- Infos im HLRS Wiki sind nicht rechtsverbindlich und ohne Gewähr -
- Information contained in the HLRS Wiki is not legally binding and HLRS is not responsible for any damages that might result from its use -
VPN: Difference between revisions
(3 intermediate revisions by the same user not shown) | |||
Line 13: | Line 13: | ||
=== Download === | === Download === | ||
https://www.fortinet.com/support/product-downloads#vpn | |||
https://www. | |||
make sure to download the free '''FortiClient VPN''' application | make sure to download the free '''FortiClient VPN''' application | ||
<br> | <br> | ||
Line 40: | Line 39: | ||
On Fedora, OpenSUSE, and latest Ubuntu openfortivpn is available via the package manager of the operating system. | On Fedora, OpenSUSE, and latest Ubuntu openfortivpn is available via the package manager of the operating system. | ||
''Note'': There's also a Linux version of the official Forticlient available now, cf. https://www. | ''Note'': There's also a Linux version of the official Forticlient VPN application available now, cf. https://www.fortinet.com/support/product-downloads#vpn . | ||
<br> | <br> | ||
Line 50: | Line 49: | ||
port = 443 | port = 443 | ||
username = <your username> | username = <your username> | ||
'''Remarks:''' | '''Remarks:''' | ||
* A user certificate is '''not''' required. | * A user certificate is '''not''' required. | ||
* The VPN gateway uses a certificate which is issued by GEANT below the root CA tree of the USERTRUST Network, one of the CA's trusted by most browsers. | |||
* The VPN gateway uses a | * If your Openssl library is configured correctly and your certificate bundles are installed properly (e.g. via the package manager of your operating system), it should not be necessary to explicitly specify the CA certificate. | ||
* If your Openssl library is configured correctly and your certificate bundles are installed properly (e.g. via the package manager of your operating system), it should not be necessary to explicitly specify the CA certificate | |||
<br> | <br> |
Latest revision as of 17:24, 10 June 2024
General
Access to HLRS compute platforms requires a registration of the clients IP address in the firewall. If the IP address is not static a connection via VPN is recommended.
To use this feature, please contact your project supervisor and ask him to add the vpn-hww resource in the HLRS user database.
With respect to installation, configuration and usage of the required VPN client (Fortigate client), please refer to the section covering your operating system below.
Windows
Download
https://www.fortinet.com/support/product-downloads#vpn
make sure to download the free FortiClient VPN application
Configuration
Using the VPN
Type your login and password to connect. If this works, you are able to login on the frontend servers using ssh e.g.
ssh -l <your_login> hawk.hww.hlrs.de
Linux
Download
https://github.com/adrienverge/openfortivpn
On Fedora, OpenSUSE, and latest Ubuntu openfortivpn is available via the package manager of the operating system.
Note: There's also a Linux version of the official Forticlient VPN application available now, cf. https://www.fortinet.com/support/product-downloads#vpn .
Configuration
Please insert the following data into your config file (probably /etc/openfortivpn/config):
host = rmgw.hww.hlrs.de port = 443 username = <your username>
Remarks:
- A user certificate is not required.
- The VPN gateway uses a certificate which is issued by GEANT below the root CA tree of the USERTRUST Network, one of the CA's trusted by most browsers.
- If your Openssl library is configured correctly and your certificate bundles are installed properly (e.g. via the package manager of your operating system), it should not be necessary to explicitly specify the CA certificate.
Using the VPN
To use the VPN, just call the binary openfortivpn and follow the instructions:
$> openfortivpn
OS X
Download
https://www.forticlient.com or https://github.com/adrienverge/openfortivpn
On Mac OSX, openfortivpn can also be installed via Homebrew or Macports.
Using the VPN
tested with Catalina 10.15:
sudo openfortivpn -v rmgw.hww.hlrs.de:443 -u USERNAME --set-dns=0 --pppd-use-peerdns=0