VPN

The VPN is used when you are on a remote network (UWS, NAT, at home or out of town) to share private data and network resources (eg printing) with the Department of Computing Sciences managed research networks securely.  It currently does not provide access to any of the undergraduate teaching lab resources.

If you are wanting to connect to resources outside of the Computing Science network from off-campus (i.e. periodicals from the library) you may need to look at the campus VPN solution or something provided by whomever is providing the resource in question (i.e. the libraries).

A virtual private network (VPN) is a mechanism for providing secure, reliable transport over Internet. The VPN uses authentication to deny access to unauthorized users, and encryption to prevent unauthorized users from reading the private network packets.

Additional resources

Jump to

Prerequisites

To utilize the Department's OpenVPN system you will need to obtain 4 files from the IST Service Desk by submitting a request to ist@ualberta.ca

  • When submitting your request, please provide a short descriptive name for the system that the certificate is being issued for (ie. 'macbook' or 'homedesktop').  This name will be used to identify the machine if we need to contact you.
  • IST will then provide you with two files starting with your csid
    <csid>-descriptive-name-supplied.crt and <csid>-descriptive-name-supplied.key
  • And the ca.crt and example.openvpn.conf files.

VPN Mac Instructions

Please note that these instructions are a general guide as the installation process keeps changing with new version of TunnelBlik.

  1. Edit the OpenVPN configuration file you were given by IST Service Desk and replace the 2 lines containing csid-client.crt and csid-client.key with the names of the 2 files given to you by IST
  2. Rename the file example.openvpn.conf to CSDept.ovpn
  3. Obtain the latest version of TunnelBlick from https://tunnelblick.net/downloads.html
  4. Open the downloaded dmg file
  5. Double-click the TunnelBlick icon to start the installation process
    • Click “Start”
    • Click “I have configuration files”
    • In the popup that shows choose “Do not check for a change”
    • In the next popup pick “Check automatically”
    • Open the folder of files given to you by IST
    • Double-click on the CSDept.ovpn file you previously edited. This will copy all the appropriate files into their proper locations.
  6. Once installed you can click on the TunnelBlick icon in the upper right corner of your screen and choose “CSDept” to start the connection.
  7. You will be prompted for your CSID and password.
    • Note: The first time you do this you will receive a Warning popup that asks about your apparent public IP choose “Do not check” and click OK.

You should now be able to connect to various services within the Department. 

Note: Please remember to disconnect from the VPN when you are done by clicking the TunnelBlick icon and choosing “disconnect”.

Back to top

VPN Windows Instructions

  1. Obtain a copy of the OpenVPN Community Software Windows Client Download at OpenVPN Community Software Windows Client Download (labelled as Windows Installer).
  2. On Windows XP, OpenVPN needs MS .net framework 3.5 SP1
    • This can be installed by using the Windows Updater, choosing CUSTOM and looking in the Optional Updates section.
  3. Copy the 4 files given to you by the IST Service Desk to the directory C:\Program Files\OpenVPN\config
  4. Edit the OpenVPN configuration file and replace the 2 lines containing csid-client.crt and csid-client.key with the names of the 2 files given to you by IST
  5. You should add the file extension .ovpn to the name you choose for your configuration file
  6. OpenVPN starts up as an tray item
    • Run it and then right-click
    • It will prompt you for a login and password
    • Enter your CSID and CSID password
  7. On Windows 7 and Windows XP it may be necessary to launch OpenVPN from somewhere other than the systray initially
    • Left-click on the systray icon and select "Exit"
    • Select the OpenVPN Client icon either on the Desktop or in the C:\Program Files\OpenVPN directory and left-click selecting "Run As Administrator" and proceed as above
    • OpenVPN needs to add routes and as a normal user on a windows system you may not have enough privileges to accomplish this so we run as administrator. They symptoms of this are a VPN that is connected but being unable to reach internal hosts and none of the routes below show up. 
  8. Another network icon is created and a white balloon appears over it that says "csdept is now connected with IP 172.16.128.X"

Back to top

VPN Ubuntu Instructions

  1. Use the Ubuntu Software Center to install the 'network-manager-openvpn" package
    • Note: You may have to click Technical Items at the bottom of the window.
  2. Choose the Network Manager icon in the systray > VPN > Configure
    • set up the new configuration you will remember such as "UOFADOCS" 
    • The connection type will OpenVPN
  3. Fill in the other fields as follows
    • Gateway: vpn.cs.ualberta.ca
    • Type: Password with Certificate
    • Username: <your CSID>
    • Password: <your CSID password>
    • User Certificate: provide the location of the file provided by ist 'csid-machine-description.crt"
    • CA certificate: ca.crt 
    • Private Key: select the location on disk where the file provided by ist called 'csid-machine-description.key" is located.
  4. Under the advanced options check the following boxes
    • Use LZO data compression
    • Use a TAP device
  5. Under the ROUTES option please check the box "do not use for default" or "Use this connection only for resources on its network". If this is enabled you will only be able to access CS resources.
  6. Click Apply or Save.
  7. In some cases you may receive a message to the effect of "the vpn could not connect because of a missing secret"
    • To resolve this problem you will need to restart NetworkManager from a command line
    • This can be done by typing: ps aux | grep NetworkManager
    • Take the second value from this line (which is the pid) and issue the command: sudo kill <PID>
    • The use of sudo will prompt you for the password
    • This fix will temporarily disconnect you from the network but NetworkManager should restart shortly afterwards and you will then be able to connect
  8. To connect to the VPN Click on the network manager icon in the systray and select "VPN" chose the name you have given to the Department VPN
  9. After a few seconds a padlock appears above the network manager icon in the systray
  10. The VPN is now active 

Back to top

Firewall complications

To utilize the department firewall it is necessary to ensure that there are no firewalls preventing your connection to vpn.cs.ualberta.ca UDP port 1194. To utilize services within the CS networks once the VPN tunnel is established it may be necessary to disable any firewall on the TAP device created as part of the VPN connection.

Back to top