From a83116a18219665b65136347b3af711c660cb103 Mon Sep 17 00:00:00 2001 From: Ole Schwen Date: Mon, 9 Feb 2026 11:07:29 +0100 Subject: [PATCH 1/4] added what to check --- assets/openvpn_always_on_setup_guide.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/assets/openvpn_always_on_setup_guide.md b/assets/openvpn_always_on_setup_guide.md index bb7a575b..b723a88f 100644 --- a/assets/openvpn_always_on_setup_guide.md +++ b/assets/openvpn_always_on_setup_guide.md @@ -125,6 +125,8 @@ Check network interfaces: ip a ``` +You should see an interface named `tun0` or similar with an IP address starting with `172.24.4.` + Or verify your public IP: ```bash @@ -153,4 +155,3 @@ The IP should correspond to the VPN, not your ISP. - Configuration is suitable for headless servers. --- - From 5bf8008029fbdc6585fd59b60f4872b4030e3b5a Mon Sep 17 00:00:00 2001 From: Ole Schwen Date: Mon, 9 Feb 2026 15:26:15 +0100 Subject: [PATCH 2/4] removed instructions for ifconfig.me, they do not apply in case of split tunneling --- assets/openvpn_always_on_setup_guide.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/assets/openvpn_always_on_setup_guide.md b/assets/openvpn_always_on_setup_guide.md index b723a88f..559c8be4 100644 --- a/assets/openvpn_always_on_setup_guide.md +++ b/assets/openvpn_always_on_setup_guide.md @@ -127,14 +127,6 @@ ip a You should see an interface named `tun0` or similar with an IP address starting with `172.24.4.` -Or verify your public IP: - -```bash -curl ifconfig.me -``` - -The IP should correspond to the VPN, not your ISP. - --- ## 8. Behavior Summary From 25372d241129fce5428ed96ab86e9b0b317594a4 Mon Sep 17 00:00:00 2001 From: Ole Schwen Date: Mon, 9 Feb 2026 15:36:08 +0100 Subject: [PATCH 3/4] table layout in source --- assets/openvpn_always_on_setup_guide.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/assets/openvpn_always_on_setup_guide.md b/assets/openvpn_always_on_setup_guide.md index 559c8be4..1c75b58d 100644 --- a/assets/openvpn_always_on_setup_guide.md +++ b/assets/openvpn_always_on_setup_guide.md @@ -131,11 +131,11 @@ You should see an interface named `tun0` or similar with an IP address starting ## 8. Behavior Summary -| Event | Result | -|------|-------| -| VPN connection drops | Automatically reconnects | -| VPN server unavailable | Retries indefinitely | -| Server reboot | VPN reconnects on startup | +| Event | Result | +|---------------------------+----------------------------------| +| VPN connection drops | Automatically reconnects | +| VPN server unavailable | Retries indefinitely | +| Server reboot | VPN reconnects on startup | | Network delay during boot | systemd retries until successful | --- From 83bf6488bb007a3d0844f13edb7cb454ae24dc04 Mon Sep 17 00:00:00 2001 From: Ole Schwen Date: Tue, 10 Feb 2026 13:44:55 +0100 Subject: [PATCH 4/4] link to current VPN installation guide, removed previous one after moving troubleshooting section --- assets/VPN setup guide(CLI).md | 91 -------------------- assets/openvpn_always_on_setup_guide.md | 15 ++++ assets/readme/README.participant.md | 11 +-- scripts/client_node_setup/setup_vpntunnel.sh | 67 -------------- 4 files changed, 16 insertions(+), 168 deletions(-) delete mode 100644 assets/VPN setup guide(CLI).md delete mode 100755 scripts/client_node_setup/setup_vpntunnel.sh diff --git a/assets/VPN setup guide(CLI).md b/assets/VPN setup guide(CLI).md deleted file mode 100644 index e70fe26c..00000000 --- a/assets/VPN setup guide(CLI).md +++ /dev/null @@ -1,91 +0,0 @@ -# GoodAccess VPN Setup Guide (CLI) - -This guide provides step-by-step instructions to set up and connect to GoodAccess VPN on a Linux machine using the command-line interface (CLI). - ---- - -## Step 1: Receive VPN Credentials and Setup Files - -You will receive the following via a secure communication channel (e.g., email): -- VPN **username** and **password** -- A setup file (typically in `.zip` format) - ---- - -## Step 2: Unzip the Setup File - -1. Locate the received `.zip` file. -2. Extract its contents: - ```sh - unzip .zip - ``` -3. Move the `.ovpn` file to the correct directory: - ```sh - mv .ovpn assets/openvpn_configs/good_access - ``` -4. Open the `.ovpn` file and verify that the following line exists: - ``` - auth-user-pass /etc/openvpn/credentials - ``` - - If it does not exist, **manually add it** after `auth-user-pass`. - ---- - -## Step 3: Establish a New VPN Connection - -To initiate a VPN connection, run: -```sh -sh envsetup_scripts/setup_vpntunnel.sh -d -n -``` -Where `` is your institute's name. For the ODELIA project, choose from: -- TUD -- Ribera -- VHIO -- Radboud -- UKA -- UMCU -- MHA -- Cambridge -- USZ -- MEVIS - -You will be prompted to enter the **username** and **password** provided by TUD. - ---- - -## Step 4: Verify VPN Connection - -To confirm that you are connected, check your IP address: -```sh -hostname -I -``` -You should see an IP in the range **172.24.4.xx/22**. - ---- - -## Step 5: Reconnect to VPN - -If your machine restarts or loses connection, reconnect by running: -```sh -sh envsetup_scripts/setup_vpntunnel.sh -``` - -The `.ovpn` file assigned to you by TUD is required for re-establishing the connection. - -For further troubleshooting, refer to the VPN Connect Guide on the GoodAccess support page: -[GoodAccess VPN Connect Guide](https://support.goodaccess.com/configuration-guides/linux) - - - -## Step 6: Troubleshooting — Disconnecting Existing VPN Connections - -Some users have experienced that connecting to GoodAccess **disconnects an existing VPN or ssh connection**. -This may happen because OpenVPN is configured to redirect all network traffic through the GoodAccess tunnel, which overrides your local or other VPN routes and may make the machine inaccessible in its local network. - -If this occurs, you can prevent the redirection by starting OpenVPN with: -```sh -openvpn --config .ovpn --pull-filter ignore redirect-gateway -``` -This tells the OpenVPN client **not** to override your default gateway, allowing your other VPN or ssh connection to remain active. - -> **Note:** This behavior was observed by Aitor and Ole after certain OpenVPN updates. The above command has been effective in resolving the issue. \ No newline at end of file diff --git a/assets/openvpn_always_on_setup_guide.md b/assets/openvpn_always_on_setup_guide.md index 1c75b58d..d32e5481 100644 --- a/assets/openvpn_always_on_setup_guide.md +++ b/assets/openvpn_always_on_setup_guide.md @@ -147,3 +147,18 @@ You should see an interface named `tun0` or similar with an IP address starting - Configuration is suitable for headless servers. --- + +## Troubleshooting + +### Disconnecting Existing VPN Connections + +Some users have experienced that connecting to GoodAccess **disconnects an existing VPN or ssh connection**. +This may happen because OpenVPN is configured to redirect all network traffic through the GoodAccess tunnel, which overrides your local or other VPN routes and may make the machine inaccessible in its local network. + +If this occurs, you can prevent the redirection by starting OpenVPN with +```sh +openvpn --config .ovpn --pull-filter ignore redirect-gateway +``` +This tells the OpenVPN client **not** to override your default gateway, allowing your other VPN or ssh connection to remain active. + +**TODO** describe how this can be configured in when starting the VPN as a system service. \ No newline at end of file diff --git a/assets/readme/README.participant.md b/assets/readme/README.participant.md index 9ff01ba1..62f5f238 100644 --- a/assets/readme/README.participant.md +++ b/assets/readme/README.participant.md @@ -11,16 +11,7 @@ This guide is for data scientists and medical research sites participating in a ## Setup 0. Add this line to your `/etc/hosts`: `172.24.4.65 dl3.tud.de dl3` 1. Make sure your compute node satisfies the specification and has the necessary software installed. -2. Set up the VPN. A VPN is necessary so that the swarm nodes can communicate with each other securely across firewalls. For that purpose, - 1. Install OpenVPN - ```bash - sudo apt-get install openvpn - ``` - 2. If you have a graphical user interface(GUI), follow this guide to connect to the - VPN: [VPN setup guide(GUI).pdf](../VPN%20setup%20guide%28GUI%29.pdf) - 3. If you have a command line interface(CLI), follow this guide to connect to the - VPN: [VPN setup guide(CLI).md](../VPN%20setup%20guide%28CLI%29.md) - 4. You may want to clone this repository or selectively download VPN-related scripts for this purpose. +2. Set up the VPN. A VPN is necessary so that the swarm nodes can communicate with each other securely across firewalls. For that purpose, follow the instructions in [openvpn_always_on_setup_guide.md](../openvpn_always_on_setup_guide.md). ## Prepare Dataset diff --git a/scripts/client_node_setup/setup_vpntunnel.sh b/scripts/client_node_setup/setup_vpntunnel.sh deleted file mode 100755 index 7a53d00b..00000000 --- a/scripts/client_node_setup/setup_vpntunnel.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/env bash - -set -e - -ACTION="nochange" - -while [[ "$#" -gt 0 ]]; do - case $1 in - -d) host_index="$2"; shift ;; - -n) ACTION="new";; - -h) ACTION="help";; - *) echo "Unknown parameter passed: $1"; exit 1 ;; - esac - shift -done - -if [[ $ACTION = "help" ]]; then - echo "Usage: setup_vpntunnel.sh -d [-n]" - echo " -n one-time setup" - echo "" - exit 1 -fi - -if [ -z "$host_index" ]; then - echo "Please specify your host index via option -d " - echo "Host index should be chosen from [TUD, Ribera, VHIO, Radboud, UKA, Utrecht, Mitera, Cambridge, Zurich]" - exit 1 -fi - -if [ $ACTION = "new" ]; then - # to the initial setup - echo "Setting up VPN tunnel for swarm learning ..." - sudo apt-get -y install openvpn - - echo "Please enter your vpn credentials (ask TUD maintainer for the account and password if you don't have the data yet)" - read -p "vpn account: " vpn_account - stty -echo - read -p "vpn password: " vpn_password - stty echo - printf '%s\n' $vpn_account $vpn_password | sudo tee /etc/openvpn/credentials > /dev/null - sudo chmod 600 /etc/openvpn/credentials -fi - -if [[ ! -f ./assets/openvpn_configs/good_access/$host_index.ovpn ]]; then - echo "Configuration file ./assets/openvpn_configs/good_access/$host_index.ovpn not found" - exit 1 -fi - -if [[ ! -f /etc/openvpn/credentials ]]; then - echo "Credentials file /etc/openvpn/credentials not found, please use option -n to create it" - exit 1 -fi - -echo "Starting VPN tunnel for swarm learning ..." -sudo nohup openvpn --config ./assets/openvpn_configs/good_access/$host_index.ovpn & -sleep 3 -sudo chmod a+r nohup.out - -if [ $? -ne 0 ]; then - echo "An error occurred while running the script. Please check the output above or nohup.out for more details." - exit 1 -fi - -hostname -I - -echo "You should see an IP address of the form 172.24.4.x in the output above." -echo "If it does not appear, try 'hostname -I' again in 10 or 20 seconds."