Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 4 Next »

AI2 has two VPN options available: PriTunl and TunnelBlick. PriTunl is the preferred option, only use TunnelBlick if something prevents you from using PriTunl.

MacOS/Windows:

Connect via the PriTunl Client

The Profile URI Link on the login page only lasts a few minutes, so unless you're really fast, you'll have to log in a second time. The instructions will guide you through that.

  1. Go to pritunl.allenai.org

  2. Select Sign in with Google

  3. Select your @allenai.org GSuite account

  4. Select Download Client, follow the installation instructions

  5. Close the pritunl.allenai.org browser tab (see note above as to why)

  6. Go back to pritunl.allenai.org and log in again

  7. Open the Pritunl application

  8. Copy the Profile URI Link

  9. Start the PriTunl client (if it hasn't already been started)

  10. Select Import Profile URI

  11. Paste the URI and press Import

  12. You can use the “hamburger” menu in the top right corner of each profile to connect to and disconnect from the VPN.

You will see three AI2 VPNs in the Pritunl client:

pritunl.allenai.org - This profile is intended for computers running MacOS. It will only route traffic destined for the corporate network through the VPN. All other traffic will continue to route through your local network.

pritunl.allenai.org-alltraffic - This profile is intended for computer running MacOS. This will route all traffic through the VPN. Some project team members (formerly VPT) may need this to connect to cloud resources.  Use this only if you require it.

pritunl.allenai.org-windows - This profile is specifically configured to be used on Windows computers. It will only route traffic destined for the corporate network through the VPN. All other traffic will continue to route through your local network.

Additional Windows Step:

If you are using a Windows laptop, choose the pritunl.allenai.org-windows profile and click the three line “hamburger” icon then click “Autostart Off” and select “On.” This will set your VPN to an always-on “system” profile and allow the laptop to check in to sync your account information and keep your account active. If this is not set, your laptop will not be able to check in periodically and Windows will auto-lock all accounts.

MacOS (Alternate Setup)

Connect via Tunnelblick (MacOS Only)

  1. Install the Tunnelblick (MacOS) client (you may skip this step if it's already installed)

    1. Skip the config file installation if asked - that comes later

  2. Go to pritunl.allenai.org

  3. Select Sign in with Google

  4. Select your @allenai.org GSuite account

  5. Select Show More

  6. Select Download Profile (pritunl.allenai.org) (the thin, blue option)

  7. Download the .ovpn file and open it

Tunnelblick/OpenVPN will guide you through the rest of the installation. If you have issues installing the client or messages appear when connecting, see the Troubleshooting section below.

Windows (Alternate Setup)

Although we don't officially support Windows, we've provided the following instructions to assist you

Installing the Windows OpenVPN Client

  1. Download the OpenVPN client. Use the default settings except for the following:
    Uncheck, "Add Shortcuts to Start Menu"

  2. Unzip config you were given from above instructions and move all the files inside the config.tblk\ or AllenAI.tblk\ directory into in \ProgramFiles\OpenVPN\config\

    1. If your computer doesn't have an 'unzip' program, use 7Zip

  3. Restart the computer. If you really don't want to restart the computer, you can just restart the service (if you know how) but restarting the computer is just easier.

  4. You now have a new icon on your taskbar called OpenVPN GUI. Right click on it and 'Connect' or 'Disconnect'.

  5. To connect to the VPN, you must run OpenVPN as administrator

Optionally, you can remove:

OpenVPN Connect - just get rid of it 'cause we don't use it. Remove it from the desktop, start menu, taskbar - everywhere.

OpenVPN GUI - Remove it from everywhere except the taskbar.

Options and Troubleshooting:


Routing All Traffic Through the VPN

If you want to route all traffic over the VPN, make a copy of the configuration as follows (Tunnelblick instructions):

  1. Click the Tunnelblick icon and select "VPN Details..."

  2. Select "AllenAI", click the gear icon on the bottom of the list and choose "Duplicate Configuration..."

  3. Select the new configuration and press the "Advanced..." button

  4. Press the "While Connected" tab and click the "Route all traffic through the VPN" checkbox

  5. Close the windows and connect


Problem Loading System Extension

If you get one of the following messages:

  • Tunnelblick was not able to load a system extension that is needed to connect to ...

  • System Extension Blocked: A program tried to load new system extension(s) signed by "Jonathan Bullard"

Follow the instructions here to resolve the problem. (H/T Miles)

Tunnelblick Connection Messages

If you get a message that complains about one of the following, you may ignore it:

  • comp-lzo compression deprecation

  • Apparent IP address changing or not changing


Error when trying to log in to pritunl.allenai.org

401: Unauthorized - Make sure you are logging in with your http://allenai.org email address, not a personal email address

403: Forbidden - Your account most likely has not been enabled. Please reach out to IT and request your account be enabled in Pritunl

  • No labels