Access to Testbed

This page contains essential information about setting up your VPN connection to the ROCS testbed.

The testbed VPN is only reachable from the KAUST network. If you’re outside of KAUST, we first need to connect to the KAUST network. If you’re inside KAUST, you’re already connected to the KAUST network and can directly jump to Connect to the testbed VPN.

Access outside of KAUST

When you’re outside of KAUST, before you can connect to the testbed VPN we need to connect to the KAUST network using the KAUST VPN. In other words, if you’re outside of KAUST you need to use a nested VPN setup. This nested setup will require 2 different VPN clients.

Connect to the KAUST VPN

Before connecting to the KAUST VPN, make sure you have the Duo Mobile app configured. The KAUST VPN uses Duo for two factor authentication. If you haven’t setup your Duo app, look for an email with subject “KAUST 2FA Enrollment” or “KAUST Duo Security Enrolment”, on it you will find the steps to configure Duo.

1. Install VPN client

To connect to the KAUST network we recommend using the openconnect VPN client.
On Mac this can be installed with brew:

brew install openconnect

On Linux, use your package manager. If it’s Ubuntu:

sudo apt install openconnect

If you’re on Windows, we recommend using WSL and following the Ubuntu setup.

2. Connect to the KAUST VPN

Once you have openconnect installed, connect to the KAUST VPN by running this command with your KAUST username:

sudo openconnect vpn.kaust.edu.sa --authgroup=Students --user=<KAUST_username>

If you are not an internal KAUST student, pick the appropriate --authgroup:

GROUP: [Contractor-Consultant|External-Users|Faculty-Researcher|Staff|Students|Tahawul]

External students -> External-Users
PostDoc -> Faculty-Researcher

When you execute the command, you are first prompted for your local user password for sudo privileges. After that, the command will print some output and then prompt you again.

...
DUO Passcode options:
1. Type 6 digit Passcode.
2. Type "push" to get a Duo Mobile app prompt.
3. Type "sms" to receive text passcodes.
If you are not enrolled, please contact the IT Help Desk at +966128080900 or email ithelpdesk@kaust.edu.sa
Please enter your username and password.
Password:

Follow these steps:

  1. Ignore the prompt for username, we don’t need to type it as we already specified it in the command.
  2. Type your KAUST password.
  3. After that you will get a second password prompt. This one is for DUO. We recommend using the 2nd DUO Passcode option you see above and typing “push” in the password prompt. This will send you an approve/deny prompt to your Duo Mobile App.

If the authentication is successful, the command will print more output.

3. Confirm connection

You can confirm the connection was successful if you see welcome banner below. It’s safe to ignore the error at the end of the output. If instead, you find that you don’t see the banner, please reach out.

Connect Banner:
| Welcome to the KAUST VPN
...
add host 109.171.130.10: gateway 192.168.213.76
add net 10.152.64.0: gateway 10.152.81.186
delete net default: gateway 192.168.213.76
add net default: gateway 10.152.81.186
 is not a recognized network service.
** Error: The parameters were not valid.

Once connected, the VPN connection remains open unless you terminate the openconnect process or close the associated terminal window.

Now that you’re connected to the KAUST network, you can proceed to connect to the testbed VPN in the next section.

Connect to the Testbed VPN

The testbed operates under a private network. Access to the network is gated through our VPN server in mcmgt02. To connect to the VPN, you need to configure a VPN client with a provided VPN configuration file.

1. Install VPN client

There are several VPN clients available. Here’s what we’ve tested that works depending on Operating System:

  • Mac: Tunnelblick
  • Linux/Ubuntu: OpenVPN.
    • Install it with your package manager sudo apt install openvpn
    • Note: openvpn3 won’t work
  • Windows: Use WSL and follow the Linux approach

2. Configure and connect the ROCS testbed VPN

Once the VPN client is installed, it needs to be configured. The VPN configuration will be shared through the The ML Hub Slack. Make sure to join this Slack instance if you haven’t already. If you’ve already joined the channel and haven’t received the configuration, please ask.

The configuration is shared in the form of a zip file. Once you received the zip follow these steps:

  1. Download and unzip the zip shared over Slack. In the unzipped folder there should be a single file called mcmgt02.ovpn. This is the VPN configuration file. It also includes your private key and certificate.
  2. Import mcmgt02.ovpn into your VPN client.
  • Tunnelblick: open Tunnelblick, click the “VPN details” menu, drag the mcmgt02.ovpn to the configuration tab on the left, click connect.
  • OpenVPN: run the command: 
    sudo openvpn mcmgt02.ovpn

3. Test connection

With the VPN configured and connected, check if the VPN is working properly by pinging a node inside the testbed.

# IP of mcmgt01
ping 172.18.0.10

If the ping is successful, congratulations! You now have access to the testbed.
If instead, you find that you can’t ping the node, please reach out.

IMPORTANT

At this point, if the VPN connection works, that is great. But before you use the testbed, you MUST read the Testbed info page in full.

Remember to use Trello for coordination.

Previous
Next
Last updated on Apr 25, 2024