Skip to content

OpenVPN OKTA Client

Archived (pre-2022)

Preserved for reference only -- likely outdated. View original | Last updated: July 2020

Import configuration to tunnelblick openvpn client. Make sure you have following setting: 1. Main window image2019-8-13_10-39-9.png 2. Advanced settings - Connecting & Disconnecting image2019-8-13_10-40-27.png Create ticket for Office IT to provide you access to RND OpenVPN. After access provided and your client is installed and configured you can connect by using your OKTA login and OKTA MFA code as a one time password. Possible problems - OpenVPN server pushes to your client two dns servers: 10.37.139.209, 10.37.143.233. If client was successfully connected but you can't reach servers try to check if dns works: This is proper answer

> nslookup imply.prd-aws.fyber.com Server: 10.37.139.209 Address: 10.37.139.209#53 Non-authoritative answer: imply.prd-aws.fyber.com canonical name = internal-imply-production-1-2058265509.eu-west-1.elb.amazonaws.com. Name: internal-imply-production-1-2058265509.eu-west-1.elb.amazonaws.com Address: 10.37.28.62 Name: internal-imply-production-1-2058265509.eu-west-1.elb.amazonaws.com Address: 10.37.11.158 Name: internal-imply-production-1-2058265509.eu-west-1.elb.amazonaws.com Address: 10.37.1.239
If you got something like this: 
> nslookup imply.prd-aws.fyber.com Server: 8.8.8.8 Address: 8.8.8.8#53 ** server can't find eng001.prd.fyber.com: NXDOMAIN
Then DNS server were not automatically configured on you machine because of different causes. - After connecting to OpenVPN internet stoped working. This happens because you client configured to redirect all traffic through openvpn server, this won't work as it configured to route only predefined subnets for our infrastructure. You should disable this and then you can use both internet and access to servers. For example it tunnelblick you should disable checkbox 'Route all IPv4 traffic through VPN' Screenshot 2019-07-30 at 12.03.48.png Client installationMacos Use tunnelblick (recommended): Downloads Linux - standard openvpn client for linux - network manager If you use ubuntu 18.04 with systemd-resolved use this to make dns push work: Ubuntu 18 04 No Dns Resolution When Connected To Openvpn For Debian distros, if you're having problems you might need to do this: 1. sudo apt-get install resolvconf openvpn-systemd-resolved 2. Edit your .ovpn file by adding those lines at the end: - 
script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf ;up /etc/openvpn/update-systemd-resolved ;down /etc/openvpn/update-systemd-resolved down-pre dhcp-option DOMAIN-ROUTE .
- for Ubuntu systems and others that are using resolved just comment resolv-conf and uncomment systemd-resolved lines How to connect: - unpack archive with certs on config (*.ovpn file) - install openvpn client - import config with ovpn extension - edit /etc/systemd/resolved.conf and change the lines starting with DNS and Domains, to the following: 
DNS=10.37.139.209 Domains=~consul ~prd.fyber.com ~prd-aws.fyber.com ~eu-west-1.compute.internal ~ovpn
- open VPN settings in network manager and, in the IPv4 tab, check the Use this connection only for resources on its network. Windows - use OpenVPN client for Windows from Community Downloads - (as admin) create the config (see first step) with ovpn extension under "C:\Program Files\OpenVPN\config", the name you use will appear in the list of available VPNs later - put certificate (ca.crt) in the same place, if you need to rename it you have to adjust ovpn config - when you connect you will be prompted for user name and password: - user name is your Fyber email address - password is your OKTA OTP code - note: VPN connection will also be available in a VM, at least if you use NAT for its netwrok adapter List of URLs for VPN See a complete list here.