openvpn.md 1.55 KB

CSEL OpenVPN

Getting Access

To use the CSEL's OpenVPN server, you need an OpenSSL certificate signed by our certificate authority. To get a certificate, start by choosing a common name. We will only accept requests for names that match your @colorado.edu email address plus a tag.

$ CN="matthew.monaco+desktop@colorado.edu"
$ openssl genrsa -out "$CN".key 2048
$ openssl req -new -key "$CN".key -out "$CN".csr -subj "/C=US/ST=Colorado/L=Boulder/O=University of Colorado/OU=Department of Computer Science/CN=$CN/emailAddress=admin@csel.cs.colorado.edu

A couple of things to note:

  • The .key is private, do not share it. The .csr (certificate signing request) is public, it can be shared.

  • There can only be one active connection per certificate. It's fine to use the same certificate on e.g., your laptop and your desktop if only one will be connected at a time.

  • You can share one key among any number of certificates, however make sure you transfer your key securely among machines. There really isn't a drawback to using separate keys though.

  • A keysize of 2048 is sufficient, but you can choose others such as 1024 4192, etc if you so desire.

Once your .csr is generated, email it to admin@csel.cs.colorado.edu. We will generate a .crt (certificate) for you and place it in your CSEL home directory. The .crt is public, it can't be used for much without the private .key file.

Connecting

TODO