VPN service
There are two VPN services:
- infn-roma1: mainly used to download scientific journals and to access nodes on the local network;
- backoffice-roma1: a service for the administrative staff backoffice.
A node connected to the VPN is subject to the same general INFN Regulation‘s, rules for IT resources as of a node physically connected to the local network.
Please open a ticket to PC-Support to configure the backoffice-roma1 service and follow the guide relative to your operating system (available below) to configure the infn-roma1 service.
Note: If OpenVPN is already installed in your local system, make sure that the software is updated to the latest version and, after checking that, go directly to step 3. Otherwise proceed to uninstall OpenVPN from your system (it will be reinstalled later).
- OpenVPN Download
The software is available from the official OpenVPN website. The download link is as follows: https://openvpn.net/community-downloads. - Install OpenVPN
Launch the executable you just downloaded. During the installation it is recommended to accept all the default values.
More details are available on the official OpenVPN guide.. - Download the VPN configuration
Download the OpenVPN configuration from the following link: https://www.roma1.infn.it/private/softvpn/infn-roma1.ovpn.zip.
Unzip the infn-roma1.ovpn.zip archive just downloaded on the Desktop. - Start OpenVPN-GUI
Double click on the OpenVPN-GUI icon located on the Desktop. Once started, OpenVPN-GUI will be found as a system tray applet (bottom right).
See the OpenVPN-GUI usage page for other information. - Import VPN configuration
Right-click on the OpenVPN-GUI icon on the system tray, select Import file …, select the file on the Desktop infn-roma1.ovpn.
Note: Importing a VPN configuration will overwrite the one with the same name among the existing configurations. - Connection to the INFN network in Rome
Right-click on the OpenVPN-GUI icon on the system tray and select Connect.
If there are multiple OpenVPN configurations instead of Connect, a menu will appear for each configuration profile, select the one marked with infn-roma1.
To start the VPN connection, enter your account credentials in the login window.
Note: After connecting, ignore the following messages on the log screen:
WARNING: ‘link-mtu’ is used inconsistently, local=’link-mtu 1559’, remote=’link-mtu 1551’
WARNING: ‘auth’ is used inconsistently, local=’auth SHA1’, remote=’auth [null-digest]’
- Tunnelblick download
The software to use for Mac OS is called Tunnelblick. The download page is as follows: https://tunnelblick.net/downloads.html. - Install Tunnelblick
Double click on the file you just downloaded to start the Tunnelblick installation.
Note: if the installation process doesn’t start, use “Ctrl + Click” on Tunnelblick.app.
For more details on the installation, consult the Tunnelblick installation guide.. - Start Tunnelblick
Tunnelblick should start automatically after installation.
Indicate that you already have the configuration file. - Download the VPN configuration
Download and unpack the VPN configuration from this link: https://www.roma1.infn.it/private/softvpn/infn-roma1.ovpn.zip. - Import the VPN configuration
To import the configuration double click on the file infn-roma1.ovpn.
Alternatively, drag infn-roma1.ovpn up to the Tunnelblick icon in the system tray.
Tunnelblick will ask whether to import the configuration only for its own user or for all users of the system; the recommended setting is to import the configuration for your user only.
Note: Importing a VPN configuration will overwrite the one with the same name among the existing configurations in Tunnelblick. If you need to delete a configuration profile before importing, see point 7 Deleting a configuration profile in Tunneblick. Generally, you only need to delete a configuration profile if you have a problem. - Connection to the INFN network in Rome
Click on the Tunnelblick icon at the top right of the taskbar, from the drop-down menu select infn-roma1.
To start the VPN connection, enter your account credentials. - Deleting a configuration profile in Tunnelblick
To delete a configuration profile, click on the Tunnelblick icon at the top of the taskbar and select VPN Details. On the page that opens, select the configuration to be deleted on the left and press the - button at the bottom of the window to delete the profile.
- OpenVPN Download
On many GNU / Linux distributions it is possible to download and install OpenVPN using the available package manager. For example, on “Red Hat based” systems (Rocky Linux, CentOS, Fedora, …) just open the terminal and run as root:
# yum install openvpn - Download the VPN configuration
Download the compressed archive of the OpenVPN configuration from this link: https://www.roma1.infn.it/private/softvpn/infn-roma1.ovpn.zip.
Once downloaded, unzip the infn-roma1.ovpn.zip file into the /etc/openvpn/ directory (or any other directory you prefer):
# unzip infn-roma1.ovpn.zip -d /etc/openvpn - Connection to the INFN network in Rome
Run OpenVPN as the root user passing --config parameters and the path of the configuration file infn-roma1.ovpn. You will be prompted to enter your credentials.
# openvpn --config /etc/openvpn/infn-roma1.ovpn