Required Software
VPN Client
You will need to install a VPN client onto your laptop, PC or Mac that can handle OpenVPN protocols. We recommend:
- OpenVPN GUI Community 64-bit: a lightweight open-source app for **Windows
- OpenVPN Connect: a slicker but more resource heavy freeware app for Windows / Mac / Linux
- Tunnelblick: the standard VPN client for Mac
Adding an ovpn file to a client by default requires Admin rights to the computer. Change the Profiles folder to within the user area.
Disconnect from any other VPN services you may be using, eg Cisco AnyConnect (EMIS web) before installing the VPN client. If you are reinstalling, it is best to uninstall the previous version first. It may help to also reboot your laptop or PC after the install.
The OpenVPN GUI app does not have an automated update facility. If it is installed on an unmanaged laptop or PC, users should regularly check for updates and re-install if needed. Tunnelblick and OpenVPN Connect should automatically keep themselves up to date.
Further Information
- OpenVPN Community Wiki: Using OpenVPN GUI
- OpenVPN Documentation: Connect Client
- Tunnelblick Quick Start Guide
OTP Authenticator
CEG-VPN3 uses TOTP for multi-factor authentication. You can use any TOTP authenticator phone app compatible with Google Authenticator, which includes the Duo Mobile that you would have used to connect to CEG-VPN2 or CEG-VPN1. Other suitable apps are Google Authenticator, Microsoft Authenticator, Authy, 2FAS Auth and many others. All are available in the appropriate app store.
Where it is provided, app unlock security such as PIN or biometrics, should be used. Screenshots inside the app should be switched off. Care should be taken about the storage location for any backup facility.
Backlinks:
Overview
Connection to the OpenVPN server requires the user to have a suitable VPN client installed on their laptop or PC. This establishes a secure tunnel between their device and the OpenVPN server using a series of keys and protocols to encrypt the connections and communications. The user's encryption configuration is provided in a personal .ovpn file, which the user imports into the VPN client.
Previous versions of the VPN (CEG-VPN1 and CEG-VPN2) used Duo Mobile to provide 2-Factor Authentication. CEG-VPN3 instead uses a username, password and TOTP (Time-synchronised One Time PIN) to provide user authentication. The TOTP is generated from from an OTP phone app on the uses phone.