Required software
VPN client
You will need to install a VPN client onto your laptop, PC or Mac that can handle OpenVPN protocols. We recommend:
OpenVPN Connect
OpenVPN Connect is the freeware app provided for the commercial OpenVPN product. It has a modern interface and a simple setup. (Windows / Mac / Linux)
Tunnelblick
Tunnelblick is the standard VPN client used on Macs. It works well but requires some tweaked settings. (Mac)
OpenVPN GUI
OpenVPN GUI Community 64-bit is the open-source app provided by OpenVPN. It has a basic interface and on managed laptops may require changing the Profiles folder default setting to point to a folder within your user area. It does not have an automated update facility and so users should periodically check for updates and re-install if needed. For these additional user requirements, we now primarily recommend using OpenVPN Connect. (Windows)
Install
Disconnect from any other VPN services you may be using, eg Cisco AnyConnect (EMIS web) before installing the VPN client. If you are reinstalling, it is best to uninstall the previous version first. It may help to also reboot your laptop or PC after the install.
QMUL laptops
'OpenVPN Connect V3 (MSI-x64)' is available in the Software Centre and Company Portal. If you have any problems connect Kelvin.
Further information
- OpenVPN Community Wiki: Using OpenVPN GUI
- OpenVPN Documentation: Connect Client
- Tunnelblick Quick Start Guide
OTP authenticator
CEG-VPN3 uses TOTP for multi-factor authentication. You can use any TOTP authenticator phone app compatible with Google Authenticator, which includes the Duo Mobile that you would have used to connect to CEG-VPN2 or CEG-VPN1. Other suitable apps are Google Authenticator, Microsoft Authenticator, Authy, 2FAS Auth and many others. All are available in the appropriate app store.
Where it is provided, app unlock security such as PIN or biometrics, should be used. Screenshots inside the app should be switched off. Care should be taken about the storage location for any backup facility.
Backlinks:
Overview
Connection to the OpenVPN server requires the user to have a suitable VPN client installed on their laptop or PC. This establishes a secure tunnel between their device and the OpenVPN server using a series of keys and protocols to encrypt the connections and communications. The user's encryption configuration is provided in a personal .ovpn file, which the user imports into the VPN client.
Previous versions of the VPN (CEG-VPN1 and CEG-VPN2) used Duo Mobile to provide 2-Factor Authentication. CEG-VPN3 instead uses a username, password and TOTP (Time-synchronised One Time PIN) to provide user authentication. The TOTP is generated from from an OTP phone app on the uses phone.
Setting up CEG-VPN access
You will need an OTP Authenticator installed on your smart phone. In your OTP app:
You will need a VPN Client installed on your laptop or PC.