Setting Up an XSCE VPN

The "privacy" of virtual private networks is based upon 2 software keys, one private, and the other public. In most instances, the private key is generated by a user and never shared with anyone. The public key can be used as entrance certificate. If this public key is placed in a list of "authorized_keys", the person who has the corresponding private key is given access to the resource. The ssh (secure shell) conversation is encrypted, and evesdroppers are not able to mimic the legitimate client. In this case the private and public keys are hidden in an installation package, and not available except by installing XSCE.

The vpn tunnel is only available to school servers who have installed the XSCE rpm package. Additional security can be achieved beyond ssh password security, by generating ssh public/private key pairs using the "ssh-keygen" command (see more complete instructions at http://www.eng.cam.ac.uk/help/jpmg/ssh/authorized_keys_howto.html).

To start the openvpn tunnel automatically at every boot, you can add the following line to /etc/rc.d/rc.local: "/etc/openvpn/openvpn-start". To verify that the connection has been established, issue the terminal command "ifconfig", and look for the inet address of the "tun" device. This is the ip address that the openvpn server has assigned you. You can use it when you attempt to connect to the school server from your own personal computer, to check out the remote administration capability of openvpn.

To make a second connection to xsce.activitycentral.com, you need to download openvpn client for the operating system your are using, and copy the ca.crt, client1.key, and client1.crt files from the schoolserver/etc/openvpn/keys folder