VPN (EN)

Italian instructions may be found here.

There are several VPN (Virtual Private Network) available to connect to our local network. Depending on which server is in use you can either authenticate with your LDAP credentials (same user & password used for email/cerbero) or with your personal X.509 certificate, issued by Sectigo/Harica. These are the OpenVPN server:

• sansone.mib.infn.it
  • Either LDAP or X.509 auth
• seven.mib.infn.it
  • X.509 auth only
• sette.mib.infn.it
  • LDAP auth only

Warning: it's impossible to use sansone.mib.infn.it with LDAP credentials from certain networks (e.g. unimib, eduroam). This configuration uses the non-standard port 1195/UDP, blocked on some networks. All other server/auth combinations may be used on said networks.

On this page you'll be able to download .ovpn configuration files for every VPN server. Some of them require the presence of additional files and/or slight edits to the configuration: all configurations with X.509 auth require that your personal certificate file, in the pkcs12 format (.p12 extension), be present in the same folder as the .ovpn file. You will also have to modify the .ovpn file itself, changing the line "pkcs12 cert.p12" and putting the name of your personal certificate file instead of "cert.p12".

These changes aren't necessary on Linux, as the personal certificate must be manually inserted during configuration.

Here you can find the .ovpn configuration files:

• sansone (LDAP)
  • sansone-LDAP-unified.ovpn
• sansone (X.509)
  • sansone-X509-unified.ovpn
• sette (LDAP)
  • sette-LDAP-unified.ovpn
• seven (X.509)
  • seven-X509-unified.ovpn

Here you can find instructions to use the .ovpn configuration files on various operating systems:

• Windows
• Linux (with NetworkManager)
• MacOS
• Android

Alternative Configuration (separate CA file)

• sansone (LDAP)
  • sansone-LDAP.ovpn
• sansone (X.509)
  • sansone-X590.ovpn
• sette (LDAP)
  • sette-LDAP.ovpn
• seven (X.509)
  • seven-X509.ovpn