Guide for setting-up a VPN connection in Ubuntu Linux
The essentials for the VPN connection to the AUTH network are the following: (this guide is NOT applicable in case of e-token cryptographic device users ):
- Valid Institutional User Account(except for Guests). For more information about acquisition of an Institutional Account please follow this link http://noc.auth.gr/services/personal/accounts/.
- Installation of the Hellenic Academic and Research Institutions Certification Authority (HARICA) from the webpage http://www.pki.auth.gr/trust.
- Issuance of the personal digital certificate from the webpage https://www.pki.auth.gr/secure/issue_user and installation only to Mozilla Firefox.
Detailed description of the procedure:
- Right click on the link http://www.pki.auth.gr/certs/RootCA.pem. Download and name it "RootCA.pem.
Apply for a personal digital certificate
- Use again the Mozilla Firefox browser to apply for a personal digital certificate.Visit the webpage https://www.pki.auth.gr/secure/issue_user, type your institutional email and then your password.(view image)
Make sure that you read the following:
Security Grade: High Grade
and then press Request (view image)
- Click on Yes on the new message.
- In few minutes you will receive an e-mail message to your Institutional e-mail address (or to another one if you have activated the "forwarding e-mail" service) entitled "Certificate Issuance".
ATTENTION! The link should be opened using only Mozilla Firefox.(view image)
- Click on the Certificate acceptance and retrieval.
- Click on Yes to the question that certifies the crtificate installation.(view image)
- The certificate is automatically installed. Keep the new email you received because it includes the revocation code of your certificate.
Export the Personal Digital Certificate
- Click on Edit-->Preferences -> Advanced-> Encryption. Then click on View Certificates.(view image)
- In the new window and in Your certificates tab, select your personal certificate and press Backup. (view image)
- In the field "Name" type cert.p12 and choose the same folder you previously saved the "RootCA.pem" in Step 1. (view image)
- In the new window give twicw a protection code for the certificate. (view image)
- In the new window press ΟΚ. (view image)
- Open a Terminal and type in sudo apt-get install network-manager-openvpn (this command installs openvpn)
- In the folder that you saved your personal digital certificate, type the command openssl pkcs12 -clcerts -nokeys -in cert.p12 -out mycert.pem in order to extract your personal certificate in a ".pem" format.
- In the same type the command openssl pkcs12 -nocerts -in cert.p12 -out mykey.pem to extract your private key in a ".pem" format. At this point, in order to complete the procedure, you have to type in the protection code you gave previously and also a new protection code for the private key. (view image)
- From the Network Manager chooseVPN Connections-> Configure VPN. In the new window press Add. (view image)
- Choose OpenVPN-> Create... (view image)
- In the tab VPN fill in the following:
Connection Name: the name of the connection for example authvpn
Type: Passwords with certificates (TLS)
User name: your institutional email for example. firstname.lastname@example.org
Password: the password of your institutional email
User Certificate: choose the file mycert.pem
CA Certificate: choose the fileRootCA.pem
Private key: choose the filemykey.pem
Private Key Password: the password you gave for the extraction of the private key at Step 2.
Finally, press Advanced. (view image)
- In Tab General choose the following:
Use custom gateway port give the number 443
Use LZO data compression
Use a TCP connection
Use a TAP device
Press ΟΚ. (view image)
- Click to the buttom Apply.
- Finally, in the Network Connections window there is a connaction named authvpn. Press Close to close the window.
- In the connection shorcut choose VPN Connections and type in the name of the connection created in order to get connected.(view image)