The [[EHL]] has a OpenVPN and PPTP VPN for remote access. = OpenVPN method = == Generate OpenVPN certificates for client == 1. SSH to EHL and login as root ssh ehl.cdot.systems sudo su - 2. Generate certificate with easy-rsa (Replace <HOSTNAME> with your own) cd /etc/openvpn/easy-rsa source ./vars ./build-key <HOSTNAME>'''NOTE:''' No information needed to be inputted except answering (y/n) == Copy certificates to client == 1. ON YOUR MACHINE: Create ~/.cert on your own machine: mkdir ~/.cert 2. ON RED: Copy certificates from red scp /etc/openvpn/easy-rsa/keys/{ca.crt,<HOSTNAME>.crt,<HOSTNAME>.key} <user>@<HOSTNAME>:~/.cert 3. ON YOUR MACHINE: Reset SELinux permissions restorecon -R ~/.cert == Setting up a OpenVPN connection == You might need to install OpenVPN plugin for NetworkManager yum install openvpn NetworkManager-openvpn pkcs11-helper openssl === via Gnome network settings === To set up access to the VPN from a remote Fedora system graphically: # Access the '''Network''' portion of the '''Setting''' application.# Click the '''+''' sign to add a new network connection.# Select '''VPN''' as the connection type.# Select '''OpenVPN''' as the VPN type.# Fill in these parameters:#* Gateway: <code>ehl.internal.cdot.systems</code> (currently: 10.46.52.62)#* Type: <code>Certificates (TLS)</code>#* User Certificate: <code>~/.cert/<HOSTNAME>.crt</code>#* CA Certificate: <code>~/.cert/ca.crt</code>#* Private Key: <code>~/.cert/<HOSTNAME>.key</code># Click on '''Advanced...''' button at the right corner#* Check the box marked '''"Use LZO data compression"'''#* In the '''Security''' tab, choose '''"AES-256-CBC"''' as cipher#* Click OK to finish advanced settings# In the '''IPv4''' tab, check the box marked '''"Use this connection only for resources on its network"'''.# Apply the changes.# Start the VPN with the control in the Network Settings screen or at the top of the Gnome screen. === via Command line === Add a new basic vpn using nmcli: nmcli conn add con-name EHL type vpn ifname lo vpn-type openvpn Edit ''/etc/NetworkManager/system-connections/EHL'' and add following lines: [connection] ... #interface-name=lo <----- Remove this line autoconnect=true [vpn] ... connection-type=tls remote=ehl.internal.cdot.systems cipher=AES-256-CBC comp-lzo=yes cert-pass-flags=0 ca=/home/<user>/.cert/ca.crt key=/home/<user>/.cert/newzealand.key cert=/home/<user>/.cert/newzealand.crt [ipv6] method=auto [ipv4] method=auto never-default=true Reload configuration file: nmcli conn reload Turn on the VPN connection: nmcli conn up EHL = PPTP method (Not recommended) =

#* Gateway: <code>moroccoehl.proximityinternal.oncdot.casystems</code> (currently: 10.46.52.62)

nmcli conn add con-name EHL type vpn ifname ppp0 vpn-type pptp

gateway=moroccoehl.proximityinternal.oncdot.casystems user=[<Your VPN Username]>

password=[<Your VPN Password]>

route1=172.16.172.0/24,172.16.172.254215,0

== Other Configuration ==

# Merge <code>/etc/hosts</code> entries from morocco Red (=ehl.internal.cdot.systems, which is the gateway system) into your local <code>/etc/hosts</code> file, commenting out or removing the line for morocco Red/EHL itself.# Copy <code>/usr/local/bin/{serial,pingbuilders,startkojids,pdu}</code> from morocco Red into your local <code>/usr/local/bin</code> directory.