VPN: Difference between revisions
No edit summary |
|||
| Line 11: | Line 11: | ||
# <code>/usr/share/easy-rsa/3/pki/</code> | # <code>/usr/share/easy-rsa/3/pki/</code> | ||
# <code>/etc/openvpn/</code> | # <code>/etc/openvpn/</code> | ||
===How to connect to the VPN=== | |||
Execute <code>openvpn</code> with <code>sudo</code>, passing it your client config file. | |||
<pre> | |||
cd openvpn | |||
sudo openvpn client.conf | |||
</pre> | |||
You will be prompted for two credentials: | |||
# <code>Enter Auth Password:</code> - This is your 2FA 6-digit token that changes every 30 seconds. Get it from your [[2FA]] FLOSS TOTP app-of-choice. | |||
# <code>Enter Private Key Password:</code> - This is the passphrase you used to symmetrically encrypt your OpenVPN client RSA certificate when you were first setup with access to the OSE VPN. Check your personal password database. | |||
===Developers: How to request access to the dev VPN=== | ===Developers: How to request access to the dev VPN=== | ||
Revision as of 12:14, 3 December 2019
A VPN is a system that establishes a private network across a public network, such as the Internet
Use in Dev Server
OSE launched a single staging/dev server in Hetzner Cloud in 2019. For security reasons it's imperative that this server is locked-down and sitting *behind* a VPN.
Important Files & Directories
For more information about our vpn configuration, please see the following files & directories on the osedev1 server:
/usr/share/easy-rsa/3/pki//etc/openvpn/
How to connect to the VPN
Execute openvpn with sudo, passing it your client config file.
cd openvpn sudo openvpn client.conf
You will be prompted for two credentials:
Enter Auth Password:- This is your 2FA 6-digit token that changes every 30 seconds. Get it from your 2FA FLOSS TOTP app-of-choice.Enter Private Key Password:- This is the passphrase you used to symmetrically encrypt your OpenVPN client RSA certificate when you were first setup with access to the OSE VPN. Check your personal password database.
Developers: How to request access to the dev VPN
This section is intended for the OSE Developer that requires access to the developer VPN and would like to make a request for access to the OSE sysadmin.
Install Prerequisites
In order to connect to our vpn, you should install the following prerequisite software
sudo apt-get install openvpn openresolv
TODO: finish this guide
Sysadmin: How to grant access to the dev VPN
This section is intended for the OSE sysadmin and will describe the process of granting access to the developer VPN for OSE developers.
TODO
Looking Forward
Ideally, OSE would have a single rack of colocated hardware at a datacenter near FeF. As campuses pop-up, we could provision new racks at new datacenters that peer with each-other over time, if needed.
The reality is that we have a dedicated server in Falkenstein, Germany[1]; a cloud instance at a different DC in Falkenstein; a physical office in Missouri, USA that will likely have servers in the future[2]; and developers (some with their own servers) all over the world -- which begs the question: how do you architect a VPN with this hodge-podge of geographically dispersed servers & clients?
Certainly a hub-and-spoke [3] openvpn model is possible, but that introduces a single-point-of-failure.
A better option would be a decentralized mesh-style VPN solution, such as ZeroTier.