- Infos im HLRS Wiki sind nicht rechtsverbindlich und ohne Gewähr -
- Information contained in the HLRS Wiki is not legally binding and HLRS is not responsible for any damages that might result from its use -

VPN: Difference between revisions

From HLRS Platforms
Jump to navigationJump to search
 
(24 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== Access HLRS compute service using VPN ==
== General ==


Access to HLRS compute platforms requires a registration of the clients IP address in the firewall. If the IP address is not static
Access to HLRS compute platforms requires a registration of the clients IP address in the firewall. If the IP address is not static
a connection via VPN is recommended.  
a connection via VPN is recommended.  


To use this feature, please contact your project supervisor and ask him to add the vpn-hww resource in the HLRS user database.  
To use this feature, please contact your project supervisor and ask him to add the vpn-hww resource in the HLRS user database.
Install the Fortigate software on your laptop. The Software can be downloaded at


  https://www.forticlient.com (Windows, Mac)
With respect to installation, configuration and usage of the required VPN client (Fortigate client), please refer to the section covering your operating system below.
  https://github.com/adrienverge/openfortivpn (Linux and Mac)


On Fedora, OpenSUSE, and latest Ubuntu openfortivpn is available via packet manager.
<br>


On Mac OSX openfortivpn can also be installed via Homebrew or Macports.
== Windows ==


=== Download ===
https://www.fortinet.com/support/product-downloads#vpn
make sure to download the free '''FortiClient VPN''' application
<br>
<br>


== Configuration of Fortinet VPN client on Windows ==
=== Configuration ===
 
[[File:Forticlient windows config.jpg]]
[[File:Forticlient windows config.jpg]]


<br>
<br>


== Using the VPN on Windows ==
=== Using the VPN ===
 
[[File:Forticlient_windows_usage.jpg]]
[[File:Forticlient_windows_usage.jpg]]


Line 31: Line 30:


<br>
<br>
<br>
== Linux ==
=== Download ===
https://github.com/adrienverge/openfortivpn


== Configuration of openfortivpn on Linux ==
On Fedora, OpenSUSE, and latest Ubuntu openfortivpn is available via the package manager of the operating system.


''Note'': There's also a Linux version of the official Forticlient VPN application available now, cf. https://www.fortinet.com/support/product-downloads#vpn .
<br>
=== Configuration ===
Please insert the following data into your config file (probably /etc/openfortivpn/config):
Please insert the following data into your config file (probably /etc/openfortivpn/config):


Line 39: Line 49:
  port = 443
  port = 443
  username = <your username>
  username = <your username>
# trusted-cert = 5338851771baa67d1a29fa8df7d49ddbd83cbbd517c78e032bf5ab305eaba3f8
# ca-file = /usr/share/ca-certificates/mozilla/Deutsche_Telekom_Root_CA_2.crt


A user certificate is '''not''' required. If your Openssl library is configured correctly and your certificate bundles are installed properly it should neither be necessary to explicitly set up the ca certificate. The vpn gateway uses a DFN certificate which is issued below the root ca tree of the German Telekom, one of the CA's trusted by most browsers, the trusted-cert is the digest of the server's certificate which is subject to change every couple of years.
'''Remarks:'''
* A user certificate is '''not''' required.
* The VPN gateway uses a certificate which is issued by GEANT below the root CA tree of the USERTRUST Network, one of the CA's trusted by most browsers.
* If your Openssl library is configured correctly and your certificate bundles are installed properly (e.g. via the package manager of your operating system), it should not be necessary to explicitly specify the CA certificate.  
 
<br>
 
=== Using the VPN ===
To use the VPN, just call the binary openfortivpn and follow the instructions:
$> openfortivpn
 
<br>
<br>
 
== OS X ==
 
=== Download ===
https://www.forticlient.com or https://github.com/adrienverge/openfortivpn
 
On Mac OSX, openfortivpn can also be installed via Homebrew or Macports.
 
=== Using the VPN ===
tested with Catalina 10.15:
sudo openfortivpn -v rmgw.hww.hlrs.de:443 -u USERNAME --set-dns=0 --pppd-use-peerdns=0

Latest revision as of 17:24, 10 June 2024

General

Access to HLRS compute platforms requires a registration of the clients IP address in the firewall. If the IP address is not static a connection via VPN is recommended.

To use this feature, please contact your project supervisor and ask him to add the vpn-hww resource in the HLRS user database.

With respect to installation, configuration and usage of the required VPN client (Fortigate client), please refer to the section covering your operating system below.


Windows

Download

https://www.fortinet.com/support/product-downloads#vpn make sure to download the free FortiClient VPN application

Configuration

Forticlient windows config.jpg


Using the VPN

Forticlient windows usage.jpg

Type your login and password to connect. If this works, you are able to login on the frontend servers using ssh e.g.

  ssh -l <your_login> hawk.hww.hlrs.de



Linux

Download

https://github.com/adrienverge/openfortivpn

On Fedora, OpenSUSE, and latest Ubuntu openfortivpn is available via the package manager of the operating system.

Note: There's also a Linux version of the official Forticlient VPN application available now, cf. https://www.fortinet.com/support/product-downloads#vpn .


Configuration

Please insert the following data into your config file (probably /etc/openfortivpn/config):

host = rmgw.hww.hlrs.de
port = 443
username = <your username>

Remarks:

  • A user certificate is not required.
  • The VPN gateway uses a certificate which is issued by GEANT below the root CA tree of the USERTRUST Network, one of the CA's trusted by most browsers.
  • If your Openssl library is configured correctly and your certificate bundles are installed properly (e.g. via the package manager of your operating system), it should not be necessary to explicitly specify the CA certificate.


Using the VPN

To use the VPN, just call the binary openfortivpn and follow the instructions:

$> openfortivpn



OS X

Download

https://www.forticlient.com or https://github.com/adrienverge/openfortivpn

On Mac OSX, openfortivpn can also be installed via Homebrew or Macports.

Using the VPN

tested with Catalina 10.15:

sudo openfortivpn -v rmgw.hww.hlrs.de:443 -u USERNAME --set-dns=0 --pppd-use-peerdns=0