LizardVPN

From LizardWiki, FastLizard4's wiki and website
Revision as of 02:52, 28 April 2013 by RAN1 (Talk | contribs) (Whoops)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

LizardVPN is a VPN service offered to users of ridley.fastlizard4.org. It uses the Layer 2 Tunneling Protocol with Internet Protocol Security (L2TP/IPSec) system, and uses standard PAM authentication - that is, you log in using your existing ridley.fastlizard4.org SSH username and password.

Please be advised that you must have protected your login with two-factor authentication to use LizardVPN, regardless of whether you use passwords or SSH keys to perform SSH login to ridley. This is to curb abuse as well as provide an extra layer of protection. If you do not already have two-factor auth set up on ridley for your account, please go here to set it up before continuning on this page. Instructions on how to log in to the VPN with your passwod and two-factor verification code are below.

Please be aware that this service is provided with a great measure of trust. Abuse of the VPN will not be taken lightly, and will probably result in your access to LizardNet to be completely suspended.

Also, be aware that at this time, LizardVPN only supports IPv4 connections, but they may be behind NAT or direct. This is why you must specify ipv4.ridley.fastlizard4.org instead of just ridley.fastlizard4.org, since you have to force IPv4 even if you're on an IPv6 connection.

Setup and use

If you are familiar with VPN setup, the basic connections details are in the table to the right. Step-by-step instructions for various operating systems follow.

Windows 7

These instructions were written for Microsoft Windows 7. They may or may not be easily applicable to other versions of Windows.

First-time setup

  1. Open the Network and Sharing Center
  2. Under Change your networking settings, click Set up a new connection or network
  3. In the wizard that appears, select Connect to a workplace: Set up a dial-up or VPN connection to your workplace and click Next.
  4. If asked "Do you want to use a connection that you already have?", select No, create a new connection and click Next.
  5. Click Use my Internet connection (VPN)
  6. At the Internet address prompt, enter ipv4.ridley.fastlizard4.org.
  7. At the Destination name prompt, enter LizardVPN
  8. Check the checkbox Don't connect now; just set it up so I can connect later. Check or uncheck the other two boxes as you wish, though do not check "Use a smart card" if you don't know what you're doing.
  9. You will now be prompted to "Type your username and password". Enter your SSH login username at Username, but leave all other fields and checkboxes blank/unchecked, and click Create.
  10. If you've done everything correctly, you'll see "The connection is ready to use". Click Close; do not click "Connect now".
  11. Now, click the networking icon in your system tray to open the Connect to menu
  12. Under Dial-up and VPN, click LizardVPN, then Connect
  13. In the dialog box that appears, click Properties
  14. Go to the Security tab
  15. Under Type of VPN, select Layer 2 Tunneling Protocol with IPSec (L2TP/IPsec) in the dropdown menu, then click Advanced settings
  16. Tick the radio button Use preshared key for authentication, and in the text box Key enter LIZARDNETIPSECVPN2005. Click OK.
  17. Under Data encryption, select Maximum strength encryption (disconnect if server declines) from the dropdown menu.
  18. Under Authentication, make sure that the Allow these protocols radio button is ticked, and ensure that Unencrypted password (PAP) is checked.
  19. Make sure that Automatically use my Windows logon name and password (and domain, if any) is unchecked.
  20. Click OK to go back to the "Connect LizarVPN" dialog box and continue in the next section ("Logging in").

Logging in

  1. If you haven't already, open the "Connect LizardVPN" dialog box by:
    1. Clicking the networking icon in your system tray to open the Connect to menu
    2. Under Dial-up and VPN, click LizardVPN, then Connect
  2. In the "Connect LizardVPN" dialog box, enter your SSH login username for User name if it isn't there already. Ensure that Domain is blank.
  3. Get a two-factor auth token from your two-factor code app.
  4. For Password, enter your SSH login password immediately followed by the token you got in the previous step.
    • For example, if your SSH login password is p@ssword and the token your app gave you is 123456, then you'd enter p@ssword123456 as your password in the dialog box.
  5. Click Connect
  6. If everything works, the dialog box indicating connection status will disappear. Visit http://myip.dk, and if you're connected, you should see ridley.fastlizard4.org appear on the page!

Disconnecting

  1. To disconnect, click the networking icon in the system tray again to open the Connect To menu
  2. Under Dial-up and VPN, select LizardVPN and click Disconnect.

iOS (including iPhone, iPod Touch, and iPad)

Note: These guides were written using an iPad 2 running iOS 6.1. Depending on your device and iOS version, the instructions may differ slightly.

First-time setup

VPN setup on an iPad. Click to enlarge.

Note: You may use the image to the right as a reference.

  1. Open the Settings app.
  2. Go to General> VPN and select Add VPN Configuration... if the "Add configuration" dialog doesn't open automatically when you open VPN settings.
  3. Select L2TP at the top, and enter the following:
    • Description: LizardVPN
    • Server: ipv4.ridley.fastlizard4.org
    • Account: your SSH login username
    • RSA SecurID: OFF
    • Password: leave blank
    • Secret: LIZARDNETIPSECVPN2005
    • Send All Traffic: ON
  4. Make sure Proxy is Off, then hit Save in the upper-right corner.
  5. LizardVPN: Custom should now appear under Choose a Configuration; ensure that it is checked (if it isn't, simply tap it).
  6. Continue in the next section to connect!

Logging in

  1. Open the Settings app.
  2. Under the Bluetooth toggle (in the left-hand column on iPads, or at the top of the Settings screen on iPod Touches/iPhones), there is a new VPN item. If LizardVPN is your only VPN, simply hit the switch to begin connection! Otherwise, selecting it will take you to the VPN menu. Make sure that LizardVPN: Custom is checked, and toggle the VPN switch at the top of the screen.
  3. You'll be prompted for your password. Enter your SSH login password immediately followed by your two-factor auth token.
    • For example, if your SSH login password is p@ssword and the token your app gave you is 123456, then you'd enter p@ssword123456 as your password in the dialog box.
    • Note: If your authenticator app is on the same device that you're trying to VPN from, you might have to juggle a little. I, using my iPad, was able to enter my password at the password prompt, switch to my authenticator app to get my two-factor auth code, then switch back to Settings to finish entering my password and code and connect to the VPN. Others (on iPod Touches and iPhones) were not able to do the same; instead, one should first check their authenticator app and get a two-factor auth code, then switch to Settings, then start the VPN connection and enter the two-factor auth code first while it's still fresh, then moving the cursor to the start of the password prompt and entering your password.
    • Hit Done in the upper-right corner.
  4. If it works, the VPN toggle will change to "ON"! Visit http://myip.dk in your browser, and you should see ridley.fastlizard4.org!

Disconnecting

  1. Return to the Settings app.
  2. Hit the VPN toggle again to change it from "ON" to "OFF". You have successfully disconnected.

Mac OS X

These instructions were written based on Mac OS X 10.6 (Snow Leopard). Specifics may vary from version to version.

  1. Open System Preferences, then click on Network under Internet & Wireless.
  2. If not done already, click the lock icon at the bottom left of the screen and authenticate using your administrator username and password.
  3. At the bottom of the left pane containing the list of network connections, press the (+) symbol.
  4. In the dropdown dialog that appears, open the Interface dropdown menu and select VPN.
    • If the VPN Type has not been set to L2TP over IPSec, open the dropdown menu and select that option.
    • Assign the VPN a Service Name (LizardVPN is appropriate, although you can take poetic license with this one).
  5. After selecting the options for the above step, click Create.
  6. Select LizardVPN (or whatever Service Name you entered) from the left pane (NOTA BENA: On my system it switches the righthand configuration box to LizardVPN on creation but does not change the selection in the left pane. I assume that is a bug, but if it doesn't display "Status: Not Configured" in the righthand pane, select the network connection).
  7. For the Server Address field, enter ipv4.ridley.fastlizard4.org.
  8. For the Account Name, enter your SSH login username.
  9. Click on the Authentication Settings... button.
  10. Under the field Machine Authentication, the Shared Secret radio button should be selected. In the adjacent field, enter LIZARDNETIPSECVPN2005. Afterwards, click OK (do not enter a password).
  11. In the bottom right corner, click Advanced....
  12. Check the Send all traffic over VPN connection checkbox.
    • Optional: If you wish, you may check the Use verbose logging checkbox. This saves all VPN logs to /var/log/ppp.log, which can be accessed using the Terminal nano and vim editors.
  13. Click Apply in the bottom right corner to save your connection.
    • Optional, but highly recommended: Check the Show VPN status in menu bar checkbox to show a VPN menu that can be accessed through the menu bar.

Logging in

  1. Click the Connect button in System Preferences, or the Connect LizardVPN under the menu bar VPN dropdown.
  2. In the dialog box that appears, enter your SSH login password followed immediately by your six-digit two-factor authentication code in the field Please enter your password.
  3. If all goes well, the VPN should authenticate and "Status: Connected" should appear in the settings pane, and a timer displaying how long you've connected to LizardVPN should appear in the menu bar. Congratulations! You're connected!
    • NOTA BENA: Please remember to relock System Preferences after completing setup.

Disconnecting

  1. Click the Disconnect button in System Preferences, or the Disconnect LizardVPN button in the menu bar dropdown. You are now disconnected.