Differences

This shows you the differences between two versions of the page.

--- vpn [2022/03/24 12:51] – [Lorentz Institute] lenocil
+++ vpn [2024/03/06 08:34] (current) – [Split VPN connections] jansen
@@ Line 2: / Line 2: @@
 ===== Sterrewacht =====
-There is a new OpenVPN server that allows you to connect your personal computer/device to the internet as if it were part of the Observatory computer network. The server is a standalone server with the sole purpose of providing VPN connections, and to which you can connect using an OpenVPN client.
+There is a new OpenVPN server that allows you to connect your personal computer/device to the internet as if it were part of the institute computer network. The server is a standalone server with the sole purpose of providing VPN connections, and to which you can connect using an OpenVPN client.
 For OpenVPN you will need a special ''%%.ovpn%%'' file to get access to our VPN service. Please request one via <helpdesk@strw.leidenuniv.nl>
@@ Line 17: / Line 17: @@
 ==== DNS problem work-around ====
-Recently, some people working from home have been reporting problems when trying to connect to Sterrewacht (or even all Leiden Universtity) computers, especially people renting apartments with DUWO. There is likely a problem with the DNS (domain name server) of the local internet provider. To bypass this problem, Sterrewacht users can activate the STRW VPN. For this to work, users with an existing VPN client (.ovpn) file need to make a small change. From the OpenVPN program or app, select to edit the configuration file. In the editor that appears, replace the text ''vpn.strw.leidenuniv.nl'' with ''132.229.224.4'', then save the changes. From that point onwards, when connecting to the STRW VPN, the internet connection uses the STRW DNS instead of the local provider's DNS. Note that all internet traffic from that point onwards goes via the Sterrewacht networks, unless you set up split VPN as described below.
+Recently, some people working from home have been reporting problems when trying to connect to Sterrewacht (or even all Leiden Universtity) computers, especially people renting apartments with DUWO. There is likely a problem with the DNS (domain name server) of the local internet provider. To bypass this problem, Sterrewacht users can activate the STRW VPN. For this to work, users with an existing VPN client (.ovpn) file need to make a small change. From the OpenVPN program or app, select to edit the configuration file. In the editor that appears, replace the text ''vpn.strw.leidenuniv.nl'' with ''132.229.216.4'', then save the changes. From that point onwards, when connecting to the STRW VPN, the internet connection uses the STRW DNS instead of the local provider's DNS. Note that all internet traffic from that point onwards goes via the Sterrewacht networks, unless you set up split VPN as described below.
@@ Line 35: / Line 35: @@
 pull-filter ignore "redirect-gateway"
 route 132.229.0.0 255.255.0.0 vpn_gateway
-route 132.229.224.4 255.255.255.255 net_gateway
+route 132.229.216.4 255.255.255.255 net_gateway
 </code>
+It is possible to add more such ''route'' commands, e.g. to direct traffic through the VPN when it goes to sites that are only accessible from university addresses, eg the sites of some journals.
 ===== Lorentz Institute =====
-|:!: NEW | Since end October 2021, beside your IL username and password, you will have to insert also your [[institute_lorentz:2fa|TOTP]] to initiate a connection|
-| |For instance, if your IL passwd is ''mypassword'' and your OTP at the time of login is ''123456'', then your VPN password **will become** ''mypassword123456'' |
 The Lorentz Institute offers its staff members an OpenVPN service for remote connections to the IL intranet. Apart from preserving users privacy, the IL OpenVPN lets you access services that would otherwise be unavailable when working remotely. A use-case would be to access scientific journals contents using the Institute subscription.
-Request your IL OpenVPN access via <support@lorentz.leidenuniv.nl> and you will receive your personal ((This file contains confidential information and should be treated/protected like a password.)) ''.ovpn'' file.
+Request your IL OpenVPN access via <support@lorentz.leidenuniv.nl> and you will receive your personal ((This file contains confidential information and should be treated/protected like a password. Do not store it on public or shared devices.)) ''.ovpn'' file.
 Launch your  ''.ovpn'' with your favorite OpenVPN client ((Make sure that you are using a client compatible with OpenVPN v2.4+)) to initiate a connection. There are OpenVPN clients the following major platforms:
@@ Line 114: / Line 113: @@
 ===== LION Physics =====
-For the PHYSICS domain there is a separate Windows Based VPN server, that provides the same functionality as the OpenVPN example above, but is better geared to the Windows enviroment.
+For the PHYSICS domain there is a separate Windows Based VPN server, that provides the same functionality as the OpenVPN example above, but is better geared to the Windows environment.
 Before you can setup a VPN connection you need to contact <helpdesk@physics.leidenuniv.nl> to obtain a Secret Key and have your PHYSICS account enabled for VPN use.
 You can connect from:
-  * {{:vpn:vpn_connection_lion.pdf |Windows}} or
+  * [[:lion:2fa:vpn:windows |Windows]] or
-  * {{:vpn:vpn_mac.pdf |MacOS}}
+  * [[:lion:2fa:vpn:mac |MacOS]]
 Once you have a VPN connection you can use:
   * {{ :vpn:remote_desktop_with_vpn.pdf |Remote Desktop to connect}} to your LION Desktop computer

Computer Documentation Wiki

User Tools

Site Tools

Differences

Page Tools