Skip to content

Instantly share code, notes, and snippets.

@oyeb

oyeb/iitb-vpn-ssh.md

Last active March 6, 2022 07:19
Show Gist options
  • Save oyeb/76555453b1139e7f2be68e6ecab0f47a to your computer and use it in GitHub Desktop.
Save oyeb/76555453b1139e7f2be68e6ecab0f47a to your computer and use it in GitHub Desktop.
Download ZIP
Accessing IITB from outside
Raw
iitb-vpn-ssh.md

Avoid the VPN -- use SSH tunnel

If you use the VPN all your private browsing gets tunneled thru IITB -- and why the hell would you want that? Just use the SSH tunnel at login.iitb.ac.in.

You can access it by:

ssh -p xxxx <ldap-user>@login.iitb.ac.in

The port number can be found on the computer center's website.

I logged in to login.iitb.ac.in, what now?

Go ahead, ssh into an internal server.

Wait a minute -- there's a better way!

ssh -J your_user@login.iitb.ac.in another_user@internal_ip

This will jump over login.iitb.ac.in and gives the most benefits if you have installed your public key on mars.cse.iitb.ac.in -- you won't be prompted for any passwords. Of course you can make this behaviour permanent

Pro tips for noobs

  1. You may not want to skip the user@ because it's unlikely that your login name on your PC is the same as your LDAP ID.
  2. You may want to skip this whole username-password business by copying your public key on mars.cse.iitb.ac.in:

VPN blues

Failed to run OpenVPN using that pesky GUI network manager? Good 'ol CLI to fix your troubles.

My operating system does not have network-manager-openvpn network-manager-openvpn-gnome by default and I don't want to install them just for VPN. So I use the old method under "2) Old VPN Configuration for older version of operating systems"

The following patch works for me:

# uname -a
Linux console 4.19.113-1-MANJARO #1 SMP Wed Mar 25 12:30:45 UTC 2020 x86_64 GNU/Linux

# openvpn --version
OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan  3 2020
library versions: OpenSSL 1.1.1e  17 Mar 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

Apply the patch to the iitb.ovpn

9c9
< group nogroup
---
> group nobody
113,114c113,114
< up /etc/openvpn/client.up
< down /etc/openvpn/client.down
---
> up /etc/openvpn/client/client.up
> down /etc/openvpn/client/client.down

I had to place this config in the client config folder, hence I changed my paths. You need to adapt this according to your OS.

By running

patch iitb.ovpn <the-patch-file>

And then follow the rest of the instructions on https://www.cc.iitb.ac.in/#v-pills-howto-vpn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment