(Open)VPN

Time to directly TAP into our network. Get it? Ha. Ha. Ha.

The OpenVPN instance running on gretzky uses the host's local authentication. Thus, typically there is a VPN user (*-vpn) created for VPN-only access.

Setup VPN Access

1. Login to gretzky, and head on over to the OpenVPN configuration under the VPN tab. Click on the Server tab under this.
2. Don't touch anything here! The VPN server should already be configured. Make sure it is running by un-checking Disable this server.
3. Head on over to the Client Export tab. Scroll to the bottom and you will see a bunch of export options. These can be used as an all in one install package (bundled configurations), or just as an OpenVPN configuration file (inline configurations) if you already have OpenVPN installed. Download the appropriate file. Give this out to people who need to connect.
4. Awesome! You now have the server enabled and a configuration file to connect to it. The last thing we need to do is enable a user to authenticate against. Go to the pfSense User Manager, under the System tab at the top of the page.
5. There should be two relevant users here, one for lockdown and one for CDR user. Depending on what the VPN is going to be used for, pick the appropriate user. They are probably disabled, so go ahead and re-enable them. Change the password to something secure.
6. Good job! You should now be able to connect to and authenticate through the VPN into our internal network.
7. Site to Site VPN Only The site to site VPN router should be in the CSL. Grab it and plug one Ethernet port into an internet enabled wall port, and the other into a switch. Update the password in the configuration on the machine with whatever you changed it to in step 5. Congrats! You're done!

When you are done using the VPN, DO NOT forget to disable the user again, we don't want any unexpected visitors on the network.

When you connect to the VPN, you will be bridged onto the Red Team Network. You will be assigned an IP range between 192.168.14.100 and 192.168.14.199. However, you can always change this manually.

We have also setup the following networks to be “handled” by the VPN.

• 192.168.0.0/20
• 192.168.254.0/24
• 10.15.1.0/24
  • Team 15 LAN
• 10.15.2.0/24
  • Team 15 DMZ
• 192.168.253.57/30
  • Team 15 Uplink

Any other networks you wish to access (teams 1 - 14, for example) will require manual configuration on your (the user's) end. We currently have no firewall rules preventing access to other resources.