Differences

This shows you the differences between two versions of the page.

--- auth:howto:linux:vpnclient [2010/08/30 17:12] – kohofer
+++ auth:howto:linux:vpnclient [2012/04/05 14:00] – [Instructions for Linux Cisco AnyConnect Client (recommened)] kohofer
@@ Line 1: / Line 1: @@
-===== VPN (Virtual Private Network) at the Free University of Bolzano/Bozen =====
+====== VPN (Virtual Private Network) at the Free University of Bolzano/Bozen ======
-==== Infos regarding the usage of VPN ====
+===== Infos regarding the usage of VPN =====
 http://www.unibz.it/en/ict/ComputerInternet/network/vpn/default.html
-==== Instructions for Windows 2000, XP and VISTA ====
+==== Instructions for Windows 2000, XP, VISTA and 7 - 32bit and 64bit ====
 http://www.unibz.it/en/ict/ComputerInternet/network/vpn/InstallationWindows.html
@@ Line 11: / Line 12: @@
 http://www.unibz.it/en/ict/ComputerInternet/network/vpn/InstallationMacOSX.html
-==== Instructions for Linux VPNC Client (recommened) ====
+==== Instructions for MacOS X 10.6 ====
-. Install vpnc
+There is no need to install a Client, simply install (doubleclick) the\\
+following file:
-  sudo aptitude install vpnc
+{{:auth:howto:linux:unibz.networkconnect.zip|}}
-. Create configuration file unibz.conf.
+===== Instructions for Linux Cisco AnyConnect Client (recommened) =====
-   Please Note: IPSec obfuscated secret ... needs to be on a single line. Replace <your-windows-login> with your username.
-  sudo vi /etc/vpnc/unibz.conf
+=== Installation ===
-<code>
+. Open with your browser (tested with firefox 11.0) the following URL:
-#######################################
-IPSec gateway vpn.unibz.it
-IPSec ID Unibz
-IPSec obfuscated secret 06294C134E0BEBDA4B449B56BFD305D35D12DABF4044EDB6794926C2CA6D5AEDFE6342DF190E566EB11215DDC1591D5CB6ABEBEB593693C6D0B2077D78034B6AFEEA3221E77F4
-C9858DD711AA8DE58F6
-Xauth username <your-windows-login>
-#######################################
-</code>
-apply this rights:
+https://vpn.scientificnet.org
-  sudo chmod 600 /etc/vpnc/unibz.conf
+. Enter your Username and password, then press **Login**
-  sudo chown root.root /etc/vpnc/unibz.conf
-<code>
+. A "Warning - Security" Windows opens: This will install the Cisco AnyConnect Client \\
-sudo ls -l /etc/vpnc/unibz.conf
+in /opt/cisco of your Platform.
--rw------- 1 root root 250 2009-05-02 15:54 /etc/vpnc/unibz.conf
-</code>
-. Start vpnc
+. Press **Run** on the "Warning - Security" Window
-  sudo vpnc-connect unibz
+. In order to install Cisco AnyConnect, Admin (sudo) rights are required; a Window opens,\\
+enter your local password.
-This will first ask for your sudo password and then
+. The Cisco AnyConnect is installed and running, you can close the URL.
-you <windows-password>
-. Stop vpnc
+=== Launching Cisco AnyConnect GUI ===
-  sudo vpnc-disconnect
+This allows you to connect and disconnect the VPN service.
+  /opt/cisco/anyconnect/bin/vpnui
-==== Instructions for Linux Cisco VPN Client ====
+Please note the vpnagentd must be running for this
-. Download and install the kernel headers corresponding to the kernel in use. Some distributions name this package kernel-headers, others name it linux-headers:
+  * ps auxww | grep vpn
+<code>
+root      1759  0.0  0.3  17984  7644 ?        S    12:58   0:00 /opt/cisco/anyconnect/bin/vpnagentd
+</code>
-    # sudo apt-get install kernel-headers-`uname -r`
+=== Launching Cisco AnyConnect NON-GUI ===
-or
-    # sudo apt-get install linux-headers-`uname -r`
-You can get the version of your kernel by issuing the following command:
+This allows you to connect and disconnect the VPN service.
-    # uname -a
+  * /opt/cisco/anyconnect/bin/vpn
-A valid version number could be, for example, 2.6.12-9-386.
+<file>
+Cisco AnyConnect Secure Mobility Client (version 3.0.5080) .
-. Download and install the vpnclient:
+Copyright (c) 2004 - 2011 Cisco Systems, Inc.
+All Rights Reserved.
-If kernel > 2.6.24-xx then download:
-https://pro.unibz.it/vpn/client/common/linux/vpnclient-linux-x86_64-4.8.01.0640-k9_2.6.24-xx.tar.gz
+  >> state: Disconnected
+  >> state: Disconnected
+  >> notice: Ready to connect.
+  >> registered with local VPN subsystem.
+VPN> connect vpn.unibz.it
+connect vpn.unibz.it
+  >> contacting host (vpn.unibz.it) for login information...
+  >> notice: Contacting vpn.unibz.it.
+VPN>
+  >> Please enter your username and password.
+) clientless
+) scientificnetwork
+Group: [clientless]
-otherwise download:
+Username: <your-username>
+Password:
+  >> state: Connecting
+  >> notice: Establishing VPN session...
+  >> notice: Checking for profile updates...
+  >> notice: Checking for product updates...
+  >> notice: Checking for customization updates...
+  >> notice: Performing any required updates...
+  >> state: Connecting
+  >> notice: Establishing VPN session...
+  >> notice: Establishing VPN - Initiating connection...
+  >> notice: Establishing VPN - Examining system...
+  >> notice: Establishing VPN - Activating VPN adapter...
+  >> notice: Establishing VPN - Configuring system...
+  >> notice: Establishing VPN...
+  >> state: Connected
+  >> notice: Connected to vpn.unibz.it.
+VPN>exit
-https://pro.unibz.it/vpn/client/common/linux/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
-. Untar the source of vpnclient and install it.
+</file>
-   Depending on the Linux Distribution you might need to install ''make'' and ''gcc-3.4''
-   sudo apt-get install make gcc-3.4
-If kernel > 2.6.24-xx then
+=== Uninstalling the AnyConnect Client ===
-   # tar xfz vpnclient-linux-x86_64-4.8.01.0640-k9_2.6.24-xx.tar.gz
+The client comes with an uninstallation script
-otherwise
+  * sudo /opt/cisco/vpn/bin/vpn_uninstall.sh
-   # tar xfz vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
+However it doesn't actually uninstall everything properly, it removes files but leaves behind directories.\\
+You can clean up what it leaves behind by deleting the directory /opt/cisco/ and /opt/.cisco/
-Next install/compile software:
+  * sudo rm -r /opt/cisco /opt/.cisco
-   # cd vpnclient
+Per-user configuration is stored in your home directory in a file called .anyconnect
-   # sudo ./vpn_install
-You will get some messages and you will be requested to answer to some questions:
-    Directory where binaries will be installed [/usr/local/bin] <ENTER>
+More infos to follow...
-    Automatically start the VPN service at boot time [yes] no
-    Directory containing linux kernel source code [/lib/modules/X.X.XX-X-XXX/build] <ENTER>
-You only have to modify the predefined answers if they do not correspond to your actual situation.
-If everything works, you will see some compilation messages and then the installation program will stop.
-. Download the unibz.pcf configuration file from the site of the university via web:
+===== Instructions for Linux vpnc Client (fails to work since update to Cisco ASA) =====
-https://pro.unibz.it/vpn/profiles/unibz/Free%20University%20of%20Bozen-Bolzano.zip
+. Install vpnc
-. Unzip the configuration file and copy it to the correct location:
+  sudo aptitude install vpnc
-    # unzip "Free University of Bozen-Bolzano.zip"
+. Create configuration file unibz.conf.
+   Please Note: IPSec obfuscated secret ... needs to be on a single line. Replace <your-windows-login> with your username.
-    # sudo cp "Free University of Bozen-Bolzano.pcf" /etc/opt/cisco-vpnclient/Profiles/unibz.pcf
-. Initialize the vpnclient:
+  sudo vi /etc/vpnc/unibz.conf
-    # sudo /etc/init.d/vpnclient_init start
+<code>
+#######################################
+IPSec gateway vpn.unibz.it
+IPSec ID Unibz
+IPSec obfuscated secret 06294C134E0BEBDA4B449B56BFD305D35D12DABF4044EDB6794926C2CA6D5AEDFE6342DF190E566EB11215DDC1591D5CB6ABEBEB593693C6D0B2077D78034B6AFEEA3221E77F4
+C9858DD711AA8DE58F6
+Xauth username <your-windows-login>
+#######################################
+</code>
-. You can now start the vpnclient using sudo:
+apply this rights:
-    $ sudo vpnclient connect unibz
+  sudo chmod 600 /etc/vpnc/unibz.conf
+  sudo chown root.root /etc/vpnc/unibz.conf
-You will see some messages and then you will be requested to insert your username and password:
+<code>
+sudo ls -l /etc/vpnc/unibz.conf
+-rw------- 1 root root 250 2009-05-02 15:54 /etc/vpnc/unibz.conf
+</code>
-    Cisco Systems VPN Client Version 4.8.01 (0640)
+. Start vpnc
-    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
-    Client Type(s): Linux
-    Running on: Linux 2.6.22-14-generic #1 SMP Tue Dec 18 08:02:57 UTC 2007 i686
-    Config file directory: /etc/opt/cisco-vpnclient
-    Initializing the VPN connection.
+  sudo vpnc-connect unibz
-    Contacting the gateway at 193.206.186.111
-    User Authentication for unibz...
-    Enter Username and Password.
+This will first ask for your sudo password and then
+you <windows-password>
-    Username []: X
+. Stop vpnc
-    Password []: Z
-    Authenticating user.
+  sudo vpnc-disconnect
-    Negotiating security policies.
-    Securing communication channel.
+===== Shrew Soft VPN Client Instructions for 32 or 64 bit version of Windows 2000, XP, Vista and 7 (recommened) =====
+. Go to http://www.shrew.net/home and download latest stable release of Shrew Soft VPN Client for Windows: http://www.shrew.net/download/vpn
+. Download unibz profile (need to login with unibz login&password)
+https://pro.unibz.it/vpn/profiles/unibz/Free%20University%20of%20Bozen-Bolzano.zip
-    Your VPN connection is secure.
+. Install Shrew Soft VPN Client for Windows
-    VPN tunnel information.
+. Start Shrew Soft VPN Client, unzip unibz profile and Import in VPN client
-    Client address: 172.21.204.1
-    Server address: 193.206.186.111
-    Encryption: 128-bit AES
-    Authentication: HMAC-SHA
-    IP Compression: None
-    NAT passthrough is active on port UDP 4500
-    Local LAN Access is disabled
-Please notice that you will have to leave the console open in order to have the VPN running.