This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
vpn [2021/11/08 10:45] – [Split VPN connections] lenocil | vpn [2024/03/06 08:34] (current) – [Split VPN connections] jansen | ||
---|---|---|---|
Line 2: | Line 2: | ||
===== Sterrewacht ===== | ===== Sterrewacht ===== | ||
- | There is a new OpenVPN server that allows you to connect your personal computer/ | + | There is a new OpenVPN server that allows you to connect your personal computer/ |
For OpenVPN you will need a special '' | For OpenVPN you will need a special '' | ||
Line 12: | Line 12: | ||
* but also for [[https:// | * but also for [[https:// | ||
+ | |||
+ | ===== Sterrewacht ===== | ||
+ | |||
+ | ==== DNS problem work-around ==== | ||
+ | |||
+ | Recently, some people working from home have been reporting problems when trying to connect to Sterrewacht (or even all Leiden Universtity) computers, especially people renting apartments with DUWO. There is likely a problem with the DNS (domain name server) of the local internet provider. To bypass this problem, Sterrewacht users can activate the STRW VPN. For this to work, users with an existing VPN client (.ovpn) file need to make a small change. From the OpenVPN program or app, select to edit the configuration file. In the editor that appears, replace the text '' | ||
+ | |||
+ | |||
+ | ==== Split VPN connections ==== | ||
+ | |||
+ | The provided VPN client file redirects all internet traffic over the Observatory VPN. There are however situations in which it is unnecessary or even discouraged to tunnel a connection via our VPN. Imagine, for instance, how inefficient it is to tunnel a videoconference through a VPN tunnel. | ||
+ | |||
+ | In these cases, you can tweak your '' | ||
+ | |||
+ | === Example: Only Leiden University IPs via VPN === | ||
+ | |||
+ | Add the following lines somewhere in your '' | ||
+ | |||
+ | <code bash> | ||
+ | # Only UL IPs via VPN | ||
+ | # With the exception of the Sterrewacht VPN IP address | ||
+ | pull-filter ignore " | ||
+ | route 132.229.0.0 255.255.0.0 vpn_gateway | ||
+ | route 132.229.216.4 255.255.255.255 net_gateway | ||
+ | </ | ||
+ | |||
+ | It is possible to add more such '' | ||
===== Lorentz Institute ===== | ===== Lorentz Institute ===== | ||
- | |:!: NEW | Since end October 2021, beside your IL username and password, you will have to insert also your [[institute_lorentz: | ||
- | | |If you have requested your '' | ||
- | | |'' | ||
The Lorentz Institute offers its staff members an OpenVPN service for remote connections to the IL intranet. Apart from preserving users privacy, the IL OpenVPN lets you access services that would otherwise be unavailable when working remotely. A use-case would be to access scientific journals contents using the Institute subscription. | The Lorentz Institute offers its staff members an OpenVPN service for remote connections to the IL intranet. Apart from preserving users privacy, the IL OpenVPN lets you access services that would otherwise be unavailable when working remotely. A use-case would be to access scientific journals contents using the Institute subscription. | ||
- | Request your IL OpenVPN access via < | + | Request your IL OpenVPN access via < |
Launch your '' | Launch your '' | ||
Line 29: | Line 53: | ||
* [[: | * [[: | ||
* [[: | * [[: | ||
+ | * [[https:// | ||
- | Unfortunately at the moment we are not aware of any smart-phone that support 2FA-protected VPN connections. | ||
==== Split VPN connections ==== | ==== Split VPN connections ==== | ||
Line 38: | Line 62: | ||
In these cases, you can tweak your '' | In these cases, you can tweak your '' | ||
- | === Example 1: VPN-bypass IPs in range === | + | === Example 1: Only Leiden University IPs via VPN === |
+ | |||
+ | Add the following lines somewhere in your '' | ||
+ | |||
+ | <code bash> | ||
+ | # Only UL IPs via VPN | ||
+ | # With the exception of the very IL VPN IP address | ||
+ | pull-filter ignore " | ||
+ | route 132.229.0.0 255.255.0.0 vpn_gateway | ||
+ | route 132.229.227.248 255.255.255.255 net_gateway | ||
+ | |||
+ | </ | ||
+ | |||
+ | === Example 2: VPN-bypass IPs in range === | ||
Add the lines in the following code snippet somewhere in your '' | Add the lines in the following code snippet somewhere in your '' | ||
Line 50: | Line 87: | ||
</ | </ | ||
- | === Example | + | === Example |
Add the lines in the following code snippet somewhere in your '' | Add the lines in the following code snippet somewhere in your '' | ||
Line 64: | Line 101: | ||
</ | </ | ||
- | === Example | + | === Example |
Add the lines in the following code snippet somewhere in your '' | Add the lines in the following code snippet somewhere in your '' | ||
Line 76: | Line 113: | ||
===== LION Physics ===== | ===== LION Physics ===== | ||
- | For the PHYSICS domain there is a separate Windows Based VPN server, that provides the same functionality as the OpenVPN example above, but is better geared to the Windows | + | For the PHYSICS domain there is a separate Windows Based VPN server, that provides the same functionality as the OpenVPN example above, but is better geared to the Windows |
Before you can setup a VPN connection you need to contact < | Before you can setup a VPN connection you need to contact < | ||
You can connect from: | You can connect from: | ||
- | * {{:vpn:vpn_connection_lion.pdf | + | * [[:lion:2fa:vpn:windows |
- | * {{:vpn:vpn_mac.pdf | + | * [[:lion:2fa:vpn:mac |MacOS]] |
Once you have a VPN connection you can use: | Once you have a VPN connection you can use: | ||
* {{ : | * {{ : |