OpenVPN under Linux

Installation

If not already available, first install the OpenVPN package. For example via command line with the command sudo apt-get install openvpn.

Graphical configuration

Preparation

The graphical configuration of the math VPN is done via the NetworkManager. For this the extension network-manager-openvpn is additionally needed. Under some systems also network-manager-openvpn-gnome. Both can be installed again via the sudo apt-get command, specifying the two extensions. Afterwards the service must be restarted with the command sudo service network-manager restart.

Configuration

The configuration itself takes place in the said NetworkManager, which can be opened both in the Start menu under Connections and via the connection icon in the toolbar. A new connection is to be created there, where the OpenVPN option is selected under VPN connection types. The following settings must be made:

 

Enlarge image

Important: This is not the normal password (e.g. for webmail) but a separate one. If you do not yet have VPN access data or if you have forgotten your password, please contact a member of the RBM.

The certificate needed for the CA certificate field can be downloaded here and can be stored e.g. in a separate VPN folder.

Under Advanced, a few adjustments must also be made.

Enlarge image

1. General: select the Use custom UDP fragment size (1300) and Restrict TCP maximum  segment size (MMS) items, while all other items must remain unchecked.

Enlarge image

2. Security: set Cipher to default and HMAC Authentication to SHA-384 as well as disabling Use custom size of cipher key.

Enlarge image

3. TLS authentication: Server Certificate Check is no longer used and can therefore be set to Don't verify. Instead, the option Verify peer certificate usage signature must be enabled and Server must be selected for the Remote TLS type.

 

 

After saving the settings, a VPN connection can now be established either via the app itself or again via the menu in the toolbar.

Configuration via Commandline

To do this, create a directory in your user directory where the configuration files are stored, e.g. VPN.

Place the configuration and certificate file from the ZIP archive there. 

To start the VPN connection, change to the previously created directory using cd and start the client with root rights via sudo openvpn math.opvn

You will then be asked for a username and password.

Important: This is not the normal password (e.g. for webmail) but a separate one. If you do not have VPN access data yet or if you have forgotten your password, please contact a member of the RBM.

Leave the terminal window with the OpenVPN client open as long as you need the VPN connection.

Further information: