vpn-configuration-and-use

How to set up the Computer Science VPN

The Computer Science (CS) Department VPN is ONLY for CS students, Animation students, and students working for professors in the CS Department. If you are not any of these, please contact your own department or BYU OIT for general VPN access.
We have a limited number of OpenVPN licenses, so please ensure you disconnect from the VPN once you are done using it.

  • Open your favorite web browser and go to https://openvpn.cs.byu.edu.
  • You should see a login page like the one below. Log in using your CS username (which usually matches your NetID) and CS password.

PENVPN. Username (entry box), password (entry box). 2 buttons: Login or Go”

  • After logging in, click on the link for OpenVPN Connect for Windows or Mac OS X to get the client software for connecting to the VPN. If you are running Linux, jump to the Linux instructions below.

PENVPN. 2 Buttons: Admin, or Logout.
To download the OpenVPN Connect app, please choose a platform below (links):
OpenVPN Connect for Windows, OpenVPN Connect for Mac OS X, OpenVPN Connect for Android, OpenVPN Connect for iOS, OpenVPN Connect for Linux. Connection profiles can be downloaded for: Yourself( user-locked profile).”

  • Run the installer you downloaded. The filename should be something like openvpn-connect-2.1.3.110.msi. The version number may change as updates come out.
  • Once the client is installed, you should have an icon in your system tray that looks like the “O” in the OpenVPN logo with an “x” on it.
  • Right click on it and select Connect.
  • You should be prompted to login to the VPN.

PENVPN. Server: openvpn.cs.byu.edu. Username: (empty entry box). Password: (empty entry box). 2 buttons: Connect, Cancel”

  • When you connect, it will prompt you to accept the configuration being sent by the server. Select Yes, and if you wish, uncheck the box that says “Don't ask again” if you don't want to be prompted about this anymore.

”OpenVPN-Warning. Allow VPN connection to openvpn.cs.byu.edu? More details... (link). Don’t ask again (checkbox, it’s selected). 2 buttons: Yes, No.”

  • It will take a moment to connect. The icon in the system tray will have a green check on it when connected.
  • Once you are connected to the VPN, you can access resources that are otherwise only available from within the CS Department.
If you have previously installed Tunnelblick, follow the instructions found here before continuing!
  1. Click on the dmg file you just downloaded (openvpn-connect-2.1.3.110.dmg).
    • Note that the version numbering may change over time.
  2. When the file opens, double-click OpenVPN Connect Installer.pkg.
    • If you get the following message, right-click the pkg file and click Open.
      “OpenVPN Connect Installer.pkg” can’t be opened because it is from an unidentified developer.
Your security preferences allow installation of only apps from the App Store and identified developers. 
“OpenVPN Connect Installer.pkg” is on the dish image “openvpn-connect-2.1.3.110.dmg”. Safari downloaded this disk image today at 4:28pm from openvpn.cs.byu.edu”.
1 Button: Ok
  3. After the following message appears, press Open.
    “OpenVPN Connect Installer.pkg” is from an unidentified developer. Are you sure you want to open it?
Opening “OpenVPN Connect Installer.pkg” will always allow it to run on this Mac. “OpenVPN Connect Installer.pkg” is on the disk image “openvpn-connect-2.1.3.110.dmg”. Safari downloaded this disk image today at 4:28pm from openvpn.cs.byu.edu”.
2 Buttons: Open, Cancel”
  4. Follow the prompts of the installer.
    • Note that on the License screen, after hitting Continue, it takes a few seconds for the License Agreement to appear.
  5. Follow the instructions below to connect to the VPN!
If you did not exit from the login screen, the VPN will connect automatically and you will need to follow the steps underneath Automatic First Time Connection. If you exited from the login screen before installation, or it does not automatically connect, follow the steps underneath Manual First Time Connection.
  1. Click on the new icon in your system tray, that looks like the “O” in the OpenVPN logo with an “x” on it, and click Connect to openvpn.cs.byu.edu.
  2. You will be asked if you want to Allow VPN connection to openvpn.cs.byu.edu? Select Yes to continue.
  3. A pop-up box will prompt you for your password. Your username should already be filled in for you.
  4. After a few seconds, you will be connected to the VPN. Once you are connected to the VPN, you can access resources that are otherwise only available from the CS Department!
  • Click on the link Yourself (user-locked profile). The client configuration file, titled client.ovpn should download to your computer. Make note of where it downloads to.
  • Install the OpenVPN package and network manager plugin for OpenVPN for your distribution of Linux. In Ubuntu and most Debian-based distributions the command is: sudo apt install network-manager-openvpn.
  • Make sure you agree to install any additional packages that this one depends on by selecting yes when prompted.
Some users have reported issues with connecting to sites outside the CS network when connected to the VPN. I found that disabling dnsmasq resolved this when I encountered this issue on my home computer. Not all users seem to be affected.

On Ubuntu 18.04 (and perhaps other distros), there may be issues with DNS resolution when connected to the VPN. The best solution we've found so far is to use the OpenVPN 3 Linux Client.

The OpenVPN 3 Client for Linux is a beta version of the client, and may have some stability issues. In our testing, however, it seems to be the best solution for getting recent Linux clients to connect properly.

To install this client on Ubuntu 18.04:

apt install apt-transport-https
wget https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub
apt-key add openvpn-repo-pkg-key.pub
wget -O /etc/apt/sources.list.d/openvpn3.list https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-bionic.list
apt update
apt install openvpn3

For other versions of Ubuntu, replace bionic on line 4 with the release keyword for your version (e.g., xenial, artful).

You can then connect to the VPN using the configuration profile you downloaded in the previous section:

openvpn3 session-start --config client.ovpn

Once you are finished on the VPN, you can disconnect from the session:

openvpn3 session-manage --config client.ovpn --disconnect

If the wget commands are not working and you are getting an “Unable to establish SSL connection” error, try using http instead of https in the urls. If that works, you're also going to have to modify the url in the /etc/apt/sources.list.d/openvpn3.list file in the same way once you've downloaded it (line 4).

Further reading:

This version of KDE Plasma is what is currently in Kubuntu 16.04.2. If you are using KDE Neon, or Plasma versions later than 5.5.5, the configuration windows have changed and may look somewhat different.

  • Right-click on the icon for the Network Manager. It will either look like a Wi-Fi icon or a monitor and network cable and is near the clock.
  • Select Configure Network Connections from the menu that appears.
  • In the Connection editor, select File then Import VPN.

”Menu: File, Connection, Settings, Help. Menu2: + Add, Connect, Disconnect, Edit, Delete.
Empty text box with text: type here to search connections...
Table of connections.
Column headers: Connection name, Connection type, last used.
Row 1: virb0(bridge), Bridge, 3 minutes ago.
ROw 2: Wired connection 1, Wired Ethernet, 3 minutes ago.”

  • Once you select the client.ovpn file you downloaded the settings should be automatically imported for you.
  • If you wish, you can now edit the VPN connection to include your CS username and password if you do not want to be prompted for them each time you connect.
  • If you want to can also re-name the connection something you can recognize (like BYU CS VPN).
  • If you edited the connection, click OK to save the changes.
  • Your new VPN connection will be saved in the Network Manager.
  • You will be able to connect to it similar to how you connect to Wi-Fi sources in Linux.
Unity is not currently supported.
  • You will need to install the network-manager-openvpn-gnome package.
  • Click on the network icon in the system tray (usually near the clock). Select VPN Connections then Configure VPN.

”Ethernet Network (menu): Wired connection 1, Disconnect, VPN Connections (opens another menu), Enable Networking (checked), Connection Information, Edit Connections...”

  • In the Network Connections window that comes up, click Add.

”Table headers: Name, Last used. 
Row 1: Wired connection 1, 4 minutes ago. 
4 Buttons: Add, Edit, Delete, Close”

  • In the “Choose a Connection Type box”, select Import a saved VPN configuration.

”Choose a Connection Type. Select the type of connection you wish to create. If you are creating a VPN connectio you wish to create does not appear in the list, you may not have the correct VPN plugin installed. Selection box: Import a saved VPN configuration. 2 Buttons: Cancel, Create...”

  • Browse to the location that you extracted the client.ovpn to and open it. All the needed OpenVPN settings will now be imported.

”Connection Name: client. VPN selected in the menu. General. Gateway: openvpn.cs.byu.edu. Authentication. Type: Password with Certification (TLS). User Name: (empty). Password: (empty). Silent Certificate: silent-cert.pem. CA Certificate: client-ca.pem. Private Key: client-key.pem. Private Key Password: (empty)”

  • Enter your CS username and password in the appropriate fields if you do not want to be prompted for them each time you connect.
  • If you want to can re-name the connection something you can recognize.
  • Click Save and your new VPN connection will be saved in the Network Manager. You will be able to connect to it similar to how you connect to Wi-Fi sources in Linux.

Sometimes on Linux in ubuntu 16.04 or with older versions of network manager, you have to delete the line

reneg-sec 604800

from your client.ovpn file before importing it. Just edit it with your favorite text editor.

You may also have problems with dns on ubuntu 16.04, the easiest way to fix that is to edit /etc/NetworkManager/NetworkManager.conf so that it has dns=default instead of dns=dnsmasq. It should look something like this:

[main]
plugins=ifupdown,keyfile,ofono
dns=default

[ifupdown]
managed=false
  • vpn-configuration-and-use.txt
  • Last modified: 2022/05/02 16:39
  • by maminson