Differences

This shows you the differences between two versions of the page.

--- auth:howto:linux:vpnclient [2012/11/15 17:33] – external edit 127.0.0.1
+++ auth:howto:linux:vpnclient [2017/05/08 11:43] – kohofer
@@ Line 1: / Line 1: @@
-====== VPN (Virtual Private Network) at the Free University of Bolzano/Bozen ======
+====== VPN (Virtual Private Network) at the Free University of Bolzano/Bozen and EURAC ======
 ===== Infos regarding the usage of VPN =====
@@ Line 5: / Line 5: @@
 http://www.unibz.it/en/ict/ComputerInternet/network/vpn/default.html
-==== Instructions for Windows 2000, XP, VISTA and 7 - 32bit and 64bit ====
+==== Instructions for Windows 7 - 32bit and 64bit ====
 http://www.unibz.it/en/ict/ComputerInternet/network/vpn/InstallationWindows.html
-==== Instructions for MacOS X 10.4 ====
+==== Instructions for MacOS X ====
-http://www.unibz.it/en/ict/ComputerInternet/network/vpn/InstallationMacOSX.html
-==== Instructions for MacOS X 10.6 ====
+We recommend to download and install [[https://itunes.apple.com/en/app/cisco-anyconnect/id392790924?mt=8|Cisco AnyConnect]] from Apple Store for iOS and connect via Browser to https://vpn.scientificnet.org for Mac OSX
-There is no need to install a Client, simply download and install (doubleclick) the\\
+=== Unsupported Instructions for MacOS X  and iOS - use at own risk! ===
-following file:
-{{:auth:howto:linux:unibz.networkconnect.zip|}}
+Download, unpack (doubleclick), then doupleclick the unpacked file to install it:
+{{:auth:howto:linux:vpn-scientificnet.org.networkconnect.zip|}}
+Under Network settings a new item should appear:
+  * VPN (IPSec)
+  * change username to your username
+  * click Connect and enter your password
+=== Uninstalling if installation is corrupt in MacOSx ===
+Uninstallation has to be done by running this command on terminal:
+sudo /opt/cisco/vpn/bin/vpn_uninstall.sh
+Should the uninstallation or reinstallation be corrupt, run this command on terminal:
+sudo pkgutil --forget com.cisco.pkg.anyconnect.vpn
+=== Instructions for iOS 9 ===
+  - Press Settings
+  - Choose General
+  - Nearly at the end, click VPN
+  - Next click: Add VPN Configuration...
+    - **Type:** IPSec
+    - **Description:** VPN Scientificnet
+    - **Server:** vpn.scientificnet.org
+    - **Account:** <your-unibz-username>
+    - **Password:** <your-unibz-password> or leave empty to ask every time!
+    - **Group Name:** Unibz
+    - **Secret:** <file>
+NrW2z9sj8g3kjJrzXxJwRPbIRNInWakL
+</file>
+  - Press Done in upper right corner of window
+  - Status: Slide Button to the right to connect
+  - Enter Password if not already entered above
 ===== Instructions for Linux vpnc Client (recommended) =====
@@ Line 25: / Line 61: @@
   sudo aptitude install vpnc
-. Create configuration file unibz.conf. Download from here: {{:auth:howto:linux:unibz.conf|}}
+. For Unibz:
+  * Create configuration file unibz.conf. Download from here: {{:auth:howto:linux:unibz.conf|}}
+.a For Eurac:
+   * Create configuration file eurac.conf. Download from here: {{:auth:howto:linux:eurac.conf|}}
 <note important>IPSec obfuscated secret needs to be on a single line.</note>
 <note important>Replace <your-windows-login> with your username.</note>
+For Unibz:
   sudo vi /etc/vpnc/unibz.conf
@@ Line 39: / Line 84: @@
 IPSec obfuscated secret 06294C134E0BEBDA4B449B56BFD305D35D12DABF4044EDB6794926C2CA6D5AEDFE6342DF190E566EB11215DDC1591D5CB6ABEBEB593693C6D0B2077D78034B6AFEEA3221E77F4
 C9858DD711AA8DE58F6
-Xauth username <your-windows-login>
+Xauth username your-windows-login
+# e.g. Xauth username fmoser (not fmoser@unibz.it)
 #######################################
 </code>
@@ Line 52: / Line 98: @@
 sudo ls -l /etc/vpnc/unibz.conf
 -rw------- 1 root root 250 2009-05-02 15:54 /etc/vpnc/unibz.conf
+</code>
+For Eurac:
+  sudo vi /etc/vpnc/eurac.conf
+<code>
+#######################################
+IPSec gateway vpn.scientificnet.org
+IPSec ID Eurac
+IPSec obfuscated secret 56A1CD68CC3AD33B48DB0F727ADDBC0A354DE3287D15C8526ED4CEDE4BC2ACDD1BB2460BC2354671A405F6150EA7C294C4DBC4CF9FFE45873BECAD3A2A738C5053BE34F709D592B50AD5BC472CDFF350
+Xauth username your-windows-login
+# e.g. Xauth username fmoser (not fmoser@eurac.edu)
+#######################################
+</code>
+apply this rights:
+  sudo chmod 600 /etc/vpnc/eurac.conf
+  sudo chown root.root /etc/vpnc/eurac.conf
+<code>
+sudo ls -l /etc/vpnc/eurac.conf
+-rw------- 1 root root 250 2009-05-02 15:54 /etc/vpnc/eurac.conf
 </code>
 . Start vpnc
+For Unibz:
   sudo vpnc-connect --domain unibz unibz
@@ Line 60: / Line 133: @@
 This will first ask for your sudo password and then
 your <unibz-password>
+For Eurac:
+  sudo vpnc-connect --domain eurac eurac
+This will first ask for your sudo password and then
+your <eurac-password>
 . Stop vpnc
   sudo vpnc-disconnect
 ==== Possible errors ====
@@ Line 86: / Line 168: @@
 provides an updated / revised release of this script. Download the latest copy from [[http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script|here]].\\
 Replace the vpnc-script script that comes with the Ubuntu vpnc package: /etc/vpnc/vpnc-script
+----
+Access via ssh not possible, MTU value to high!
+In some cases the MTU value is too high, which results in an very strange
+situation: ping works, but ssh hangs at this point:
+...
+debug1: sending SSH2_MSG_KEX_ECDH_INIT
+debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
+There are 2 bug reports for this:\\
+https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1110787\\
+https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1254085
+and a possible solution/workaround for Linux Mint:
+https://community.hide.me/threads/setup-problem-on-linux-mint-17.1839/
+Check the current MTU value:
+  ip link | grep mtu
+Set MTU value on interface eth0 to 1392
+  /sbin/ifconfig eth0 mtu 1392
+==== Decode Group Password ====
+[[https://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode|cisco vpnclient password decoder]]