The following instructions should allow you to connect to the PRISM lab from your home computer. If you have any questions, please contact Pierre or Ka Lun.If you have a VPN connection configured from the old style (no certificate file), please delete that. It will no longer work.
Creating the OpenVPN Certificate
The VPN now uses "certificates," files signed by the server (and protected with a password) to establish a secure connection. This gives end-to-end encryption, and is an improvement over the old system.
These certificates must be created by Ka Lun or Pierre. Please stop by our desks, and we will gladly create one for you. You will be prompted for a password: this password does not need to match your BRI password (although that might make it easy to remember), and is solely for VPN connections.
If you ever lose your OpenVPN certificate, or suspect that someone else has gained access to it, you must inform Pierre or Ka Lun immediately. Failure to do so may result in the loss of VPN privileges.
If you ever forget your VPN password, you will need to generate a new certificate.
Downloading the OpenVPN Certificate
After you generate a certificate with Ka Lun or Pierre, it will appear as a file named [username].ovpn on your T: drive. You will need to download this to the computer from which you will be connecting remotely. You should take reasonable precautions to ensure the security of this certificate (i.e., don't share it with anyone), so we recommend downloading it in one of four ways.
Once you chosen a method and transferred your [username].ovpn file to your computer, you do not need to follow any further instructions in this section.
1. From the Netowrk
If you have your laptop at Holland Bloorview, and are able to access your T: drive with it, you can just copy [username].ovpn to your computer.
2. Via USB
Simply transfer the certificate to a USB stick, so that you can copy it onto your computer
3. Via Email
Email yourself the certificate (attach it to an email, and send it)
4. Via Secure Download
(NOTE: This is the most cumbersome method, but also the most secure. If we ever have to send you your certificate as well as a password, for example, if you aren't around when we generate your certificate, this is the approach that you must follow.)
- Install CyberDuck (https://cyberduck.io/?l=en)
- Launch the software, and select "Open Connection", in the top-left corner
- Specify the file protocol ("SFTP (SSH File Transfer Protocol)"), server (vpn.prismlab.org), username and password
- Click "Connect"
- Allow the unknown fingerprint
- Make sure that your remote folder is /home/[username] - if you have an existing profile, this may have changed.
- Find your file ([username].ovpn) and download it to a convenient location on your computer. You will move this to its proper folder in a next step.
Creating the VPN Connection (Windows)
- Download the OpenVPN Client software (look for "Installer, Windows Vista and Later").
- Run the installer. Remember where you installed OpenVPN to (default is C:\Program Files\OpenVPN)
- Copy the certificate you downloaded in the previous step ([username].ovpn), and paste it into the "config" subfolder of your installation (Typically, C:\Program Files\OpenVPN\config)
- You're ready to go! Run OpenVPN, which will create an icon in your task bar, in the system notification area (near the clock). Double-click the icon to bring up the UI, and click "Connect." You will be prompted for your password.
- To disconnect, double-click the Taskbar icon, and click "Disconnect" (or right-click and select "Exit").
Creating the VPN Connection (OS X)
- Browse to Tunnelblick, and download and install the latest stable release:
- We recommend that you check for updates automatically.
- Do not check for a change to IP address.
- Click on "I have configuration files"
- You will be prompted where you want the icon. Choose whichever you prefer.
- There should now be a Tunnelblick icon along the menu bar at the top of your screen. Drag and Drop your [username].ovpn file onto this icon.
- You can select "All Users" or "Only Me". We recommend "Only Me."
- To connect to the VPN, click on the Tunnelblick icon, and select "Connect [username]"
- DO NOT save the password in your keychain.
- If prompted, select "Always use the plugin"
- You can ignore any warnings about your public IP address not changing.
- To disconnect, Select the Tunnelblick icon and choose "Disconnect [username]"
Accessing your files (Windows)
To access the files on your P: drive or T: drive, simply open My Computer, select the address bar and replace the text with either
\\10.191.148.8\prismdrive [or propeldrive, or pearldrive]
(The first one will give you the P: drive, the second will give you your personal T: drive. Please make sure to substitute your username for [username].)
You will be prompted for a username and password. Please note: these are your (BRI) network username and password (not your VPN password).
Accessing your files (OS X)
|0. NB: These instructions have changed, but I haven't had a chance to update the graphics. For "dragon6", please substitute "dragon7".|
|1. In Finder, go to the Go menu and select Connect to Server...|
|2. Under Server Address, specify smb://dragon6. If you like, you can press the "+" button to save this server as a favorite, to save you typing it in next time.|
|3. You will be prompted for your network credentials. Make sure to check "Registered User"; enter your PRISM lab username and password, and please do not check the "Remember this password..." checkbox.|
|If you authenticate successfully, you will be shown a list of shares. Your T: drive is the share with the same name as your username; the P: drive is the one named prismdrive. Select the share(s) that you want to connect to, and hit "OK".|
Connecting to your computer (Windows / OS X)
In order to connect to your PRISM Lab computer, the following statements must all be true:
- My PRISM Lab computer is on. It is not asleep.
- I know my PRISM Lab computer's IP address.
If you do not know your computer's IP address, you can SSH to vpn.prismlab.org and run "find_computer" to get a best-guess. If you know your computer's name, you can run "find_computer [computer name]" (no quotes) for an even better guess.
- I am successfully connected to the PRISM lab VPN.
To connect to your computer, simply fire up your Microsoft Remote Desktop application (come see Pierre or Ka Lun if you're not sure where or what that is), and point it at the correct IP address.