OpenVPN system of Supercomputing Center of USTC

Network and Information Center of USTC manages VPNs affiliated to WLT(http://wlt.ustc.edu.cn) accounts, which is not in our charge and authority.
For question related to this VPN, please contact Network and Information Center:
- Service department: 0551-63603949, netservice@ustc.edu.cn
- System for reporting malfunction and repairing: http://baoxiu.ustc.edu.cn
- Network and Information Center board on BBS: http://bbs.ustc.edu.cn/cgi/go?cgi=bbsdoc&board=USTCnet
For VPN issued by Supercomputing Center, please visit discussion board on BBS (named SCC) or email to sccadmin@ustc.edu.cn.

Brief introduction

Supercomputing Center's supercomputing systems have been limited to be login only from IPs registered on USTC network or within the database of IPs that have been granted permission to. Users need to use VPNs provided by Network and Information Center or Supercomputing Center before login the supercomputing systems from other IPs (such as those outside USTC).

Users can login supercomputing systems by SSH after connect to VPN when users outside USTC.

OpenVPN (http://www.openvpn.org) is an open source VPN system based on SSL, whose advantage is using UDP protocol only and supporting connection behind NAT devices comparing to VPNs based on PPTP.

General configuration files for Supercomputing Center's VPN server

Download ustc-scc-vpn-conf.rar, and there are 3 files in the compressed file:

ustc-scc.ovpn: main configuration file, user may adjust it to his own need

ustc-scc-ca.crt: certificate

ustc-scc-ta.key: tls-auth key

Configuration Wizard:

MS Windows System:

If OpenVPN has already been installed in your computer, there is no need for re-installation. Otherwise, please choose appropriate version according to your system.
- XP:
  - 64 bit version: openvpn-install-2.3.10-I001-x86_64.exe
  - 32 bit version: openvpn-install-2.3.10-I001-i686.exe
- Vista/7 and later:
  - 64 bit version: openvpn-install-2.3.10-I601-x86_64.exe
  - 32 bit version: openvpn-install-2.3.10-I601-i686.exe
- User may choose default installation or customized modules and directory, though default is recommended. The default directory will be C:\Program Files\OpenVPN.
After the installation finished, please extract general configuration files ustc-scc.ovpn, ustc-scc-ca.crt and ustc-scc-ta.key in ustc-scc-vpn-conf.rar to the sub-directory config in the installation directory(default will be C:\Program Files\OpenVPN\config).
Launch OpenVPN. Windows Start->all programs->OpenVPN->OpenVPN GUI. You will see a red icon showing net connection downright of the screen. Right click on the icon and select Connect (when there is only one configuration file postfixed with ovpn in the config directory) or ustc-scc->Connect(when there are multiple configuration files prefixed with ovpn existing. The following three ustc-dianxin, utsc-wangtong and ustc-cmcc are not parts of our VPN's function, instead they are the configuration files of Network and Information Center's VPN) and the login window will be prompted. Enter your VPN account (issued by us the Supercomputing Center) name and password (independent from the account name and password on supercomputing servers).
When same as below is prompted downright the desktop, connection has been established successfully, and now can login supercomputing servers:
- ustc-scc is now connected
- Assigned IP: 10.8.0.2
If you want to avoid the trouble for having to re-enter account name and password every time before login, you may adjust the configuration file ustc-scc.ovpn: first create a text file with the first line your account name and the second line password, then save it with any file name you prefer. Then open file ustc-scc.ovpn (with notepad), find line "auth-user-pass", and add name of the file that you just created behind this line(if directory containing \, please use \\, such as D:\\vpn\\vpnuser.txt). Beware that # and ; in a txt file serves as annotation, which means that if there is # or ; at the start of this line you would have to delete it first.
Notes: for vpn version earlier than 2.3.10, users of MS Windows Vista/7 or later need to run OpenVPN as administrator: Right click the OpenVPN GUI icon on the desktop and select "Running as administrator".

GNU/Linux system:

Install Openvpn package(root required)
- Debian GNU/Linux family(Debian, Ubuntu): apt-get install openvpn
- Redhat GNU/Linux family(RHEL, CentOS, Fedora): yum install openvpn
Copy ustc-scc.ovpn, ustc-scc-ca.crt and ustc-scc-ta.key to any directory, modify ustc-scc.ovpn to set the directory of ustc-scc-ca.crt and ustc-scc-ta.key.
Run openvpn --config ustc-scc.ovpn with root or sudo, VPN account name and password will be required. Then a bunch of information will flush your screen and at last "Initialization Sequence Completed" will appear on your screen, which marks successful connection. At this moment, ipconfig tap0 or ip route will tell you that you have connected to 10.8.0.x.
If you want to avoid the trouble for having to enter account name and password every time before login, you may adjust configuration file ustc-scc.ovpn: First creat a text file with the first line your account and second line password and save it with any name you prefer. Then open file ustc-scc.ovpn(with vi), find line "auth-user-pass", and add name of the file that you just created behind this line. Beware that # and ; in a txt file serves as annotation, which means that if there is # or ; at the start of this line you would have to delete it first. Lookout it is clear-text password.

Mac OS:

Use OpenVPN:
1. Install OpenVPN: sudo port install openvpn2
2. A tun/tap driver is required: http://tuntaposx.sourceforge.net/
3. Copy ustc-scc.ovpn, ustc-scc-ca.crt and ustc-scc-ta.key to any directory, modify ustc-scc.ovpn to set the directory of ustc-scc-ca.crt and ustc-scc-ta.key.
4. Run the command: sudo openvpn2 --config ./ustc-scc.ovpn
5. If you want to avoid the trouble for having to enter account name and password every time before login, you may adjust configuration file ustc-scc.ovpn: Creat a text file first with the first line your account and second line password and save it with any name you prefer. Then open file ustc-scc.ovpn(with vi), find line "auth-user-pass", and add name of the file that you just created behind this line. Beware that # and ; in a txt file serves as annotation, which means that if there is # or ; at the start of this line you would have to delete it first.
Directly using Tunnelblick instead of OpenVPN:
1. This software has tun/tap driver included. http://code.google.com/p/tunnelblick/
2. Copy ustc-scc.ovpn, ustc-scc-ca.crt and ustc-scc-ta.key to any directory, modify ustc-scc.ovpn to set the directory of ustc-scc-ca.crt and ustc-scc-ta.key.
3. Double click ovpn configuration file and then follow instructions.
4. After VPN connection has been established, you may login supercomputing server via SSH.

Attention:

Do NOT use configuration file on http://openvpn.ustc.edu.cn.
MS Windows Vista/7 or later require administrator access to run OpenVPN. Please refer to details above.
Any problem concerning VPN affiliated with WLT account(http://wlt.ustc.edu.cn), please contact Network and Information Center of USTC.