Virtual Private Network (VPN) Using OpenVPN

Note:
Because details of VPN configuration vary between distributions, you may find that you need to adapt the general guidelines to your specific client. Included below are specific instructions for Tunnelblick on Macs and OpenVPN.net client on Windows 10.

Also, in order to use VPN, you will need a VPN account. You can you can create your VPN account with our self-serve VPN account registration (this can also be used to get your VPN password if you have forgotten it).

General Settings

VPN server: csopenvpn.cs.toronto.edu

Typical client configuration settings:

client
remote csopenvpn.cs.toronto.edu 1194
proto udp
dev tun0
nobind
auth-user-pass
ca openvpn-ca.crt
persist-key
persist-tun
remote-cert-tls server [ **** some older versions might prefer instead: ns-cert-type server **** ]
verb 5


Our OpenVPN server uses only password authentication, but you will still need the server certificate. You can obtain it here (right click and save as, or else your browser may attempt to import it): openvpn-ca.crt Certificate

We have had success with the free OpenVPN client from https://openvpn.net/community-downloads for Windows, and various linux OpenVPN clients that are included in the distributions.

Note that we have not yet tested the new v2.5 build, as it is still in beta. You may have to do considerable tweaking should you decide to use this version.

Note that the OpenVPN GUI might need to be run as Administrator on Windows machines in order to set routes.

Virtual Private Network (VPN) Using OpenVPN and Tunnelblick

The Tunnelblick client is recommended for using OpenVPN on Macs.

  • Unzip Tunnelblick VPN Config.tblk.zip in a folder called 'Tunnelblick Vpn Config.tblk'. It contains a configuration file and an authentication certificate.
  • Download the correct version of Tunnelblick for your OSX system from https://tunnelblick.net/
  • Double-click on the file you downloaded to install Tunnelblick. During the installation you will be asked for the location of the configuration folder.
    1. Double-click 'Tunnelblick' icon in the installer
    2. Click Open when prompted about application downloaded from the internet
    3. Supply your laptop's username and password to install application and click OK
    4. In the 'installation succeeded' dialog box click Launch
    5. Click 'I have configuration files'
    6. Select 'Tunnelblick VPN Configurations'
    7. Click done in the 'Installing a Tunnelblick VPN Configuration' dialog box (because as the instructions state, you need to double-click the 'Tunnelblick Vpn Config.tblk' you downloaded above)
    8. Navigate to where you downloaded 'Tunnelblick Vpn Config.tblk' and double-click it.
    9. When prompted about for whom to install the configuration select either 'All users' or 'Only Me'. Supply your laptop's username and password and click OK.
    10. A dialog box will pop up telling you that the Tunnelblick installation was successful; click OK.
  • To start the Tunnelblick VPN
    1. Click the Tunnelblick icon located in the top right corner of the finder toolbar
    2. Select Connect Tunnelblick VPN Config
    3. Supply your VPN username and password and click OK to connect. The Tunnelblick icon will start to shine brightly as if a train is coming towards you out of a tunnel.

Virtual Private Network (VPN) Using OpenVPN on Windows 10

  • Download the OpenVPN open-source client from the openvpn.net link above.
  • Once you have downloaded the installer, run it.

    You'll be prompted with a User Account Control security message, click 'Yes'.

  • In the 'Welcome to the OpenVPN Setup Wizard window, click 'Next >'.
  • In the License Agreement window, click 'I Agree'.
  • In the Choose Components window, click 'Next >'.
  • In the Choose Install Location window, click 'Install'. The program will install. Click 'Next >' when its finished.

    Click Finish when the install is completed.

  • Double Click the 'OpenVPN GUI' icon on your desktop to start the program. An icon for it will appear in your system tray area.
  • On your Windows menu bar, click the File Explorer icon. In the File Explorer window, go to 'C:/ProgramFiles/OpenVPN/Config/'

    Leave this window open.

  • In your web browser, return to this page and locate the 'openvpn-ca.crt Certificate' link, right click it and click 'Save Link As'.

    Save the certificate file to 'C:/ProgramFiles/OpenVPN/Config/'.

  • Open Notepad, copy and paste the following into Notepad.
    client
    remote csopenvpn.cs.toronto.edu 1194
    proto udp
    dev tun0
    nobind
    auth-user-pass
    ca openvpn-ca.crt
    persist-key
    persist-tun
    ns-cert-type server
    verb 5
    
  • Click Save, name the file 'client.ovpn' and save it to 'C:/ProgramFiles/OpenVPN/Config/'.
  • Right click the OpenVPN system tray icon and you'll see 'client' listed, click it and then click 'Connect'.

    An 'OpenVPN Connection' window will appear and then prompt you for your VPN username and password.

    Type those in and click 'OK'.

  • Once your connected, a side window will appear saying 'client is connected' and will display your VPN IP address.

Virtual Private Network (VPN) Using OpenVPN on Ubuntu 18.04 desktop

  • As root:

    apt-get install network-manager-openvpn-gnome

    service network-manager restart

  • As normal user:

    mkdir vpn-cert

    cd vpn-cert

    wget https://support.cs.toronto.edu/openvpn-ca.crt .

  • As normal user:

    Settings -> Network -> Click '+' button next to VPN

    Under 'Add VPN', select OpenVPN:

    Name: cslab vpn

    Gateway: csopenvpn.cs.toronto.edu

    Type: Password

    Supply your CSLab VPN username and password

    CA certificate: using the browse icon to the left, go to the vpn-cert directory and select/open 'openvpn-ca.crt'

    Finally, click 'Add'

    You will now see your new VPN connection displayed. Select 'ON'

  • To test, open terminal window and type:

    ping -c 4 172.17.254.254

    You should get 4 response ping packets with 0% packet loss.

    To finish the testing, type:

    host router.red.sandbox

    You should see this response:

    router.red.sandbox has address 172.17.254.254

    If either tests fails, please recheck your steps, particularly making sure you are using your correct VPN username and password.