Engineering-Tech Wiki

User Tools

Site Tools

You are here: start » auth » howto » linux » vpnclient
Trace:
auth:howto:linux:vpnclient

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
auth:howto:linux:vpnclient [2020/06/29 11:01] – [Possible errors] kohoferauth:howto:linux:vpnclient [2022/05/06 16:22] – [Install openconnect-sso macOS with SAML] kohofer
Line 121: Line 121:
 To verify launch this command in a terminal: To verify launch this command in a terminal:
  
-  ifconfig+  ifconfig | grep 172*
  
-You should get a new interface --> vpn0: with an IP Address: 172.xxx.xxx.xxx+You should get a new interface --> vpn0: with an IP Address: 172.21.66.xxx
  
 ===== Instructions for Linux vpnc Client ===== ===== Instructions for Linux vpnc Client =====
Line 152: Line 152:
 IPSec gateway vpn.unibz.it IPSec gateway vpn.unibz.it
 IPSec ID Unibz IPSec ID Unibz
-IPSec obfuscated secret 06294C134E0BEBDA4B449B56BFD305D35D12DABF4044EDB6794926C2CA6D5AEDFE6342DF190E566EB11215DDC1591D5CB6ABEBEB593693C6D0B2077D78034B6AFEEA3221E77F4 +IPSec obfuscated secret 06294C134E0BEBDA4B449B56BFD305D35D12DABF4044EDB6794926C2CA6D5AEDFE6342DF190E566EB11215DDC1591D5CB6ABEBEB593693C6D0B2077D78034B6AFEEA3221E77F4C9858DD711AA8DE58F6
-C9858DD711AA8DE58F6+
 Xauth username your-windows-login Xauth username your-windows-login
 # e.g. Xauth username fmoser (not fmoser@unibz.it) # e.g. Xauth username fmoser (not fmoser@unibz.it)
Line 382: Line 381:
 Per-user configuration is stored in your home directory in a file called .anyconnect Per-user configuration is stored in your home directory in a file called .anyconnect
  
 +====== Install openconnect-sso macOS with SAML ======
 +
 +If you don't want to use Cisco Anyconnect on the Apple Mac, you can install openconnect
 +and openconnect-sso for using SAML!
 +
 +**Requirements**: Python3
 +
 +Install brew
 +  /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
 +
 +Install openconnect and pipx
 +  brew install openconnect pipx
 +  pipx ensurepath
 +
 +Install pipx
 +  pip install --user pipx
 +
 +Install openconnect-sso
 +  pipx install "openconnect-sso[full]"
 +  pipx ensurepath
 +
 +Launch openconnect-sso
 +  /Users/user/.local/bin/openconnect-sso --server vpn.scientificnet.org/saml
 +
 +<code>
 +...
 +...
 +[info     ] Loading page                   [webengine] url=https://vpn.scientificnet.org/+CSCOE+/saml/sp/login?tgname=ScientificNetworkSouthTyrol-SAML&acsamlcap=v2
 +[info     ] Terminate requested.           [webengine] 
 +[info     ] Exiting browser                [webengine] 
 +[info     ] Browser exited                 [openconnect_sso.browser.browser] 
 +[info     ] Response received              [openconnect_sso.authenticator] id=success message=
 +[sudo] password for <local-username>:
 +
 +Connected to 193.106.xxx.xxx:443
 +SSL negotiation with vpn.scientificnet.org
 +Server certificate verify failed: signer not found
 +Connected to HTTPS on vpn.scientificnet.org
 +Got CONNECT response: HTTP/1.1 200 OK
 +CSTP connected. DPD 30, Keepalive 20
 +Connected as 172.xx.xx.xx + 2a02:27e8:10:741:0:dacc:0:2/64, using SSL, with DTLS in progress
 +Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(ECDHE-RSA)-(AES-256-GCM).
 +Error: any valid prefix is expected rather than "dev".
 +
 +</code>
 +
 +A browser-window will ask for your username and password, next it will ask for the PIN which you need
 +to generate with an Authenticator!
 +
 +Last thing to enter is the sudo password to enable the network interface.
  
/data/www/wiki.inf.unibz.it/data/pages/auth/howto/linux/vpnclient.txt · Last modified: 2022/06/20 11:40 by kohofer