IMPORTANT NOTE: this VPN is not meant for public consumption and was solely configured to be used by BIC IT operations people.

As a mere BIC users you will not be able to use it. Now you can go away.





































This is a disclaimer:
Using the notes below is dangerous for both your sanity and peace of mind.
If you still want to read them beware of the fact that they may be "not even wrong".

Everything I write in there is just a mnemonic device to give me a chance to
fix things I badly broke because I'm bloody stupid and think I can tinker with stuff
that is way above my head and go away with it. It reminds me of Gandalf's warning:
"Perilous to all of us are the devices of an art deeper than we ourselves possess."

Moreover, a lot of it I blatantly stole on the net from other obviously cleverer
persons than me -- not very hard. Forgive me. My bad.

Please consider it and go away. You have been warned!

OpenVPN at the BIC

IMPORTANT NOTE: this VPN is not meant for public consumption and was solely configured to be used by BIC IT operations people.

As a mere BIC users you will not be able to use it. Now you can go away.

(:toc:)

Install

matsya:~# dpkg -i openvpn-as-2.0.10-Debian6.amd_64.deb
Selecting previously deselected package openvpn-as.
(Reading database ... 57362 files and directories currently installed.)
Unpacking openvpn-as (from openvpn-as-2.0.10-Debian6.amd_64.deb) ...
Setting up openvpn-as (2.0.10-Debian6) ...
The Access Server has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log
Please enter "passwd openvpn" to set the initial
administrative password, then login as "openvpn" to continue
configuration here: https://132.206.178.240:943/admin
To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool.

Access Server web UIs are available here:
Admin  UI: https://132.206.178.240:943/admin
Client UI: https://132.206.178.240:943/

Config and Mods

Once you provide a few initial configuration settings,
OpenVPN Access Server can be configured by accessing
its Admin Web UI using your Web browser.

Will this be the primary Access Server node?
(enter 'no' to configure as a backup or standby node)
> Press ENTER for default [yes]: 

Please specify the network interface and IP address to be
used by the Admin Web UI:
(1) all interfaces: 0.0.0.0
(2) eth0: 132.206.178.240
(3) eth0:1: 172.16.10.240
(4) eth0:2: 172.16.50.2
Please enter the option number from the list above (1-4).
> Press Enter for default [2]: 

Please specify the port number for the Admin Web UI.
> Press ENTER for default [943]: 

Please specify the TCP port number for the OpenVPN Daemon
> Press ENTER for default [1194]: 

Should client traffic be routed by default through the VPN?
> Press ENTER for default [yes]: 

Should client DNS traffic be routed by default through the VPN?
> Press ENTER for default [yes]: 

Use local authentication via internal DB?
> Press ENTER for default [no]: 

Should private subnets be accessible to clients by default?
> Press ENTER for default [yes]: 

To initially login to the Admin Web UI, you must use a
username and password that successfully authenticates you
with the host UNIX system (you can later modify the settings
so that RADIUS or LDAP is used for authentication instead).

You can login to the Admin Web UI as "openvpn" or specify
a different user account to use for this purpose.

Do you wish to login to the Admin UI as "openvpn"?
> Press ENTER for default [yes]: 

> Please specify your OpenVPN-AS license key (or leave blank to specify later): None


Initializing OpenVPN...
Adding new user login...
useradd -s /sbin/nologin "openvpn"
Writing as configuration file...
Perform sa init...
Wiping any previous userdb...
Creating default profile...
Modifying default profile...
Adding new user to userdb...
Modifying new user as superuser in userdb...
Getting hostname...
Hostname: matsya
Preparing web certificates...
Getting web user account...
Adding web group account...
Adding web user account...
Adding web group...
Adjusting license directory ownership...
Initializing confdb...
Generating init scripts...
Generating PAM config...
Generating init scripts auto command...
Starting openvpnas...

NOTE: Your system clock must be correct for OpenVPN Access Server
to perform correctly.  Please ensure that your time and date
are correct on this system.

Initial Configuration Complete!

You can now continue configuring OpenVPN Access Server by
directing your Web browser to this URL:

https://132.206.178.240:943/admin
Login as "openvpn" with the same password used to authenticate
to this UNIX host.

During normal operation, OpenVPN AS can be accessed via these URLs:
Admin  UI: https://132.206.178.240:943/admin
Client UI: https://132.206.178.240:943/

See the Release Notes for this release at:
   http://www.openvpn.net/access-server/rn/openvpn_as_2_0_10.html