- Infos im HLRS Wiki sind nicht rechtsverbindlich und ohne Gewähr -
- Information contained in the HLRS Wiki is not legally binding and HLRS is not responsible for any damages that might result from its use -

VPN: Difference between revisions

From HLRS Platforms
Jump to navigationJump to search
No edit summary
No edit summary
Line 6: Line 6:
To use this feature, please contact your project supervisor and ask him to add the vpn-hww resource in the HLRS user database.
To use this feature, please contact your project supervisor and ask him to add the vpn-hww resource in the HLRS user database.


With respect to installation, configuration and usage of the required VPN client, please refer to the section covering your operating system.
With respect to installation, configuration and usage of the required VPN client (Fortigate client), please refer to the section covering your operating system below.


Install the Fortigate software on your laptop. The Software can be downloaded at
Install the Fortigate software on your laptop. The Software can be downloaded at
Line 20: Line 20:


== Windows ==
== Windows ==
=== Download ===
https://www.forticlient.com


=== Configuration ===
=== Configuration ===
[[File:Forticlient windows config.jpg]]
[[File:Forticlient windows config.jpg]]


<br>
<br>


== Using the VPN ==
=== Using the VPN ===
 
[[File:Forticlient_windows_usage.jpg]]
[[File:Forticlient_windows_usage.jpg]]


Line 37: Line 38:
<br>
<br>


== Configuration of openfortivpn on Linux ==
== Linux ==


=== Configuration ===
Please insert the following data into your config file (probably /etc/openfortivpn/config):
Please insert the following data into your config file (probably /etc/openfortivpn/config):



Revision as of 16:53, 19 May 2020

General

Access to HLRS compute platforms requires a registration of the clients IP address in the firewall. If the IP address is not static a connection via VPN is recommended.

To use this feature, please contact your project supervisor and ask him to add the vpn-hww resource in the HLRS user database.

With respect to installation, configuration and usage of the required VPN client (Fortigate client), please refer to the section covering your operating system below.

Install the Fortigate software on your laptop. The Software can be downloaded at

 https://www.forticlient.com (Windows, Mac)
 https://github.com/adrienverge/openfortivpn (Linux and Mac)

On Fedora, OpenSUSE, and latest Ubuntu openfortivpn is available via packet manager.

On Mac OSX openfortivpn can also be installed via Homebrew or Macports.


Windows

Download

https://www.forticlient.com

Configuration

Forticlient windows config.jpg


Using the VPN

Forticlient windows usage.jpg

Type your login and password to connect. If this works, you are able to login on the frontend servers using ssh e.g.

  ssh -l <your_login> hawk.hww.hlrs.de


Linux

Configuration

Please insert the following data into your config file (probably /etc/openfortivpn/config):

host = rmgw.hww.hlrs.de
port = 443
username = <your username>
# trusted-cert = 5338851771baa67d1a29fa8df7d49ddbd83cbbd517c78e032bf5ab305eaba3f8
# ca-file = /usr/share/ca-certificates/mozilla/Deutsche_Telekom_Root_CA_2.crt

Remarks:

  • A user certificate is not required.
  • The trusted-cert (cf. next to last line in config file template given above) is the digest of the server's certificate which is subject to change every couple of years. It might hence be wise not to specify this in your config file.
  • The VPN gateway uses a DFN certificate which is issued below the root CA tree of the German Telekom, one of the CA's trusted by most browsers.
  • If your Openssl library is configured correctly and your certificate bundles are installed properly (e.g. via the package manager of your operating system), it should not be necessary to explicitly specify the CA certificate. Otherwise, download the required certificate here, uncomment the last line and specify the location of the downloaded file there.