The ARP Networks Customer VPN is an OpenVPN SSL/TLS based VPN with clients that run on Linux, Solaris, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Windows 2000/XP.
The Customer VPN is available to customers for accessing very sensitive resources that we do not make available on the public Internet, such as our ARP Metal™ dedicated server IPMI devices.
To join, you need to do the following:
- Install OpenVPN
- Setup your certificate
- Use our drop-in OpenVPN config
cd /usr/ports/security/openvpn make install clean
Install the following packages:
See Building VPNs on OpenBSD for more detailed instructions.
Linux (Debian / Ubuntu)
sudo apt-get install openvpn
Mac OS X
Simply install TunnelBlick, it is a very good front-end to OpenVPN for Mac OS X.
Download the self-installing executable file from the OpenVPN download page labeled "Windows Installer"
Alternatively, there is also an OpenVPN GUI for Windows available.
The basic steps for setting up your certificate are as follows
- Generate a certificate that we can sign and email it to us
- We'll sign it and send it back
- We'll also send you an OpenVPN config file ready to use out of the box
The following is applicable to OpenVPN on all platforms, but you may find the Mac OS X and Windows versions have their own GUI tools for performing the same actions. Please refer to their documentation.
Certificate Signing Request
At a command prompt, execute the following:
openssl req -new -keyout mycert-arpnetworks.key -out mycert-arpnetworks.csr
Answer the questions as appropriate to your location and please follow these guidelines:
- Pick a good passphrase; leaving it blank is highly discouraged
- Use your Portal login name for "Common Name"
- The challenge password is optional
Email email@example.com with
the subject "Customer VPN CSR" and attach the file
When we process your CSR and send you the signed certificate, we will include the following files:
mycert-arpnetworks.crt-- Your signed certificate
openvpn.conf-- Complete configuration ready to use
ARP_Networks_Server_CA.crt-- Our Certificate Authority
tls-auth.key-- TLS channel key
You will want to place all these files in your OpenVPN configuration directory, which is typically:
- Mac OS X:
Additionally, for Windows,
openvpn.conf file needs
to be renamed to
Once the configuration and supporting files are in place, running OpenVPN is very easy, simply navigate to your OpenVPN configuration directory and execute the following as root:
openvpn --config openvpn.conf
Enter your passphrase when prompted and you should be good to go!
If everything goes smoothly, you'll be able to successfully complete:
$ ping -c 3 192.168.244.1 PING 192.168.244.1 (192.168.244.1) 56(84) bytes of data. 64 bytes from 192.168.244.1: icmp_seq=1 ttl=64 time=15.0 ms 64 bytes from 192.168.244.1: icmp_seq=2 ttl=64 time=19.1 ms 64 bytes from 192.168.244.1: icmp_seq=3 ttl=64 time=13.8 ms --- 192.168.244.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 13.879/16.037/19.172/2.270 ms $