Versions Compared

Version Old Version 9 New Version Current
Changes made by

Daniel Arroyo

Daniel Arroyo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Connect via the PriTunl Client

Note

The Profile URI Link on the login page only lasts a few minutes, so unless you're really fast, you'll have to log in a second time. The instructions will guide you through that.

  1. Go to pritunl.allenai.org

  2. Select Sign in with Google

    Image Removed

  3. Select your @allenai.org GSuite account

  4. You should already have Pritunl installed in the Applications folder on your AI2 Mac, but if needed click Download Client, and select the appropriate version:

    • If you’re not sure what version to install you can check your type under Apple > About this Mac

      Image Removed

    • Intel Machines will list chip as “Intel i9” or similar

    • Apple Silicon machines will list chip as “Apple M1” or similar

    • The Windows installer will work on any modern version of Windows

  5. Close the pritunl.allenai.org browser tab (see note above as to why)

  6. Go back to pritunl.allenai.org and click Sign in with Google again

  7. Copy the Profile URI Link

    Image Removed

  8. Open the PriTunl client on your machine from Applications > PriTunl

  9. Select Import

  10. Paste the URI and press Import

    1. If this fails, go back to pritunl.allenai.org and click Show More > and download the VPN profiles directly.

      Image Removed

    2. Now open PriTunl, click Import, browse to the downloaded profile and click Import

  11. On the current version of of Pritunl you can click Connect directly on the appropriate profile (see below), but if using an older version you may need to click the “hamburger” icon on the profile to see Connect

Info

You will see three AI2 VPN profiles in the Pritunl client:

pritunl.allenai.org - This profile is intended for computers running MacOS. It will only route traffic destined for the corporate network through the VPN. All other traffic will continue to route through your local network.

pritunl.allenai.org-alltraffic - This profile is intended for computer running MacOS. This will route all traffic through the VPN. Some project team members (formerly VPT) may need this to connect to cloud resources.  Use this only if you require it.

pritunl.allenai.org-windows - This profile is specifically configured to be used on Windows computers. It will only route traffic destined for the corporate network through the VPN. All other traffic will continue to route through your local network.

Troubleshooting

...

401: Unauthorized - Make sure you are logging in with your http://allenai.org email address, not a personal email address

...

Connecting to Tailscale

  1. Disconnect from and exit any VPNs that might already be running (other than Tailscale)

  2. If you are on an AI2-managed Mac, go to your Applications folder and open Tailscale. Otherwise, download Tailscale from https://tailscale.com/download and launch the app. It will launch to your top menu bar.

  3. Click the Tailscale icon in the menu bar and click Log in…

  4. Choose Sign in with Google and authenticate with Google/Okta

  5. Click the Connect button to add your device to the AI2 Tailscale network

  6. Now that you’ve signed in and added your machine, Tailscale will automatically launch itself on startup and will stay connected unless you manually disconnect. 

 

There are three ways to reach resources through Tailscale:

  • You can access all resources on the AI2 network using the FQDN, e.g. allennlp-cirrascale-01.reviz.ai2.in. This includes hardware and cloud resources on our networks that are not directly running Tailscale. 

  • For a resource running Tailscale directly, you can use its Tailscale name, which is the hostname portion of the FQDN, e.g. allennlp-cirrascale-01. This name resolves to its Tailscale IP address. You can see a list of available resources in the Tailscale app under Network Devices - Tagged Devices.

  • If you click the name of a resource in the Network Devices - Tagged Devices list in the Tailscale app, it will copy the Tailscale IP address of the resource to your clipboard and can be pasted wherever you need.

    Image Added

Troubleshooting

  • If you are unable to connect to resources while on Tailscale or unable to connect to the internet, exit Tailscale completely from the application icon, then re-launch. This causes a number of resets and will resolve most connection issues.

    Image Added

  • If unable to connect to a resource using its FQDN, try using its Tailscale name, e.g. prior-elanding-75 

    • This is particularly helpful if you are connecting from a hotel, university, or other corporate location, as oftentimes their IP address range conflicts with ours. When using Tailscale hostnames, it uses a reserved IP range, so you will never encounter conflicts with your local network.

  • If unable to access a resource using its Tailscale name, try using its FQDN, e.g. prior-elanding-75.reviz.ai2.in

    • These two methods take different routes, so often if one is not routing properly, the other will work