VPN Configuration

Italian version

How to set up access via VPN:

The Computing Service has made available to users a VPN service based on OpenVPN software (https://openvpn.net/community/).

Authentication (for access to the service) is via username and password.

ACCESS:
The service is automatically active for those who have accounts on bastion/idefix with the same login credentials and for UNIMI staff afferent to the Department of Physics with the University credentials @unimi.it with the “username” without domain.

Non-employee UNIMI colleagues (research fellows, PhD students, etc.) must make an explicit request for a technical enablement by sending a request to troubles@fisica.unimi.it

Howto install a OpenVPN client:

install a vpn client first, then follow the instructions below.

Package for Windows 10: we suggest downloading the latest updated package from the OPENVPN web site: a “OpenVPN community” version “MSI Installer” (.msi) for Windows 64/32 bit downloadable from https://openvpn.net/community-downloads/ (or “OpenVPN Connect v3” for Windows 7, 8, 10, and 11) downloadable from https://openvpn.net/client-connect-vpn-for-windows/

Package and instructions for Mac OS X:
Install Tunnelblick software, “stable” version, downloadable from https://tunnelblick.net/downloads.html
Follow the instructions on the Tunnelblick website:
– Create a directory with the name “Tunnelblick VPN Configuration.tblk”.
– Create a [filename].conf file (see paragraph CONFIGURATION FILES to download it in the following section).
– Double-click on the directory, from the Finder, to install the configuration
– If you want to change the configuration file, replace it in the Tunnelblick directory and then double-click from the Finder on that directory: the new configuration is set up.

Packages for Linux:
Download from OPENVPN website: https://openvpn.net/community-downloads/
Command must be run with root permissions.

---

CONFIGURATION FILES with ACCESS with USERNAME / PASSWORD

• • • • Standard configuration file (access LOCAL resources as if you were in the Department):
    • • configuration file for Linux e Mac OS X: client-auth.conf
        configuration file for Windows: client-auth.ovpn
        
      • Configuration files to reconfiguring your client’s default gateway (access to ALL resources as if you were in the department):
        with Fisica’s default gateway:
    • • configuration file for Linux e Mac OS X: client-auth-def-gw-fisica.conf
        configuration file for Windows: client-auth-def-gw-fisica.ovpn
    • • with INFN’s default gateway:
    • • configuration file for Linux e Mac OS X: client-auth-def-gw-infn.conf
        configuration file for Windows: client-auth-def-gw-infn.ovpn
    • • • 
          Instructions for Windows 10
          1. Download the configuration file and install the OpenVPN package from the site https://openvpn.net/client-connect-vpn-for-windows/
          2. Create an “Openvpn Administrators” group and add to it the user of the PC that will use the VPN.
          On Windows HOME follow the instructions at the end of this page.
          On Windows 10 PRO / ENT (= ENTERPRISE):
          To create the group with a user with PC administrator privileges perform the following steps.
          This PC -> right-click (on mouse) -> Manage -> under “System Tools” click on “Local Users and Groups” -> “Groups”, right-click, choose option “New group…”. Enter as “Group name” Openvpn Administrators and, on the same screen, use “Add…” button to add the local PC user/users who should be able to use the VPN (under “Enter the obiect’s name to select” enter a local PC User name and use “Check names”, then select the right one with “Ok” and then “Close”).
          You log on to your Windows PC with the user with whom you want to use the VPN and in the taskbar on the program icon “OpenVPN GUI”, right-click opens an option “Import” –> “Import file…”: import the configuration file (with .opvn extension) previously downloaded.
          In this way Windows by default imports it into a folder with path of the following type:
          C:\Users\[User Name]\OpenVPN\config\
          The folder containing the configuration files can also be
          C:\Program Files\OpenVPN\config\
          You can check the current configuration by opening in the taskbar, under the “OpenVPN GUI” icon, option “Settings” shows in folder “Advanced” your paths (“Folder:”) for Configuration Files and Log Files.
          3. Start OpenVPN: you can use “openvpn-gui.exe” in C:\Users\[User Name]\OpenVPN\bin\ –> right-click –> Run as administrator
          4. Now using the icon (bottom right) of “OpenVPN GUI” you can use Connect with username and password. If you’ve installed more than one configuration file, under the “OpenVPN GUI” icon, under the name of the configuration file you want to use, click on Connect.
          5. When you no longer need the VPN use similarly Disconnect.

      • ---

        • On Windows 10 HOME: how to create a group “Openvpn Administrators” and add the user of the PC that will use the VPN.
          Open a Command Prompt window, taking care to use (right-click) “Run as administrator”.
          Then check the full name of the logged-in user (who wants to use the VPN):
          C:\WINDOWS\system32>whoami
          The output is of the type [PC-name]\[UserName]
          Add the local group and the user to this group:
          C:\WINDOWS\system32>net localgroup “OpenVPN Administrators” /add
          C:\WINDOWS\system32>net localgroup “OpenVPN Administrators” [UserName] /add
          Finally check: the last two commands should provide a command execution successful; however you can check it so:
          C:\WINDOWS\system32>net localgroup
          *OpenVPN Administrators should also be found in the list. Or so:
          C:\WINDOWS\system32>net localgroup “OpenVPN Administrators”
          It must show the desired user as a member of the group.