Viking VPN Guide Mac OSX (10.3+) Table Of Contents 1 : VPN Questions answered 2 : Installing the OSX Client 3 : Connecting with the OSX Client 4 : Reporting Problems Version 1.0 : 10/27/2010 Information Services & Technology
1 : VPN Questions (and answers) What is a VPN? VPN is short for Virtual Private Network. It's a way to connect to a secure network (such as CSU's) over an insecure network (such as the Internet, or a coffee shop's WiFi). Why would I need it? To connect to your desktop (work from home, access files, etc.). To remotely access non public parts of CSU's network while you're off campus. To obtain a static IP address when using CSU's wireless network and you need special firewall access. How does it work? OpenVPN uses SSL to encrypt your traffic. This is the same underlying technology that is used in web browsers to secure online shopping/banking. Technically, it uses the Blowfish stream cipher with 128 bit keys which are changed hourly. Why is this better? The VPN acts as a gatekeeper to CSU's private network. If you currently have remote access enabled, anyone in the world can attempt to guess passwords on your computer (this happens on a daily basis). The use of a VPN allows CSU to mitigate this risk. Can I still use the Internet while I'm connected? Yes. Only specifc networks are routed via the VPN client when you're connected. Technically, this is known as split tunneling. Will it work anywhere? Probably. OpenVPN has two modes : UDP : The default, and uses DTLS (datagram TLS). More efficient, but sometimes blocked by ISPs. TCP : Uses the standard SSL port (TCP/443). Hardly anyone blocks this. Breaks UDP applications. Will it work on my iphone/ipad/? Maybe, but not unless you root (Android) or JailBreak (Apple) the device. Doing this is not supported by IS&T or the makers of the hardware, but you can probably make it work if you're sufficiently motivated. Think of something we forgot to put here? Let us know!.. email security@csuohio.edu with questions.
2 : VPN Client Installation for Mac OSX (10.3+) Using a web browser, go to : https://openvpn.csuohio.edu Login with your 7 digit CSU ID number and CampusPASS. After authentication, you will need to download the client.ovpn file. This is the configuration file that is unique to your userid. Click on the link for client.ovpn. Follow the dialog to save the file (remember where you save it, you will need it later).
Remember where you save this file. The OpenVPN client for Macintosh operating systems is called TunnelBlick. http://code.google.com/p/tunnelblick (Click on the Downloads tab) For Mac OSX 10.4 and above, use version 3.0 : http://tunnelblick.googlecode.com/files/tu nnelblick_3.0.dmg For Mac OSX 10.3 (only), use version 2.0 : http://tunnelblick.googlecode.com/files/tu nnelblick Panther 2.0.1.dmg After downloading TunnelBlick, double click the.dmg (disk image) file to open it. You should see a dialog similar to this.
In order to install Tunnelblick, you will need to drag the Tunnelblick icon into your applications folder on your hard drive. An easy way to do this is to go to file and click new finder window (or use the keyboard shortcut command+n ). Navigate to your applications directory and drag Tunnelblick there. Now that we have Tunnelblick installed, we can begin configuring it. Double click on the program in you applications directory and choose the option to open the configuration folder. This will open up a folder where you will need to copy the client.ovpn file that we saved earlier. Simply dragging and dropping the file to this location will work as well. Note : The Tunnelblick client will use the filename of the configuration file later for your choices of connections, meaning your connection to CSU will appear only as client. If you want this to make a little more sense, rename this file to CSU.ovpn. Note: If you have the Cisco AnyConnect client installed, you must deflate that installation to avoid an error.
3 : Connecting with the Mac OSX OpenVPN Client Double click the Launch Tunnelblick icon (or find it under Applications in Finder), and you should see a new icon in your status bar that looks like a tunnel. Click on it and then choose Connect client highlighted below You will be prompted for your Username and Password. Your Username is your 7 digit CSU ID number Your Password is your CampusPASS. Once you have connected successfully the icon will change to an open tunnel shown To disconnect, click on the tunnel icon and select Disconnect.
4 : Reporting Errors Sometimes things just never work quite like the instructions say they do.. it's okay, we're here to help. The IS&T helpdesk can resolve many problems (passwords, etc.) over the phone by calling (216) 687 5050, however gathering additional information about exactly what's broken is helpful. The best way to show us what's not working is to take a screen shot of the error message you're getting, or where you're getting stuck during the installation, configuration, or use of the VPN client. To do this, use the key combination : Apple + Shift + 3 After doing the above, a screen capture will be automatically saved to your Desktop. The file will be named Screenshot (date).png where date is the current date/time. Email us the picture of what's broken at : security@csuohio.edu. Please do your best to describe the circumstances surrounding the error.