Linux
Method 1
- In a terminal, "sudo apt-get install network-manager-openvpn"
- Save vpn.ca.crt to a file
- Click the NetworkManager icon in the task bar (up/down arrow in Ubuntu 10.04), VPN Connections, Configure VPN
- Add
- OpenVPN, Create
- Connection name: PerimeterVPN
- Gateway: openvpn.perimeterinstitute.ca
- Type: Password
- User name: username
- CA Certificate: click and browse to vpn.ca.crt
- Advanced
- General tab, check "Use LZO data compression"
- Security tab, Cipher: AES-128-CBC
- OK
- Apply
- Close
- Reboot
To connect, click the NetworkManager icon, VPN Connections, PerimeterVPN
*** If you are experincing issues with browsing the internet, make sure "Use this connection only for resouses on its netork is selected." This setting is located under, "IPv4 Settings" tab, click "Routes"i ***
Method 2
Note: you need to be an administrative user (root) on your computer for OpenVPN GUI to function properly!
- download and install openvpn 2.x (apt-get install openvpn; or yum install openvpn; ./configure, make, make install; or however it's done with your distribution)
- Right-click vpn.ca.crt and choose "Save Link As" (or your browser's equivalent). Save to <vpnconfiglocation>/vpn.ca.crt. is whereever you desire to keep the VPN's configuration files.
- Right-click PerimeterVPN.conf and choose "Save Link As" (or your browser's equivalent). Save to <vpnconfiglocation>/PerimeterVPN.conf
- start openvpn as root:
openvpn --config <vpnconfiglocation>/PerimeterVPN.conf
enter your Perimeter username and password when prompted.
add DNS settings to /etc/resolv.conf if they were not set. To do this, prepend /etc/resolv.conf with:
nameserver 10.10.7.8
nameserver 10.10.7.33
search pi.local
profit!
Notes:
- Remember to remove the nameserver lines from /etc/resolv.conf when you close the connection.
- The addition of DNS settings can be scripted with the use of the --up and --down openvpn directives and sed. This is beyond the scope of this document.
- Sudo and a shell script can be used to safely let a non-root user open and close the connection. This is beyond the scope of this document.