Computer Documentation Wiki

User Tools

Site Tools

Trace:
vpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vpn [2022/09/05 12:16] venemansvpn [2025/10/07 08:46] (current) jansen
Line 2: Line 2:
  
 ===== Sterrewacht ===== ===== Sterrewacht =====
-There is a new OpenVPN server that allows you to connect your personal computer/device to the internet as if it were part of the Observatory computer network. The server is a standalone server with the sole purpose of providing VPN connections, and to which you can connect using an OpenVPN client. +There is a new OpenVPN server that allows you to connect your personal computer/device to the internet as if it were part of the institute computer network. The server is a standalone server with the sole purpose of providing VPN connections, and to which you can connect using an OpenVPN client. 
  
 For OpenVPN you will need a special ''%%.ovpn%%'' file to get access to our VPN service. Please request one via <helpdesk@strw.leidenuniv.nl> For OpenVPN you will need a special ''%%.ovpn%%'' file to get access to our VPN service. Please request one via <helpdesk@strw.leidenuniv.nl>
Line 15: Line 15:
 ===== Sterrewacht ===== ===== Sterrewacht =====
  
-==== DNS problem work-around ==== 
  
-Recently, some people working from home have been reporting problems when trying to connect to Sterrewacht (or even all Leiden Universtity) computers, especially people renting apartments with DUWO. There is likely a problem with the DNS (domain name server) of the local internet provider. To bypass this problem, Sterrewacht users can activate the STRW VPN. For this to work, users with an existing VPN client (.ovpn) file need to make a small change. From the OpenVPN program or app, select to edit the configuration file. In the editor that appears, replace the text ''vpn.strw.leidenuniv.nl'' with ''132.229.224.4'', then save the changes. From that point onwards, when connecting to the STRW VPN, the internet connection uses the STRW DNS instead of the local provider's DNS. Note that all internet traffic from that point onwards goes via the Sterrewacht networks, unless you set up split VPN as described below.+==== Split VPN connections ====
  
 +Users are provided with two VPN client setup files (.ovpn files).
 +Usually, the one with ''split'' in the name is the prefered setup: it creates a Split VPN setup, whre all traffic to addresses inside the university is handled through the VPN, and everything else uses a direct connection from your device directly to the internet. 
  
-==== Split VPN connections ====+This allows access such as: 
 +  * Intranet 
 +  * [[generic:laptopprint|Printers through our printserver]] 
 +  * [[linux:compute|Direct ssh access to compute nodes]] 
 +  * Remote desktop protocol (RDP) to selected machines 
 +  * [[general_software:flexlm|Running licensed software with direct connection to the license server]] (no ssh tunnel needed)
  
-The provided VPN client file redirects all internet traffic over the Observatory VPN. There are however situations in which it is unnecessary or even discouraged to tunnel a connection via our VPN. Imagine, for instance, how inefficient it is to tunnel a videoconference through a VPN tunnel.+==== Full VPN ====
  
-In these cases, you can tweak your ''.ovpn'' config file to bypass VPN at your will. Here is an example.+The other VPN client file redirects all internet traffic over the Observatory VPN. This is useful if you need to be seen externally as part of the university network, e.g. to access some journal sites, or to be seen as being in The netherlands while you are abroad. 
 + 
 +There are however situations in which it is unnecessary or even discouraged to tunnel a connection via our VPN. Imagine, for instance, how inefficient it is to tunnel a videoconference through a VPN tunnel.  
 + 
 +==== Tweaking your setup ==== 
 + 
 +In special cases, you can tweak your ''.ovpn'' config file to bypass VPN at your will. Here is an example.
  
 === Example: Only Leiden University IPs via VPN === === Example: Only Leiden University IPs via VPN ===
Line 35: Line 47:
 pull-filter ignore "redirect-gateway" pull-filter ignore "redirect-gateway"
 route 132.229.0.0 255.255.0.0 vpn_gateway route 132.229.0.0 255.255.0.0 vpn_gateway
-route 132.229.224.4 255.255.255.255 net_gateway +route 132.229.216.4 255.255.255.255 net_gateway
 </code> </code>
 +
 +It is possible to add more such ''route'' commands, e.g. to direct traffic through the VPN when it goes to sites that are only accessible from university addresses, eg the sites of some journals.
  
  
Line 118: Line 131:
 You can connect from: You can connect from:
   * [[:lion:2fa:vpn:windows |Windows]] or   * [[:lion:2fa:vpn:windows |Windows]] or
-  * {{:vpn:vpn_mac.pdf |MacOS}}+  * [[:lion:2fa:vpn:mac |MacOS]] 
  
 Once you have a VPN connection you can use: Once you have a VPN connection you can use:
   * {{ :vpn:remote_desktop_with_vpn.pdf |Remote Desktop to connect}} to your LION Desktop computer   * {{ :vpn:remote_desktop_with_vpn.pdf |Remote Desktop to connect}} to your LION Desktop computer
vpn.1662380207.txt.gz · Last modified: by venemans

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki