Customer VPN
Overview
The ARP Networks Customer VPN is an OpenVPN SSL/TLS based VPN with clients that run on Linux, Solaris, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Windows 2000/XP.
The Customer VPN is available to customers for accessing very sensitive resources that we do not make available on the public Internet, such as our ARP Metal™ dedicated server IPMI devices.
To join, you need to do the following:
- Install OpenVPN
- Setup your certificate
- Use our drop-in OpenVPN config
Installing OpenVPN
FreeBSD
From ports:
cd /usr/ports/security/openvpn
make install clean
OpenBSD
Install the following packages:
- lzo-xx.tgz
- openvpn-x.x.tgz
See Building VPNs on OpenBSD for more detailed instructions.
Linux (Debian / Ubuntu)
sudo apt-get install openvpn
Mac OS X
Simply install TunnelBlick, it is a very good front-end to OpenVPN for Mac OS X.
Windows
Download the self-installing executable file from the OpenVPN download page labeled "Windows Installer"
Alternatively, there is also an OpenVPN GUI for Windows available.
Certificate Setup
The basic steps for setting up your certificate are as follows
- Generate a certificate that we can sign and email it to us
- We'll sign it and send it back
- We'll also send you an OpenVPN config file ready to use out of the box
The following is applicable to OpenVPN on all platforms, but you may find the Mac OS X and Windows versions have their own GUI tools for performing the same actions. Please refer to their documentation.
Certificate Signing Request
At a command prompt, execute the following:
openssl req -new -keyout mycert-arpnetworks.key -out mycert-arpnetworks.csr
Answer the questions as appropriate to your location and please follow these guidelines:
- Pick a good passphrase; leaving it blank is highly discouraged
- Use your Portal login name for "Common Name"
- The challenge password is optional
Email support@arpnetworks.com with
the subject "Customer VPN CSR" and attach the file
mycert-arpnetworks.csr.
OpenVPN Configuration
When we process your CSR and send you the signed certificate, we will include the following files:
mycert-arpnetworks.crt-- Your signed certificateopenvpn.conf-- Complete configuration ready to useARP_Networks_Server_CA.crt-- Our Certificate Authoritytls-auth.key-- TLS channel key
You will want to place all these files in your OpenVPN configuration directory, which is typically:
- Linux:
/etc/openvpn - FreeBSD:
/usr/local/etc/openvpn - OpenBSD:
/etc/openvpn - Mac OS X:
~/Library/openvpn - Windows:
C:\Program files\OpenVPN\config\
Additionally, for Windows, openvpn.conf file needs
to be renamed to openvpn.ovpn
Running OpenVPN
Once the configuration and supporting files are in place, running OpenVPN is very easy, simply navigate to your OpenVPN configuration directory and execute the following as root:
openvpn --config openvpn.conf
Enter your passphrase when prompted and you should be good to go!
If everything goes smoothly, you'll be able to successfully complete:
$ ping -c 3 192.168.244.1
PING 192.168.244.1 (192.168.244.1) 56(84) bytes of data.
64 bytes from 192.168.244.1: icmp_seq=1 ttl=64 time=15.0 ms
64 bytes from 192.168.244.1: icmp_seq=2 ttl=64 time=19.1 ms
64 bytes from 192.168.244.1: icmp_seq=3 ttl=64 time=13.8 ms
--- 192.168.244.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 13.879/16.037/19.172/2.270 ms
$
Help
As always, if you need any further help, please send us an email at support@arpnetworks.com or open a support issue.