Setting Up The VPN on MacOS

From UCSC Genomics Institute Computing Infrastructure Information

Revision as of 21:20, 10 February 2025 by Weiler (talk | contribs)

Before following these instructions, please ensure that you have filled out an account request form and completed all the training and requirements as detailed here:

Requirement_for_users_to_get_GI_VPN_access

After completing those requirements, you should have received a welcome email from us explaining that your account is ready. Once you have received that email, continue following these instructions.

For MacOS, you will be installing "Tunnelblick", an OpenVPN client software package for Mac. Do not install this software on public or shared computers!

Before installing Tunnelblick, you must have enrolled your cell phone for Duo MFA using your CruzID account with UCSC. Most folks already have this from when they first started at UCSC. If you don't yet have a CruzID, please contact your sponsor/PI and ask them to help you acquire a CruzID. If you have a CruzID but haven't yet enrolled your cell phone, please follow the instructions here to enroll your phone: 

https://its.ucsc.edu/mfa/enroll.html

After confirming your cell phone MFA enrollment, or if you have already done this a while ago, continue to install Tunnelblick.

Download the OpenVPN configuration file we will be using. The username and password to access this web link should have been sent to you in your account creation welcome email: 

https://giwiki.gi.ucsc.edu/downloads/prism-duo.ovpn

And save that file to your Desktop.

Next, you will need to download Tunnelblick (the latest Stable Version) from this link: 

https://tunnelblick.net/downloads.html

Once you have downloaded Tunnelblick, double-click on it and proceed through the installation steps. During installation, it will ask you if you want to install for "Only You" or "All Users". Select "Only You". At the end it will ask if you have any configuration files, say "Yes" and select the prism-duo.ovpn file you downloaded earlier.

After installation, in your Finder, you may want to navigate to the Applications folder and drag the Tunnelblick icon to your dock for easy launching.

After launching Tunnelblick from the Applications folder, you will see a small "tunnel" icon on the top right of your screen, next to the date and WiFi icon. You should be able to click on that icon, then click "Connect prism-duo" to start the VPN. "Prism" is the name of our firewalled environment. Use the username and temporary password that we sent to you in your account creation welcome email to login to the VPN for the first time. After typing in your username and password, you will be sent a Duo MFA push to your phone. Accept that push, and then you will be connected.

Once you authenticate to the VPN (username/password/MFA), then login via SSH to 'mustard.prism' for example, and you will be asked to change your password.

If you are not familiar with SSH, then you will need to open the "Terminal" application which can be found in your Applications Folder under "Utilities". After launching "Terminal" you will connect to mustard by typing: 

ssh username@mustard.prism

Where "username" is the username we sent you in the welcome email (incidentally it is also your CruzID username). It will ask you for a password, just type in the password we sent you in your account creation welcome email. When you type the password, the characters will not echo to the screen, so it will not show you what you are typing. Once logging in successfully to mustard, it will as you to change your password. It will ask for you current password one more time, then it will ask you to choose a new password, which you will need to enter two times. Again, whatever password you choose will not echo to the screen. You new password must be: 

1: At least 10 characters long
2: At least 3 character classes (lowercase, uppercase, number and/or special character)

Once you change your password, it will log you out of mustard. Then, log out of the VPN (click the Tunnelblick icon on the top right of your screen and select "disconnect"). Then, log back into the VPN using your new password. It will send another Duo MFA push to your phone, then you should be logged in!

Then feel free to ssh to any of our firewalled servers (using your new password). Note the following page for available resources: 

https://giwiki.gi.ucsc.edu/index.php?title=Firewalled_Computing_Resources_Overview

As always, if you have any questions, please email cluster-admin@soe.ucsc.edu for help.

Retrieved from "http://giwiki.gi.ucsc.edu/index.php?title=Setting_Up_The_VPN_on_MacOS&oldid=605"