diff --git a/assets/VPN setup guide(CLI).md b/assets/VPN setup guide(CLI).md deleted file mode 100644 index e70fe26c..00000000 --- a/assets/VPN setup guide(CLI).md +++ /dev/null @@ -1,91 +0,0 @@ -# GoodAccess VPN Setup Guide (CLI) - -This guide provides step-by-step instructions to set up and connect to GoodAccess VPN on a Linux machine using the command-line interface (CLI). - ---- - -## Step 1: Receive VPN Credentials and Setup Files - -You will receive the following via a secure communication channel (e.g., email): -- VPN **username** and **password** -- A setup file (typically in `.zip` format) - ---- - -## Step 2: Unzip the Setup File - -1. Locate the received `.zip` file. -2. Extract its contents: - ```sh - unzip .zip - ``` -3. Move the `.ovpn` file to the correct directory: - ```sh - mv .ovpn assets/openvpn_configs/good_access - ``` -4. Open the `.ovpn` file and verify that the following line exists: - ``` - auth-user-pass /etc/openvpn/credentials - ``` - - If it does not exist, **manually add it** after `auth-user-pass`. - ---- - -## Step 3: Establish a New VPN Connection - -To initiate a VPN connection, run: -```sh -sh envsetup_scripts/setup_vpntunnel.sh -d -n -``` -Where `` is your institute's name. For the ODELIA project, choose from: -- TUD -- Ribera -- VHIO -- Radboud -- UKA -- UMCU -- MHA -- Cambridge -- USZ -- MEVIS - -You will be prompted to enter the **username** and **password** provided by TUD. - ---- - -## Step 4: Verify VPN Connection - -To confirm that you are connected, check your IP address: -```sh -hostname -I -``` -You should see an IP in the range **172.24.4.xx/22**. - ---- - -## Step 5: Reconnect to VPN - -If your machine restarts or loses connection, reconnect by running: -```sh -sh envsetup_scripts/setup_vpntunnel.sh -``` - -The `.ovpn` file assigned to you by TUD is required for re-establishing the connection. - -For further troubleshooting, refer to the VPN Connect Guide on the GoodAccess support page: -[GoodAccess VPN Connect Guide](https://support.goodaccess.com/configuration-guides/linux) - - - -## Step 6: Troubleshooting — Disconnecting Existing VPN Connections - -Some users have experienced that connecting to GoodAccess **disconnects an existing VPN or ssh connection**. -This may happen because OpenVPN is configured to redirect all network traffic through the GoodAccess tunnel, which overrides your local or other VPN routes and may make the machine inaccessible in its local network. - -If this occurs, you can prevent the redirection by starting OpenVPN with: -```sh -openvpn --config .ovpn --pull-filter ignore redirect-gateway -``` -This tells the OpenVPN client **not** to override your default gateway, allowing your other VPN or ssh connection to remain active. - -> **Note:** This behavior was observed by Aitor and Ole after certain OpenVPN updates. The above command has been effective in resolving the issue. \ No newline at end of file diff --git a/assets/openvpn_always_on_setup_guide.md b/assets/openvpn_always_on_setup_guide.md index bb7a575b..d32e5481 100644 --- a/assets/openvpn_always_on_setup_guide.md +++ b/assets/openvpn_always_on_setup_guide.md @@ -125,23 +125,17 @@ Check network interfaces: ip a ``` -Or verify your public IP: - -```bash -curl ifconfig.me -``` - -The IP should correspond to the VPN, not your ISP. +You should see an interface named `tun0` or similar with an IP address starting with `172.24.4.` --- ## 8. Behavior Summary -| Event | Result | -|------|-------| -| VPN connection drops | Automatically reconnects | -| VPN server unavailable | Retries indefinitely | -| Server reboot | VPN reconnects on startup | +| Event | Result | +|---------------------------+----------------------------------| +| VPN connection drops | Automatically reconnects | +| VPN server unavailable | Retries indefinitely | +| Server reboot | VPN reconnects on startup | | Network delay during boot | systemd retries until successful | --- @@ -154,3 +148,17 @@ The IP should correspond to the VPN, not your ISP. --- +## Troubleshooting + +### Disconnecting Existing VPN Connections + +Some users have experienced that connecting to GoodAccess **disconnects an existing VPN or ssh connection**. +This may happen because OpenVPN is configured to redirect all network traffic through the GoodAccess tunnel, which overrides your local or other VPN routes and may make the machine inaccessible in its local network. + +If this occurs, you can prevent the redirection by starting OpenVPN with +```sh +openvpn --config .ovpn --pull-filter ignore redirect-gateway +``` +This tells the OpenVPN client **not** to override your default gateway, allowing your other VPN or ssh connection to remain active. + +**TODO** describe how this can be configured in when starting the VPN as a system service. \ No newline at end of file diff --git a/assets/readme/README.participant.md b/assets/readme/README.participant.md index 9ff01ba1..62f5f238 100644 --- a/assets/readme/README.participant.md +++ b/assets/readme/README.participant.md @@ -11,16 +11,7 @@ This guide is for data scientists and medical research sites participating in a ## Setup 0. Add this line to your `/etc/hosts`: `172.24.4.65 dl3.tud.de dl3` 1. Make sure your compute node satisfies the specification and has the necessary software installed. -2. Set up the VPN. A VPN is necessary so that the swarm nodes can communicate with each other securely across firewalls. For that purpose, - 1. Install OpenVPN - ```bash - sudo apt-get install openvpn - ``` - 2. If you have a graphical user interface(GUI), follow this guide to connect to the - VPN: [VPN setup guide(GUI).pdf](../VPN%20setup%20guide%28GUI%29.pdf) - 3. If you have a command line interface(CLI), follow this guide to connect to the - VPN: [VPN setup guide(CLI).md](../VPN%20setup%20guide%28CLI%29.md) - 4. You may want to clone this repository or selectively download VPN-related scripts for this purpose. +2. Set up the VPN. A VPN is necessary so that the swarm nodes can communicate with each other securely across firewalls. For that purpose, follow the instructions in [openvpn_always_on_setup_guide.md](../openvpn_always_on_setup_guide.md). ## Prepare Dataset diff --git a/scripts/client_node_setup/setup_vpntunnel.sh b/scripts/client_node_setup/setup_vpntunnel.sh deleted file mode 100755 index 7a53d00b..00000000 --- a/scripts/client_node_setup/setup_vpntunnel.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/env bash - -set -e - -ACTION="nochange" - -while [[ "$#" -gt 0 ]]; do - case $1 in - -d) host_index="$2"; shift ;; - -n) ACTION="new";; - -h) ACTION="help";; - *) echo "Unknown parameter passed: $1"; exit 1 ;; - esac - shift -done - -if [[ $ACTION = "help" ]]; then - echo "Usage: setup_vpntunnel.sh -d [-n]" - echo " -n one-time setup" - echo "" - exit 1 -fi - -if [ -z "$host_index" ]; then - echo "Please specify your host index via option -d " - echo "Host index should be chosen from [TUD, Ribera, VHIO, Radboud, UKA, Utrecht, Mitera, Cambridge, Zurich]" - exit 1 -fi - -if [ $ACTION = "new" ]; then - # to the initial setup - echo "Setting up VPN tunnel for swarm learning ..." - sudo apt-get -y install openvpn - - echo "Please enter your vpn credentials (ask TUD maintainer for the account and password if you don't have the data yet)" - read -p "vpn account: " vpn_account - stty -echo - read -p "vpn password: " vpn_password - stty echo - printf '%s\n' $vpn_account $vpn_password | sudo tee /etc/openvpn/credentials > /dev/null - sudo chmod 600 /etc/openvpn/credentials -fi - -if [[ ! -f ./assets/openvpn_configs/good_access/$host_index.ovpn ]]; then - echo "Configuration file ./assets/openvpn_configs/good_access/$host_index.ovpn not found" - exit 1 -fi - -if [[ ! -f /etc/openvpn/credentials ]]; then - echo "Credentials file /etc/openvpn/credentials not found, please use option -n to create it" - exit 1 -fi - -echo "Starting VPN tunnel for swarm learning ..." -sudo nohup openvpn --config ./assets/openvpn_configs/good_access/$host_index.ovpn & -sleep 3 -sudo chmod a+r nohup.out - -if [ $? -ne 0 ]; then - echo "An error occurred while running the script. Please check the output above or nohup.out for more details." - exit 1 -fi - -hostname -I - -echo "You should see an IP address of the form 172.24.4.x in the output above." -echo "If it does not appear, try 'hostname -I' again in 10 or 20 seconds."