# Step 2. Configure your VPN

Use Lab access link instead

If you are configuring access to your lab use Lab access link sent to you in onboarding email with other credentials. You can also request Lab access link in Service desk

This step configure an encrypted connection between your local computer and HUNT Cloud. The specific steps are dependent on the operating system on your local computer.

# Requirements

  1. Confirmed collection of secret keys in Step 1 of onboarding process.

  2. Successful setup of Google authenticator app.

# 2.1 Install the VPN software

Windows

We use the open-source application OpenVPN to ensure encrypted communication between your local computer and us.

Download and install OpenVPN using the latest stable Windows Installer (Avoid beta versions) (opens new window)

Click on the link above, scroll down to the file named OpenVPN-<version-number>-i601-amd64.msi (Windows 10 users), download the file and follow the on-screen installation instructions.

NTNU users: Windows users from NTNU can install OpenVPN community edition using NTNU Software Center even without administrative rights.

WARNING

You will need administrative rights on your local computer to successfully install OpenVPN.

Click on the link below if you do not hold administrative rights on your local computer, or don't know if you have such rights.

Installing OpenVPN without administrative rights

You can check if you have administrative rights on your local computer by running net localgroup "Administrators" in a command prompt (opens new window) and see if your username is listed.

Request assistance from your local IT personnel if you do not hold administrative rights on your local computer and request that they:

(1) assist you in the OpenVPN installation, or

(2) grant you administrative rights on your local computer so you can install OpenVPN yourself.

For simplicity, we have outlined the steps they need to perform, which you can attach to your request: https://docs.hdc.ntnu.no/do-science/guides/openvpn-admin-group/

OS X and macOS

We use Tunnelblick to ensure encrypted communication between your local computer and HUNT Cloud.

Download and install the latest 'stable release' from this page (opens new window)

Ubuntu Linux

We use OpenVPN to ensure encrypted communication between your local computer and HUNT Cloud.

Install the openvpn and network-manager-openvpn-gnome packages from the standard repositories.

sudo apt install openvpn network-manager-openvpn-gnome
Other Linux distributions

You have a few options on how to install OpenVPN clients in other distributions:

After the installation, follow the "Ubuntu Linux" guides below on how to setup and connect.

# 2.2 Setup the VPN profile

Windows
  1. Start the OpenVPN client (if it is not running already)

OpenVPN-icon

  1. Expand pane on taskbar

OpenVPN-icon

  1. Select Import file...

OpenVPN-icon

  1. Click on Import file and select OpenVPN profile file <username>.ovpn that you collected in Step 1.

OpenVPN-icon

OpenVPN-icon

OS X and macOS

2.2.1 If you 'do' get prompted with the Welcome to Tunnelblick message, follow these steps:

  1. Select I have configuration files.
  2. In the Welcome to Tunnelblick prompt, select I have configuration files.
  3. When prompted for which type of configuration you have, select OpenVPN Configurations.
  4. Select the OpenVPN profile named. <username>.ovpn in the collection of credentials given from HUNT Cloud.
  5. Continue with the Connecting to the VPN section below.

2.2.2 If you 'do not' get prompted with the Welcome to Tunnelblick message, follow these steps:

  1. Find the OpenVPN profile named <username>.ovpn that you collected in Step 1.
  2. Right-click the file OpenVPN profile named <username>.ovpn.
  3. Select Open With -> Tunnelblick.
  4. When prompted for Install Configuration For All Users, select Only Me.
  5. Enter your macOS password to allow Tunnelblick to install the OpenVPN configuration.
  6. Continue with the Connecting to the VPN section below.
Ubuntu Linux
  1. Click on the Network Manager icon in the task bar.
  2. Select Edit Connections....
  3. Click Add.
  4. Choose Import a saved VPN configuration and click Create.
  5. Select the OpenVPN profile named <username>.ovpn that you collected in Step 1.
  6. Enter your user name (same as the OpenVPN profile file name).
  7. Click on the person icon in the Password field and select Ask for this password every time.
  8. Enter the Private Key Password with the VPN passphrase sent to you from HUNT over Signal.
  9. Click on the IPv4 Settings tab.
  10. Click Routes....
  11. Select the Use this connection only for resources on its network and click OK.
  12. Click Apply.

# 2.3 Connect to the VPN

Windows
  1. Right-click on the OpenVPN notification icon on the taskbar.

  2. Select Connect.

OpenVPN-icon

  1. Enter your user name (same as the OpenVPN profile file name).

  2. Enter a rotating verification code from Google Authenticator as your password.

    OpenVPN-icon

  3. When prompted for a Private Key Password, insert the VPN passphrase that your collected in Step 1. Your authentication will fail when you complete your passphrase below. This is expected since your verification code timed out while you typed your passphrase.

    OpenVPN-icon

  4. Now try again to connect with a fresh verfication code from Google Authenticator.

You should now be connected to the VPN.

OS X and macOS
  1. Start Tunnelblick and Connect.

  2. Enter your user name (same as the OpenVPN profile file name).

  3. Enter the verification code from Google Authenticator as your password.

    tunnelblick-login

    WARNING

    Make sure that the Save password checkbox is unchecked.

  4. When prompted for a Private Key Password or Passphrase, insert the VPN passphrase that you collected in Step 1.

    TIP

    Save this passphrase.

Your authentication will fail when you complete your passphrase above. This is expected since your verification code timed out while you typed your passphrase.

  1. Now try again to connect with a fresh verfication code from Google Authenticator.

You should now be connected to the VPN.

Ubuntu Linux
  1. Click on the Network Manager icon in the task bar.
  2. Select VPN Connections > and the name of your profile.
  3. In the Authenticate VPN window, enter the verification code from Google Authenticator in the Password field.
  4. Click OK to connect.

# 2.4 Verify your VPN connection

WARNING

Please invest some time to verify a successful VPN connection as you will not be able to complete Step 3 before your VPN is working.

Windows

The OpenVPN notification icon on the taskbar should be green.

OpenVPN-icon

OS X and macOS

A small Tunnelblick window should state "Connected" in green letters with a timer that count the connection length.

Ubuntu Linux

If you received the notification VPN connection has been successfully established, then you are good to go.

Access list

We allow connection from known IP addresses only. This means that your VPN connection may be blocked if you connect from a (for us) unknown network outside Norway. Click here to request an opening for your location in our Do science service desk.

Next step

If you successfully completed this step, head over to Step 3 to Configure your SSH connection. If you did not succeed, start with a quick look in our Immediate troubleshooting section below.

# Immediate troubleshooting

Below are a few immediate things to try if your VPN connection did not succeed:

# Authenticate VPN

If the Authenticate VPN prompt pops up again, then try to log in again with a new verification code.

# VPN connection failed

If you received the notification VPN Connection Failed after 60 seconds, please check the following

  • Verify that you have an active internet connection.
  • Verify that the Private Key Password is correct.

# Could not read Private Key error

The error messages below indicates that there is a typo in the Private Key Password (step 2.3.5) and you need to type it in again.

ERROR: could not read Private Key username/password/ok/string from management interface
Cannot load private key file

# Unable to apply changes

If you are unable to click Apply after your changes, try to re-enter your Private Key Password using your VPN passphrase that you collected in Step 1.

TIP

If nothing works, please head over to our main troubleshooting section for more information on how to troubleshoot connections.

Last Updated: 12/9/2024