6.1.9. Agent VPN Connection

6.1.9.1. Connect to VPN using OpenVpn

OpenVPN has been used as client for VPN connection. It is an application that must be installed apart from the Agent and we must know its directory to be able to run it.

The whole process explained below will only be executed when the user wants to connect to a VPN from the Agent application. That is, the data has already been entered and the user has clicked on the connect button.

Internal execution of OpenVPN in the program:

To start OpenVPN from the Agent, we first need to kill all OpenVPN processes. After this, we can start the OpenVPN program as a new process executing the following command: path/to/openvpn –config {ovpnFilePath} –management {IP} {port} The config parameter is useful for specifying the path to the .ovpn file that contains the VPN data, such as the IP. The management parameter will indicate the IP address and the port on which this connection with the OpenVPN will start. The port can be configured from appsettings.json in the path where the Agent application is installed.

The next step is to check that OpenVPN has indeed started and returns a banner and a status via TCP connection to the address (default is loopback) and the port (default is 7506) passed by parameter in the OpenVPN execution. Then, if everything is correct, it is possible to start a connection to a VPN through username and password. The steps are as follows:

  1. Get banner: Wait to receive “username/passwordrn”, which would mean that we already have the entire banner.

  2. Get state: Send “staten” and wait to receive “rnENDrn”.

  3. Check that the status information contains the string “CONNECTING”. In that case, the connection to OpenVPN is successful.

  4. We send “username Auth” {name} “rn” and wait to receive a message that starts with the string “SUCCESS:”.

  5. We send “password Auth” {password} “rn” being the parameter {password} with OTP or without OTP, and we wait to receive again a message that starts with the string “SUCCESS:”.

  6. Get the state again by sending “staten” and now it is expected to receive “CONNECTED, SUCCESS” as part of the content.

In this case, the connection to the VPN is successful. In the event that any of the OpenVPN responses are not what we expect, then an error will be displayed in the user interface. If everything went well, the new connected status will be shown to the user.

6.1.9.1.1. VPN Notifications

The Agent has real app notifications for Windows, Linux, and MacOS displaying alerts about VPN lost connections. When the connection is reestablished, the message is removed. You can enable the Agent notifications in the notification center of your operating system.

In the case of MacOS, the app also requires you to allow notifications. After installing the Agent, a notification pop-up will ask you to allow OpenNAC Agent notifications when you open it for the first time. Click on allow in the “options” drop-down menu to start receiving the Agent alerts.

6.1.9.1.2. Sequence diagram of the whole process:

../../_images/agent_openvpn.png