Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Last revision Both sides next revision | ||
|
cdr:vpn [2017/03/21 05:49] jamesdro created |
cdr:vpn [2018/04/27 02:58] jeredgei [Authentication] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== (Open)VPN ====== | ====== (Open)VPN ====== | ||
| Time to directly [TAP](https://en.wikipedia.org/wiki/TUN/TAP) into our network. Get it? Ha. Ha. Ha. | Time to directly [TAP](https://en.wikipedia.org/wiki/TUN/TAP) into our network. Get it? Ha. Ha. Ha. | ||
| + | |||
| + | ===== Authentication and Setup===== | ||
| + | The OpenVPN instance running on [gretzky](/cdr/servers/gretzky) uses the host's local authentication. Thus, typically there is a VPN user (*-vpn) created for VPN-only access. | ||
| + | |||
| + | **Setup VPN Access** | ||
| + | |||
| + | 1. Login to [gretzky](/cdr/servers/gretzky), and head on over to the OpenVPN configuration under the VPN tab. Click on the Server tab under this. | ||
| + | 2. Don't touch anything here! The VPN server should already be configured. Make sure it is running by un-checking **Disable this server**. | ||
| + | 3. Head on over to the **Client Export** tab. Scroll to the bottom and you will see a bunch of export options. These can be used as an all in one install package (bundled configurations), or just as an OpenVPN configuration file (inline configurations) if you already have OpenVPN installed. Download the appropriate file. Give this out to people who need to connect. | ||
| + | 4. Awesome! You now have the server enabled and a configuration file to connect to it. The last thing we need to do is enable a user to authenticate against. Go to the pfSense User Manager, under the **System** tab at the top of the page. | ||
| + | 5. There should be two relevant users here, **Lockdown-vpn** and **cdr-vpn-user**. Depending on what the VPN is going to be used for, pick the appropriate user. They are probably disabled, so go ahead and re-enable them. Change the password to something secure. | ||
| + | 6. Good job! You should now be able to connect to and authenticate through the VPN into our internal network. | ||
| + | 7. **Site to Site VPN Only** The site to site VPN router should be in the CSL. Grab it and plug one Ethernet port into an internet enabled wall port, and the other into a switch. Update the password in the configuration on the machine with whatever you changed it to in step 5. Congrats! You're done! | ||
| + | |||
| + | **When you are done using the VPN, DO NOT forget to disable the user again, we don't want any unexpected visitors on the network.** | ||
| + | |||
| + | ===== Bridged Network ===== | ||
| + | When you connect to the VPN, you will be bridged onto the [Red Team Network](cdr:networks:blue_red). You will be assigned an IP range between `192.168.14.100` and `192.168.14.199`. However, you can always change this manually. | ||
| + | |||
| + | We have also setup the following networks to be "handled" by the VPN. | ||
| + | * [192.168.0.0/20](cdr:networks:blue_red) | ||
| + | * [192.168.254.0/24](cdr:networks:blue_red) | ||
| + | * [10.15.1.0/24](cdr:networks:vds-team-nets#team_vlans) | ||
| + | * Team 15 LAN | ||
| + | * [10.15.2.0/24](cdr:networks:vds-team-nets#team_vlans) | ||
| + | * Team 15 DMZ | ||
| + | * [192.168.253.57/30](cdr:networks:vds-team-nets#team_vlans) | ||
| + | * Team 15 Uplink | ||
| + | |||
| + | Any other networks you wish to access (teams 1 - 14, for example) will require manual configuration on your (the user's) end. We currently have no firewall rules preventing access to other resources. | ||