Authentication, enter the "Pre-Shared Key" (Only available within CS Network)
9. At this point you should be able to connect to the SOCS network
10. To disconnect your VPN session, click on Disconnect from the Internet Connect application.

Windows 2000

PPTP

1. Go to the Control Panel and double click on the Network Connections icon.
2. Double click on New Connection Wizard.
3. Click the Next button.
4. Select the Connect to a private network through the Internet radio button and click the Next button.
5. Fill in pptp.cs.mcgill.ca as the hostname and click the Next button.
6. Specify if this is for all users or not and click the Next button.
7. Name the new VPN connection and click the Finish button.
8. On the VPN dialogue click the Properties button.
9. Click the Networking tab.
10. On the Type of VPN server I am calling dropdown select Point to Point Tunneling Protocol (PPTP) option and click the Ok button.

OpenVPN

Refer to Section Windows XP

IPsec/L2TP

Refer to Section Windows XP

Windows XP

PPTP

1. Go to the Control Panel and double click on the Network Connections icon.
2. Double click on New Connection Wizard.
3. Click the Next button.
4. Select the Connect to the network at my workplace radio button and click the Next button.
5. Select the Virtual Private Network connection radio button and click the Next button.
6. Name the new VPN connection and click the Next button.
7. Fill in pptp.cs.mcgill.ca as the hostname and click the Next button.
8. Specify if this is for all users or not and click the Next button.
9. Click the Finish button.
10. On the VPN dialogue click the Properties button.
11. Click the Networking tab.
12. On the Type of VPN dropdown select PPTP VPN option and click the Ok button.

OpenVPN

You can either download the openvpn-gui package from http://openvpn.se/ and configure it or you can download the "openvpn-gui" from SOCS which is already configured.

For SOCS openvpn-gui package

1. Install the package and right-click on the openvpn icon and click on connect.

The SOCS package was not tested on Windows 2000 and Vista.

If you use the openvpn-gui package then you'll need to

1. Install the package
2. Download the certificate known as ca.crt which you can get here "vpn.zip" ( This can only be downloaded within the CS network )
3. Create a config file (eg. socs.ovpn) and place it under "C:/Program Files/OpenVPN/config"

IPsec/L2TP

1. Go to the Control Panel and double click on the Network Connections icon.
2. Double click on New Connection Wizard.
3. Click the Next button.
4. Select the Connect to the network at my workplace radio button and click the Next button.
5. Select the Virtual Private Network connection radio button and click the Next button.
6. Name the new VPN connection and click the Next button.
7. Fill in ipsec.cs.mcgill.ca as the hostname and click the Next button.
8. Specify if this is for all users or not and click the Next button.
9. Click the Finish button.
10. On the VPN dialogue click the Properties button.
11. Click the Security tab.
12. Under Security options uncheck the Require data encryption (disconnect if none)
13. Under Security options click on IPSec Settings, Check the box Use pre-shared key for authentication and enter the "Pre-Shared Key"
14. Click the Ok button.