Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

So once you are granted administratively access to the testbed, a vpn configuration file is provided to you. The vpn is based on openvpn and any Operating service can be used to connect to it. In particular if you are working from a linux system you can use the following command to connect to it and you should get some output similar to the one you can see below


$ sudo openvpn --verb 3 --config youruserfile.ovpn
user.ovpn [sudo] password for user: Mon Jun 1 15:38:44 2020 OpenVPN 2.4.9 [git:makepkg/9b0dafca6c50b8bb+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Mon Jun 1 15:38:44 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Mon Jun 1 15:38:44 2020 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Jun 1 15:38:44 2020 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Jun 1 15:38:44 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]150.254.160.131:1194
Mon Jun 1 15:38:44 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jun 1 15:38:44 2020 UDP link local (bound): [AF_INET][undef]:1194
Mon Jun 1 15:38:44 2020 UDP link remote: [AF_INET]150.254.160.131:1194
Mon Jun 1 15:38:44 2020 TLS: Initial packet from [AF_INET]150.254.160.131:1194, sid=b5d0dcc3 12d2a696
Mon Jun 1 15:38:44 2020 VERIFY OK: depth=1, CN=sts-ca, C=PL, ST=Poznan, L=Poznan, O=PSNC, OU=PLLAB
Mon Jun 1 15:38:44 2020 VERIFY KU OK
Mon Jun 1 15:38:44 2020 Validating certificate extended key usage
Mon Jun 1 15:38:44 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Jun 1 15:38:44 2020 VERIFY EKU OK
Mon Jun 1 15:38:44 2020 VERIFY X509NAME OK: CN=sts-vpn.nmaas.eu, C=PL, ST=Poznan, L=Poznan, O=PSNC, OU=PLLAB
Mon Jun 1 15:38:44 2020 VERIFY OK: depth=0, CN=sts-vpn.nmaas.eu, C=PL, ST=Poznan, L=Poznan, O=PSNC, OU=PLLAB
Mon Jun 1 15:38:44 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mon Jun 1 15:38:44 2020 [sts-vpn.nmaas.eu] Peer Connection Initiated with [AF_INET]150.254.160.131:1194
Mon Jun 1 15:38:45 2020 SENT CONTROL [sts-vpn.nmaas.eu]: 'PUSH_REQUEST' (status=1)
Mon Jun 1 15:38:45 2020 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.99.1,topology subnet,ping 10,ping-restart 60,route 192.168.113.0 255.255.255.0 192.168.99.1,ifconfig 192.168.99.22 255.255.255.0,peer-id 9,cipher AES-128-GCM'
Mon Jun 1 15:38:45 2020 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jun 1 15:38:45 2020 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jun 1 15:38:45 2020 OPTIONS IMPORT: route options modified
Mon Jun 1 15:38:45 2020 OPTIONS IMPORT: route-related options modified
Mon Jun 1 15:38:45 2020 OPTIONS IMPORT: peer-id set
Mon Jun 1 15:38:45 2020 OPTIONS IMPORT: adjusting link_mtu to 1625
Mon Jun 1 15:38:45 2020 OPTIONS IMPORT: data channel crypto options modified
Mon Jun 1 15:38:45 2020 Data Channel: using negotiated cipher 'AES-128-GCM'
Mon Jun 1 15:38:45 2020 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Jun 1 15:38:45 2020 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Jun 1 15:38:45 2020 ROUTE_GATEWAY 192.168.18.1/255.255.255.0 IFACE=wlan0 HWADDR=64:80:99:97:d6:d2
Mon Jun 1 15:38:45 2020 TUN/TAP device tun0 opened
Mon Jun 1 15:38:45 2020 TUN/TAP TX queue length set to 100
Mon Jun 1 15:38:45 2020 /usr/bin/ip link set dev tun0 up mtu 1500
Mon Jun 1 15:38:45 2020 /usr/bin/ip addr add dev tun0 192.168.99.22/24 broadcast 192.168.99.255
Mon Jun 1 15:38:46 2020 /usr/bin/ip route add 192.168.113.0/24 via 192.168.99.1
Mon Jun 1 15:38:46 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jun 1 15:38:46 2020 Initialization Sequence Completed



At

...

this

...

point

...

you

...

shall

...

be

...

able

...

to

...

reach

...

the

...

services

...

provided

...

by

...

the

...

NMaaS

...

,

...

in

...

particular,

...

our

...

booking

...

service

...

at https://p4-bkd-srv.rare.nmaas.eu

Providing your public SSH Key

Access to the bastion and also to the devices capable of building and running p4 programs is available through ssh connectivity employing asymmetric keys.