Converting From Non-MFA VPN to the MFA-Enabled VPN on Linux

From UCSC Genomics Institute Computing Infrastructure Information

If you are using OpenVPN on Linux to connect to the GI VPN and you are looking to convert to the new MFA-enabled GI VPN, you have come to the right place. You must already have Duo set up with your CruzID (which most of you do). If for some reason you don't have Duo set up yet on your phone, go here to enroll a device and configure Push Notifications with Duo before continuing: 

https://its.ucsc.edu/mfa/enroll.html

OK! Let's get to it.

Disconnect from the VPN if you are already connected. All the various flavors and versions of Linux vary in the specifics, so you may not be following these exact instructions to get it to work. This is based on the Network Manager in Ubuntu, but most Ubuntu/Debian variants will be similar.

Then you will need to download the new OpenVPN config file from here: 

https://giwiki.gi.ucsc.edu/downloads/prism-duo.ovpn

The credentials to access that website are username: genecats and password: KiloKluster

Download that file right-clicking on the link above and selecting "Save Link As...", and save it to your Desktop or some other area you will remember. or some other easy to remember location.

We will be installing the Prism VPN profile via the Network Manager GUI interface.

Open Network Manager from Gnome Settings option and select the Network tab and click on the VPN + symbol:

From the Add VPN window, click on the Import from file... option:

You must navigate to your .ovpn file (/path/to/your/prism-duo.ovpn) and click on Open button:

Click on the Add button:

Finally, click the On/Off button to start on the new VPN:

That's it! It will ask you for your usual GI PRISM username and password that you usually use to connect to our VPN, and after that it will send a Duo Push notification to your phone, and then you should be logged in. Other than the Duo Push, the VPN behaves exactly like it did before.

If you have issues you can always revert back to the old configuration, which will still work for a while. We will disable the old VPN soon though, so make every effort to get the new VPN setup working.

Once you have the new VPN working, feel free to delete the old profile from the Network Manager.

As always, please email cluster-admin@soe.ucsc.edu if you need help or have any questions.

Retrieved from "http://giwiki.gi.ucsc.edu/index.php?title=Converting_From_Non-MFA_VPN_to_the_MFA-Enabled_VPN_on_Linux&oldid=638"