Differences

This shows you the differences between two versions of the page.

--- auth:howto:linux:vpnclient [2019/01/16 10:03] – external edit 127.0.0.1
+++ auth:howto:linux:vpnclient [2022/05/06 16:22] – [Install openconnect-sso macOS with SAML] kohofer
@@ Line 51: / Line 51: @@
   - Enter Password if not already entered above
-===== Instructions for Linux vpnc Client (recommended) =====
+=== Instructions for Android 7 ===
+  - Press Settings
+  - Find VPN Settings, depends on Model
+  - Next click: Add VPN Configuration...
+    - **Name:** Unibz VPN
+    - **Type:** IPSec Xauth PSK
+    - **Server-Address:** vpn.scientificnet.org
+    - **IPSec Identifier:** Unibz
+    - **IPSec Pre-shared Key:** NrW2z9sj8g3kjJrzXxJwRPbIRNInWakL
+    - **Account:** <your-unibz-username>
+    - **Password:** <your-unibz-password> or leave empty to ask every time!
+  - Press Done
+  - Status: Slide Button to the right to connect
+  - Enter Password if not already entered above
+===== Instructions for Linux using openconnect Client (recommended) =====
+Run this command to install openconnect client and OpenConnect plugin GNOME GUI
+  sudo apt install openconnect network-manager-openconnect network-manager-openconnect-gnome
+Once installed open Settings and go to Network, press + right of the VPN section.
+{{:auth:howto:linux:network_vpn.png?400|}}
+Select **Cisco AnyConnect Compatible VPN (openconnect)** and fill out as shown below:
+{{:auth:howto:linux:add_vpn_openconnect.png?400|}}
+{{:auth:howto:linux:details_vpn.png?300|Details}} {{:auth:howto:linux:identity_vpn.png?300|Identity}}
+{{:auth:howto:linux:ipv4_vpn.png?300|IPv4}} {{:auth:howto:linux:ipv6_vpn.png?300|IPv6}}
+**Details**
+  - Make available to other users: tick if you want to allow other users on your system to use the VPN
+**Identity**
+  - Name: VPN work (use a descriptive name)
+  - VPN Protocol: Cisco AnyConnect
+  - Gateway: vpn.scientificnet.org
+  - CA Certificate: download from {{ :auth:howto:linux:vpn-scientificnet-org.pem |here}}, not really necessary!
+The rest can be left as it is.
+**IPv4/IPv6**
+  - IPv4 Method: Automatic (DHCP)
+  - DNS: ON
+  - Routes: ON
+Press <color #22b14c>Apply</color>
+Now you can enable the VPN connection!
+Move the slider from OFF to ON, a small window should open,
+{{:auth:howto:linux:enable_vpn.png?400|Enable VPN}}
+make sure that for VPN Host you select: **vpn.scientificnet.org**
+Enter your unibz Username, without @unibz.it and your unibz Password.
+{{:auth:howto:linux:connect_vpn.png?400|Connect VPN}}
+Press **Login**
+If all goes well the slider should remain in ON position, if not check the Log.
+To verify launch this command in a terminal:
+  ifconfig | grep 172*
+You should get a new interface --> vpn0: with an IP Address: 172.21.66.xxx
+===== Instructions for Linux vpnc Client =====
 . Install vpnc
@@ Line 78: / Line 152: @@
 IPSec gateway vpn.unibz.it
 IPSec ID Unibz
-IPSec obfuscated secret 06294C134E0BEBDA4B449B56BFD305D35D12DABF4044EDB6794926C2CA6D5AEDFE6342DF190E566EB11215DDC1591D5CB6ABEBEB593693C6D0B2077D78034B6AFEEA3221E77F4
+IPSec obfuscated secret 06294C134E0BEBDA4B449B56BFD305D35D12DABF4044EDB6794926C2CA6D5AEDFE6342DF190E566EB11215DDC1591D5CB6ABEBEB593693C6D0B2077D78034B6AFEEA3221E77F4C9858DD711AA8DE58F6
-C9858DD711AA8DE58F6
 Xauth username your-windows-login
 # e.g. Xauth username fmoser (not fmoser@unibz.it)
@@ Line 193: / Line 266: @@
   /sbin/ifconfig eth0 mtu 1392
+----
+Allow local (LAN) access when using VPN (MacOS)
+{{:auth:howto:linux:allow-local-lan-access-with-vpn.png?400|VPN preferences}}
@@ Line 301: / Line 381: @@
 Per-user configuration is stored in your home directory in a file called .anyconnect
+====== Install openconnect-sso macOS with SAML ======
+If you don't want to use Cisco Anyconnect on the Apple Mac, you can install openconnect
+and openconnect-sso for using SAML!
+**Requirements**: Python3
+Install brew
+  /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+Install openconnect and pipx
+  brew install openconnect pipx
+  pipx ensurepath
+Install pipx
+  pip install --user pipx
+Install openconnect-sso
+  pipx install "openconnect-sso[full]"
+  pipx ensurepath
+Launch openconnect-sso
+  /Users/user/.local/bin/openconnect-sso --server vpn.scientificnet.org/saml
+<code>
+...
+...
+[info     ] Loading page                   [webengine] url=https://vpn.scientificnet.org/+CSCOE+/saml/sp/login?tgname=ScientificNetworkSouthTyrol-SAML&acsamlcap=v2
+[info     ] Terminate requested.           [webengine]
+[info     ] Exiting browser                [webengine]
+[info     ] Browser exited                 [openconnect_sso.browser.browser]
+[info     ] Response received              [openconnect_sso.authenticator] id=success message=
+[sudo] password for <local-username>:
+Connected to 193.106.xxx.xxx:443
+SSL negotiation with vpn.scientificnet.org
+Server certificate verify failed: signer not found
+Connected to HTTPS on vpn.scientificnet.org
+Got CONNECT response: HTTP/1.1 200 OK
+CSTP connected. DPD 30, Keepalive 20
+Connected as 172.xx.xx.xx + 2a02:27e8:10:741:0:dacc:0:2/64, using SSL, with DTLS in progress
+Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(ECDHE-RSA)-(AES-256-GCM).
+Error: any valid prefix is expected rather than "dev".
+</code>
+A browser-window will ask for your username and password, next it will ask for the PIN which you need
+to generate with an Authenticator!
+Last thing to enter is the sudo password to enable the network interface.