Engineering-Tech Wiki

User Tools

Site Tools

You are here: start » auth » howto » linux » vpnclient
Trace:
auth:howto:linux:vpnclient

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
auth:howto:linux:vpnclient [2009/10/19 11:48] kohoferauth:howto:linux:vpnclient [2015/09/22 14:57] kohofer
Line 1: Line 1:
-===== VPN (Virtual Private Network) at the Free University of Bolzano/Bozen =====+====== VPN (Virtual Private Network) at the Free University of Bolzano/Bozen and EURAC ======
  
-==== Infos regarding the usage of VPN ====+===== Infos regarding the usage of VPN =====
  
 http://www.unibz.it/en/ict/ComputerInternet/network/vpn/default.html http://www.unibz.it/en/ict/ComputerInternet/network/vpn/default.html
  
-==== Instructions for Windows 2000, XP and VISTA ====+==== Instructions for Windows 7 - 32bit and 64bit ==== 
 http://www.unibz.it/en/ict/ComputerInternet/network/vpn/InstallationWindows.html http://www.unibz.it/en/ict/ComputerInternet/network/vpn/InstallationWindows.html
  
-==== Instructions for MacOS X 10.4 ==== +==== Official Instructions for MacOS X ====
-http://www.unibz.it/en/ict/ComputerInternet/network/vpn/InstallationMacOSX.html+
  
-==== Instructions for Linux Cisco VPN Client ====+Use [[https://itunes.apple.com/en/app/cisco-anyconnect/id392790924?mt=8|Cisco AnyConnect]] from Apple Store for iOS and connect via Browser to https://vpn.scientificnet.org for Mac OSX
  
-1. Download and install the kernel headers corresponding to the kernel in use. Some distributions name this package kernel-headers, others name it linux-headers:+=== Unsupported Instructions for MacOS X  and iOS - use at own risk! ===
  
-    # sudo apt-get install kernel-headers-`uname -r` +Download, unpack (doubleclick), then doupleclick the unpacked file to install it:
-or +
-    # sudo apt-get install linux-headers-`uname -r`+
  
-You can get the version of your kernel by issuing the following command:+{{:auth:howto:linux:vpn-scientificnet.org.networkconnect.zip|}}
  
-    # uname -a+Under Network settings new item should appear:
  
-A valid version number could be, for example, 2.6.12-9-386.+  * VPN (IPSec) 
 +  * change username to your username 
 +  * click Connect and enter your password
  
-2. Download and install the vpnclient:+=== Instructions for iOS 9 ===
  
-If kernel > 2.6.24-xx then download:+  - Press Settings 
 +  - Choose General 
 +  - Nearly at the end, click VPN 
 +  - Next click: Add VPN Configuration..
 +    **Type:** IPSec 
 +    - **Description:** VPN Scientificnet 
 +    - **Server:** vpn.scientificnet.org 
 +    - **Account:** <your-unibz-username> 
 +    - **Password:** <your-unibz-password> or leave empty to ask every time! 
 +    - **Group Name:** Unibz 
 +    - **Secret:** <file> 
 +NrW2z9sj8g3kjJrzXxJwRPbIRNInWakL 
 +</file> 
 +  - Press Done in upper right corner of window 
 +  - Status: Slide Button to the right to connect 
 +  - Enter Password if not already entered above
  
-https://pro.unibz.it/vpn/client/common/linux/vpnclient-linux-x86_64-4.8.01.0640-k9_2.6.24-xx.tar.gz+===== Instructions for Linux vpnc Client (recommended) =====
  
-otherwise download:+1. Install vpnc
  
-https://pro.unibz.it/vpn/client/common/linux/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz+  sudo aptitude install vpnc
  
-3Untar the source of vpnclient and install it+2For Unibz: 
-   Depending on the Linux Distribution you might need to install ''make'' and ''gcc-3.4''+ 
 +  * Create configuration file unibz.conf. Download from here: {{:auth:howto:linux:unibz.conf|}} 
 + 
 +2.a For Eurac: 
 + 
 +   * Create configuration file eurac.conf. Download from here: {{:auth:howto:linux:eurac.conf|}}
        
-   sudo apt-get install make gcc-3.4+<note important>IPSec obfuscated secret needs to be on a single line.</note> 
 +    
 +<note important>Replace <your-windows-login> with your username.</note>
  
-If kernel > 2.6.24-xx then 
  
-   # tar xfz vpnclient-linux-x86_64-4.8.01.0640-k9_2.6.24-xx.tar.gz+For Unibz:
  
-otherwise+  sudo vi /etc/vpnc/unibz.conf
  
-   tar xfz vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz+<code> 
 +####################################### 
 +IPSec gateway vpn.unibz.it 
 +IPSec ID Unibz 
 +IPSec obfuscated secret 06294C134E0BEBDA4B449B56BFD305D35D12DABF4044EDB6794926C2CA6D5AEDFE6342DF190E566EB11215DDC1591D5CB6ABEBEB593693C6D0B2077D78034B6AFEEA3221E77F4 
 +C9858DD711AA8DE58F6 
 +Xauth username <your-windows-login> 
 +####################################### 
 +</code>
  
-Next install/compile software:+apply this rights:
  
-   # cd vpnclient +  sudo chmod 600 /etc/vpnc/unibz.conf 
-     +   
-   # sudo ./vpn_install+  sudo chown root.root /etc/vpnc/unibz.conf
  
-You will get some messages and you will be requested to answer to some questions:+<code> 
 +sudo ls -l /etc/vpnc/unibz.conf 
 +-rw------- 1 root root 250 2009-05-02 15:54 /etc/vpnc/unibz.conf 
 +</code>
  
-    Directory where binaries will be installed [/usr/local/bin] <ENTER> +For Eurac:
-     +
-    Automatically start the VPN service at boot time [yes] no +
-     +
-    Directory containing linux kernel source code [/lib/modules/X.X.XX-X-XXX/build] <ENTER>+
  
-     +  sudo vi /etc/vpnc/eurac.conf
-You only have to modify the predefined answers if they do not correspond to your actual situation. +
-If everything works, you will see some compilation messages and then the installation program will stop.+
  
-4Download the unibz.pcf configuration file from the site of the university via web:+<code> 
 +####################################### 
 +IPSec gateway vpn.scientificnet.org  
 +IPSec ID Eurac 
 +IPSec obfuscated secret 56A1CD68CC3AD33B48DB0F727ADDBC0A354DE3287D15C8526ED4CEDE4BC2ACDD1BB2460BC2354671A405F6150EA7C294C4DBC4CF9FFE45873BECAD3A2A738C5053BE34F709D592B50AD5BC472CDFF350 
 +Xauth username <your-windows-login> 
 +####################################### 
 +</code>
  
-https://pro.unibz.it/vpn/profiles/unibz/Free%20University%20of%20Bozen-Bolzano.zip+apply this rights:
  
-5Unzip the configuration file and copy it to the correct location:+  sudo chmod 600 /etc/vpnc/eurac.conf 
 +   
 +  sudo chown root.root /etc/vpnc/eurac.conf
  
-    # unzip "Free University of Bozen-Bolzano.zip" +<code> 
-     +sudo ls -/etc/vpnc/eurac.conf 
-    # sudo cp "Free University of Bozen-Bolzano.pcf" /etc/opt/cisco-vpnclient/Profiles/unibz.pcf+-rw------- 1 root root 250 2009-05-02 15:54 /etc/vpnc/eurac.conf 
 +</code>
  
-6Initialize the vpnclient:+3Start vpnc
  
-    # sudo /etc/init.d/vpnclient_init start+For Unibz:
  
-7. You can now start the vpnclient using sudo:+  sudo vpnc-connect --domain unibz unibz
  
-    $ sudo vpnclient connect unibz+This will first ask for your sudo password and then 
 +your <unibz-password>
  
-You will see some messages and then you will be requested to insert your username and password:+For Eurac:
  
-    Cisco Systems VPN Client Version 4.8.01 (0640) +  sudo vpnc-connect --domain eurac eurac
-    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved. +
-    Client Type(s): Linux +
-    Running on: Linux 2.6.22-14-generic #1 SMP Tue Dec 18 08:02:57 UTC 2007 i686 +
-    Config file directory: /etc/opt/cisco-vpnclient+
  
-    Initializing the VPN connection. +This will first ask for your sudo password and then 
-    Contacting the gateway at 193.206.186.111 +your <eurac-password>
-    User Authentication for unibz...+
  
-    Enter Username and Password. 
  
-    Username []: X +4Stop vpnc
-    Password []: Z +
-    Authenticating user. +
-    Negotiating security policies. +
-    Securing communication channel.+
  
-    Your VPN connection is secure.+  sudo vpnc-disconnect
  
-    VPN tunnel information. 
-    Client address: 172.21.204.1 
-    Server address: 193.206.186.111 
-    Encryption: 128-bit AES 
-    Authentication: HMAC-SHA 
-    IP Compression: None 
-    NAT passthrough is active on port UDP 4500 
-    Local LAN Access is disabled 
  
-Please notice that you will have to leave the console open in order to have the VPN running.+==== Possible errors ====
  
-==== Instructions for Linux VPNC Client ====+If you get the following error:  **vpnc-connect: no response from target**\\ 
 +try adding the line below to your configuration file (unibz.conf)
  
-1. Install vpnc+**NAT Traversal Mode cisco-udp**
  
-  sudo aptitude install vpnc+----
  
-2. Config; create file unibz.conf+When one attempts to connect to their VPN after installing and configuring vpnc on Ubuntu Oneiric,\\ 
 +the following error occurs:
  
-  sudo vi /etc/vpnc/unibz.conf+<code> 
 +root@ubuntu:~# vpnc-connect 
 +Error: either "to" is duplicate, or "ipid" is a garbage. 
 +</code>
  
 +It appears that the Ubuntu package vpnc comes with an old version of vpnc-script.\\
 +This script is what sets up all the addresses and routes for you. The OpenConnect project\\
 +provides an updated / revised release of this script. Download the latest copy from [[http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script|here]].\\
 +Replace the vpnc-script script that comes with the Ubuntu vpnc package: /etc/vpnc/vpnc-script
 +
 +==== Decode Group Password ====
 +
 +[[https://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode|cisco vpnclient password decoder]]
 +
 +
 +===== Instructions for Linux Cisco AnyConnect Client =====
 +
 +=== Installation ===
 +
 +1. Open with your browser (tested with firefox 11.0) the following URL:
 +
 +https://vpn.scientificnet.org
 +
 +2. Enter your Username and password, then press **Login**
 +
 +3. A "Warning - Security" Windows opens: This will install the Cisco AnyConnect Client \\
 +in /opt/cisco of your Platform.
 +
 +4. Press **Run** on the "Warning - Security" Window
 +
 +{{:auth:howto:linux:cisco-anyconnect_1.png?direct&200}}
 +
 +5. In order to install Cisco AnyConnect, Admin (sudo) rights are required; a Window opens,\\
 +enter your local password.
 +
 +{{:auth:howto:linux:cisco-anyconenct_2.png?direct&200|}}
 +
 +6. The Cisco AnyConnect is installed and running, you can close the URL.
 +
 +{{:auth:howto:linux:cisco-anyconnect_3.png?direct&200|}}
 +
 +=== Launching Cisco AnyConnect GUI ===
 +
 +This allows you to connect and disconnect the VPN service.
 +
 +  /opt/cisco/anyconnect/bin/vpnui
 +
 +Please note the vpnagentd must be running for this
 +
 +  * ps auxww | grep vpn
 <code> <code>
-####################################### +root      1759  0.0  0.3  17984  7644 ?        S    12:58   0:00 /opt/cisco/anyconnect/bin/vpnagentd
-IPSec gateway vpn.unibz.it +
-IPSec ID Unibz +
-IPSec obfuscated secret 06294C134E0BEBDA4B449B56BFD305D35D12DABF4044EDB6794926C2CA6D5AEDFE6342DF190E566EB11215DDC1591D5CB6ABEBEB593693C6D0B2077D78034B6AFEEA3221E77F4 +
-C9858DD711AA8DE58F6 +
-Xauth username <your-windows-login> +
-#######################################+
 </code> </code>
  
-apply this rights:+=== Launching Cisco AnyConnect NON-GUI ===
  
-  sudo chmod 600 /etc/vpnc/unibz.conf +This allows you to connect and disconnect the VPN service
-   + 
-  sudo chown root.root /etc/vpnc/unibz.conf+  /opt/cisco/anyconnect/bin/vpn
  
 <code> <code>
-sudo ls -l /etc/vpnc/unibz.conf +Cisco AnyConnect Secure Mobility Client (version 3.0.5080) . 
--rw------- 1 root root 250 2009-05-02 15:54 /etc/vpnc/unibz.conf+ 
 +Copyright (c) 2004 2011 Cisco Systems, Inc. 
 +All Rights Reserved. 
 + 
 + 
 +  >> state: Disconnected 
 +  >> state: Disconnected 
 +  >> notice: Ready to connect. 
 +  >> registered with local VPN subsystem. 
 +VPN> connect vpn.unibz.it 
 +connect vpn.unibz.it 
 +  >> contacting host (vpn.unibz.it) for login information... 
 +  >> notice: Contacting vpn.unibz.it. 
 +VPN>  
 +  >> Please enter your username and password. 
 +    0) clientless 
 +    1) scientificnetwork 
 +Group: [clientless]  
 + 
 +Username: <your-username> 
 +Password:  
 +  >> state: Connecting 
 +  >> notice: Establishing VPN session... 
 +  >> notice: Checking for profile updates... 
 +  >> notice: Checking for product updates... 
 +  >> notice: Checking for customization updates... 
 +  >> notice: Performing any required updates... 
 +  >> state: Connecting 
 +  >> notice: Establishing VPN session... 
 +  >> notice: Establishing VPN Initiating connection... 
 +  >> notice: Establishing VPN Examining system... 
 +  >> notice: Establishing VPN Activating VPN adapter... 
 +  >> notice: Establishing VPN Configuring system... 
 +  >> noticeEstablishing VPN... 
 +  >> state: Connected 
 +  >> notice: Connected to vpn.unibz.it. 
 +VPN>exit 
 + 
 </code> </code>
  
-3. Start vpnc+=== Uninstalling the AnyConnect Client ===
  
-  sudo vpnc-connect unibz+The client comes with an uninstallation script
  
-This will first ask for your sudo password and then +  * sudo /opt/cisco/vpn/bin/vpn_uninstall.sh
-you <windows-password>+
  
-4. Stop vpnc+However it doesn't actually uninstall everything properly, it removes files but leaves behind directories.\\ 
 +You can clean up what it leaves behind by deleting the directory /opt/cisco/ and /opt/.cisco/ 
 + 
 +  * sudo rm -r /opt/cisco /opt/.cisco 
 + 
 +Per-user configuration is stored in your home directory in a file called .anyconnect 
 + 
 +===== Shrew Soft VPN Client Instructions for 32 or 64 bit version of Windows 2000, XP, Vista and 7 (recommened) ===== 
 + 
 +1. Go to http://www.shrew.net/home and download latest stable release of Shrew Soft VPN Client for Windows: http://www.shrew.net/download/vpn 
 + 
 +2. Download unibz profile (need to login with unibz login&password) 
 +https://pro.unibz.it/vpn/profiles/unibz/Free%20University%20of%20Bozen-Bolzano.zip 
 + 
 +3. Install Shrew Soft VPN Client for Windows 
 + 
 +4. Start Shrew Soft VPN Client, unzip unibz profile and Import in VPN client
  
-  sudo vpnc-disconnect 
  
- --- //[[kohofer@unibz.it|kohofer]] 2009/10/19 11:43// 
/data/www/wiki.inf.unibz.it/data/pages/auth/howto/linux/vpnclient.txt · Last modified: 2022/06/20 11:40 by kohofer