# Step 2. Configure your VPN

This step configure an encrypted connection between your local machine and your lab. The specific steps are dependent on the operating system on your local machine.

Requirement

Successful verification of Step 1.

# 2.1 Install the VPN software

Windows

We use the open-source application OpenVPN to ensure encrypted communication between your local machine and us.

Download and install OpenVPN using the latest Windows Installer (opens new window)

Click on the link above, scroll down to the file named OpenVPN-<version-number>-i601-amd64.msi (Windows 10 users), download the file and follow the on-screen installation instructions.

Windows users from NTNU can install OpenVPN community edition
using NTNU Software Center even without administrative rights.

WARNING

You will need administrative rights on your local machine to successfully install OpenVPN.

Click on the link below if you do not hold administrative rights on your local machine, or don't know if you have such rights.

Installing OpenVPN without administrative rights

You can check if you have administrative rights on your local machine by running net localgroup "Administrators" in a command prompt (opens new window) and see if your username is listed.

Request assistance from your local IT personnel if you do not hold administrative rights on your local machine and request that they:

(1) assist you in the OpenVPN installation, or

(2) grant you administrative rights on your local machine so you can install OpenVPN yourself.

For simplicity, we have outlined the steps they need to perform below which you can attach to your request.

1. Install the OpenVPN client on the computer for my user:
    Download and install using the Windows installer from https://openvpn.net/index.php/open-source/downloads.html

2. Create an OpenVPN Administrators group on my computer:
    net localgroup /add "OpenVPN Administrators"

3. Add my user to OpenVPN Administrators group on my computer:
    net localgroup "OpenVPN Administrators" /add <DOMAIN>\<USERNAME>
OS X and macOS

We use Tunnelblick to ensure encrypted communication between your local machine and us.

Download and install the latest 'stable release' from this page (opens new window)

Ubuntu Linux

We use OpenVPN to ensure encrypted communication between your local machine and us.

Install the openvpn and network-manager-openvpn-gnome packages from the standard repositories.

sudo apt install openvpn network-manager-openvpn-gnome
Other Linux distributions

You have a few options on how to install OpenVPN clients in other distributions:

After the installation, follow the "Ubuntu Linux" guides below on how to setup and connect.

# 2.2 Setup the VPN profile

Windows
  1. Start the OpenVPN client (if it is not running already)
  2. Right-click on the OpenVPN notification icon (opens new window) on the taskbar
  3. Select Import file...
  4. Select the OpenVPN profile file named <username>.ovpn that you collected in Step 1.
OS X and macOS

2.2.1 If you 'do' get prompted with the Welcome to Tunnelblick message, follow these steps:

  1. Select I have configuration files.
  2. In the Welcome to Tunnelblick prompt, select I have configuration files.
  3. When prompted for which type of configuration you have, select OpenVPN Configurations.
  4. Select the OpenVPN profile named. <username>.ovpn in the collection of credentials given from HUNT.
  5. Continue with the Connecting to the VPN section below.

2.2.2 If you 'do not' get prompted with the Welcome to Tunnelblick message, follow these steps:

  1. Find the OpenVPN profile named <username>.ovpn that you collected in Step 1.
  2. Right-click the file OpenVPN profile named <username>.ovpn.
  3. Select Open With -> Tunnelblick.
  4. When prompted for Install Configuration For All Users, select Only Me.
  5. Enter your macOS password to allow Tunnelblick to install the OpenVPN configuration.
  6. Continue with the Connecting to the VPN section below.
Ubuntu Linux
  1. Click on the Network Manager icon in the task bar.
  2. Select Edit Connections....
  3. Click Add.
  4. Choose Import a saved VPN configuration and click Create.
  5. Select the OpenVPN profile named <username>.ovpn that you collected in Step 1.
  6. Enter your user name (same as the OpenVPN profile file name).
  7. Click on the person icon in the Password field and select Ask for this password every time.
  8. Enter the Private Key Password with the VPN passphrase sent to you from HUNT over Signal.
  9. Click on the IPv4 Settings tab.
  10. Click Routes....
  11. Select the Use this connection only for resources on its network and click OK.
  12. Click Apply.

# 2.3 Connect to the VPN

Windows
  1. Right-click on the OpenVPN notification icon on the taskbar.

  2. Select Connect.

  3. Enter your user name (same as the OpenVPN profile file name).

  4. Enter a rotating verification code from Google Authenticator as your password.

    WARNING

    Make sure that the Save password checkbox is unchecked.

  5. When prompted for a Private Key Password or Passphrase, insert the VPN passphrase that your collected in Step 1.

    TIP

    Save this passphrase.

Your authentication will fail when you complete your passphrase above. This is expected since your verification code timed out while you typed your passphrase.

  1. Now try again to connect with a fresh verfication code from Google Authenticator.

You should now be connected to the VPN.

OS X and macOS
  1. Start Tunnelblick and Connect

  2. Enter your user name (same as the OpenVPN profile file name)

  3. Enter the verification code from Google Authenticator as your password

    tunnelblick-login

    WARNING

    Make sure that the Save password checkbox is unchecked.

  4. When prompted for a Private Key Password or Passphrase, insert the VPN passphrase that you collected in Step 1.

    TIP

    Save this passphrase.

Your authentication will fail when you complete your passphrase above. This is expected since your verification code timed out while you typed your passphrase.

  1. Now try again to connect with a fresh verfication code from Google Authenticator.

You should now be connected to the VPN.

Ubuntu Linux
  1. Click on the Network Manager icon in the task bar.
  2. Select VPN Connections > and the name of your profile.
  3. In the Authenticate VPN window, enter the verification code from Google Authenticator in the Password field.
  4. Click OK to connect.

# 2.4 Verify your VPN connection

WARNING

Please invest some time to verify a successful VPN connection as you will not be able to complete Step 3 before your VPN is working.

Windows

The OpenVPN notification icon on the taskbar should be green.

OS X and macOS

A small Tunnelblick window should state "Connected" in green letters with a timer that count the connection length.

Ubuntu Linux

If you received the notification VPN connection has been successfully established, then you are good to go.

Next step

If you successfully completed this step, head over to Step 3 to Configure your SSH connection. If you did not succeed, start with a quick look in our Immediate troubleshooting section below.

Immediate troubleshooting

Below are a few immediate things to try if your connection did not succeed:

# Authenticate VPN

If the Authenticate VPN prompt pops up again, then try to log in again with a new verification code.

# VPN connection failed

If you received the notification VPN Connection Failed after 60 seconds, please check the following

  • Verify that you have an active internet connection.
  • Verify that the Private Key Password is correct.

# Unable to apply changes

If you are unable to click Apply after your changes, try to re-enter your Private Key Password using your VPN passphrase that you collected in Step 1.

TIP

If nothing works, please head over to our main troubleshooting section for more information on how to troubleshoot connections.