Engineering-Tech Wiki

User Tools

Site Tools

You are here: start » auth » howto » linux » vpnclient
Trace:
auth:howto:linux:vpnclient

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
auth:howto:linux:vpnclient [2016/04/08 09:07] – [Instructions for Linux vpnc Client (recommended)] kohoferauth:howto:linux:vpnclient [2022/06/20 11:40] (current) kohofer
Line 3: Line 3:
 ===== Infos regarding the usage of VPN ===== ===== Infos regarding the usage of VPN =====
  
-http://www.unibz.it/en/ict/ComputerInternet/network/vpn/default.html +https://knowledge.scientificnet.org/workspace/#nd=ab7442f9-c4d0-4ffc-a4f7-1e0d84515cc9&ld=17f4d8ce-edff-4d42-ad33-d98e2cdebc35&ln=it
- +
-==== Instructions for Windows 7 32bit and 64bit ==== +
- +
-http://www.unibz.it/en/ict/ComputerInternet/network/vpn/InstallationWindows.html+
  
 ==== Instructions for MacOS X ==== ==== Instructions for MacOS X ====
Line 55: Line 51:
   - Enter Password if not already entered above   - Enter Password if not already entered above
  
-===== Instructions for Linux vpnc Client (recommended) =====+=== Instructions for Android 7 === 
 + 
 +  - Press Settings 
 +  - Find VPN Settings, depends on Model  
 +  - Next click: Add VPN Configuration... 
 +    - **Name:** Unibz VPN 
 +    - **Type:** IPSec Xauth PSK 
 +    - **Server-Address:** vpn.scientificnet.org 
 +    - **IPSec Identifier:** Unibz 
 +    - **IPSec Pre-shared Key:** NrW2z9sj8g3kjJrzXxJwRPbIRNInWakL 
 +    - **Account:** <your-unibz-username> 
 +    - **Password:** <your-unibz-password> or leave empty to ask every time! 
 +     
 +  - Press Done 
 +  - Status: Slide Button to the right to connect 
 +  - Enter Password if not already entered above 
 + 
 +===== Instructions for Linux using openconnect Client (recommended) ===== 
 + 
 +Run this command to install openconnect client and OpenConnect plugin GNOME GUI  
 + 
 +  sudo apt install openconnect network-manager-openconnect network-manager-openconnect-gnome 
 + 
 +Once installed open Settings and go to Network, press + right of the VPN section. 
 + 
 +{{:auth:howto:linux:network_vpn.png?400|}} 
 + 
 +Select **Cisco AnyConnect Compatible VPN (openconnect)** and fill out as shown below: 
 + 
 +{{:auth:howto:linux:add_vpn_openconnect.png?400|}} 
 + 
 +{{:auth:howto:linux:details_vpn.png?300|Details}} {{:auth:howto:linux:identity_vpn.png?300|Identity}}  
 + 
 +{{:auth:howto:linux:ipv4_vpn.png?300|IPv4}} {{:auth:howto:linux:ipv6_vpn.png?300|IPv6}}  
 + 
 +**Details** 
 +  - Make available to other users: tick if you want to allow other users on your system to use the VPN 
 + 
 +**Identity** 
 +  - Name: VPN work (use a descriptive name) 
 +  - VPN Protocol: Cisco AnyConnect 
 +  - Gateway: vpn.scientificnet.org 
 +  - CA Certificate: download from {{ :auth:howto:linux:vpn-scientificnet-org.pem |here}}, not really necessary! 
 + 
 +The rest can be left as it is. 
 + 
 +**IPv4/IPv6** 
 +  - IPv4 Method: Automatic (DHCP) 
 +  - DNS: ON 
 +  - Routes: ON 
 + 
 +Press <color #22b14c>Apply</color> 
 + 
 +Now you can enable the VPN connection! 
 + 
 +Move the slider from OFF to ON, a small window should open, 
 + 
 +{{:auth:howto:linux:enable_vpn.png?400|Enable VPN}} 
 + 
 +make sure that for VPN Host you select: **vpn.scientificnet.org** 
 + 
 +Enter your unibz Username, without @unibz.it and your unibz Password. 
 + 
 +{{:auth:howto:linux:connect_vpn.png?400|Connect VPN}} 
 + 
 +Press **Login** 
 + 
 +If all goes well the slider should remain in ON position, if not check the Log. 
 +To verify launch this command in a terminal: 
 + 
 +  ifconfig | grep 172* 
 + 
 +You should get a new interface --> vpn0: with an IP Address: 172.21.66.xxx 
 + 
 +===== Instructions for Linux vpnc Client =====
  
 1. Install vpnc 1. Install vpnc
  
-  sudo aptitude install vpnc+  sudo apt-get install vpnc
  
 2. For Unibz: 2. For Unibz:
Line 82: Line 152:
 IPSec gateway vpn.unibz.it IPSec gateway vpn.unibz.it
 IPSec ID Unibz IPSec ID Unibz
-IPSec obfuscated secret 06294C134E0BEBDA4B449B56BFD305D35D12DABF4044EDB6794926C2CA6D5AEDFE6342DF190E566EB11215DDC1591D5CB6ABEBEB593693C6D0B2077D78034B6AFEEA3221E77F4 +IPSec obfuscated secret 06294C134E0BEBDA4B449B56BFD305D35D12DABF4044EDB6794926C2CA6D5AEDFE6342DF190E566EB11215DDC1591D5CB6ABEBEB593693C6D0B2077D78034B6AFEEA3221E77F4C9858DD711AA8DE58F6
-C9858DD711AA8DE58F6+
 Xauth username your-windows-login Xauth username your-windows-login
 +# e.g. Xauth username fmoser (not fmoser@unibz.it)
 ####################################### #######################################
 </code> </code>
Line 109: Line 179:
 IPSec obfuscated secret 56A1CD68CC3AD33B48DB0F727ADDBC0A354DE3287D15C8526ED4CEDE4BC2ACDD1BB2460BC2354671A405F6150EA7C294C4DBC4CF9FFE45873BECAD3A2A738C5053BE34F709D592B50AD5BC472CDFF350 IPSec obfuscated secret 56A1CD68CC3AD33B48DB0F727ADDBC0A354DE3287D15C8526ED4CEDE4BC2ACDD1BB2460BC2354671A405F6150EA7C294C4DBC4CF9FFE45873BECAD3A2A738C5053BE34F709D592B50AD5BC472CDFF350
 Xauth username your-windows-login Xauth username your-windows-login
 +# e.g. Xauth username fmoser (not fmoser@eurac.edu)
 ####################################### #######################################
 </code> </code>
Line 166: Line 237:
 provides an updated / revised release of this script. Download the latest copy from [[http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script|here]].\\ provides an updated / revised release of this script. Download the latest copy from [[http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script|here]].\\
 Replace the vpnc-script script that comes with the Ubuntu vpnc package: /etc/vpnc/vpnc-script Replace the vpnc-script script that comes with the Ubuntu vpnc package: /etc/vpnc/vpnc-script
 +
 +----
 +
 +Access via ssh not possible, MTU value to high!
 +
 +In some cases the MTU value is too high, which results in an very strange
 +situation: ping works, but ssh hangs at this point:
 +
 +...
 +debug1: sending SSH2_MSG_KEX_ECDH_INIT
 +debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
 +
 +
 +There are 2 bug reports for this:\\
 +
 +https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1110787\\
 +https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1254085
 +
 +and a possible solution/workaround for Linux Mint:
 +
 +https://community.hide.me/threads/setup-problem-on-linux-mint-17.1839/
 +
 +Check the current MTU value:
 +
 +  ip link | grep mtu
 +
 +Set MTU value on interface eth0 to 1392
 +
 +  /sbin/ifconfig eth0 mtu 1392
 +
 +----
 +
 +Allow local (LAN) access when using VPN (MacOS)
 +
 +
 +{{:auth:howto:linux:allow-local-lan-access-with-vpn.png?400|VPN preferences}}
 +
  
 ==== Decode Group Password ==== ==== Decode Group Password ====
Line 273: Line 381:
 Per-user configuration is stored in your home directory in a file called .anyconnect Per-user configuration is stored in your home directory in a file called .anyconnect
  
-===== Shrew Soft VPN Client Instructions for 32 or 64 bit version of Windows 2000XPVista and 7 (recommened) =====+====== Install openconnect-sso macOS with SAML ====== 
 + 
 +If you don't want to use Cisco Anyconnect on the Apple Mac, you can install openconnect 
 +and openconnect-sso for using SAML! 
 + 
 +**Requirements**: Python3 
 + 
 +Install brew 
 +  /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" 
 + 
 +Install openconnect and pipx 
 +  brew install openconnect pipx 
 +  pipx ensurepath 
 + 
 +Install pipx 
 +  pip install --user pipx 
 + 
 +Install openconnect-sso 
 +  pipx install "openconnect-sso[full]" 
 +  pipx ensurepath 
 + 
 +Launch openconnect-sso 
 +  /Users/user/.local/bin/openconnect-sso --server vpn.scientificnet.org/saml 
 + 
 +<code> 
 +... 
 +... 
 +[info     ] Loading page                   [webengine] url=https://vpn.scientificnet.org/+CSCOE+/saml/sp/login?tgname=ScientificNetworkSouthTyrol-SAML&acsamlcap=v2 
 +[info     ] Terminate requested.           [webengine]  
 +[info     ] Exiting browser                [webengine]  
 +[info     ] Browser exited                 [openconnect_sso.browser.browser]  
 +[info     ] Response received              [openconnect_sso.authenticator] id=success message= 
 +[sudo] password for <local-username>: 
 + 
 +Connected to 193.106.xxx.xxx:443 
 +SSL negotiation with vpn.scientificnet.org 
 +Server certificate verify failed: signer not found 
 +Connected to HTTPS on vpn.scientificnet.org 
 +Got CONNECT response: HTTP/1.1 200 OK 
 +CSTP connected. DPD 30, Keepalive 20 
 +Connected as 172.xx.xx.xx + 2a02:27e8:10:741:0:dacc:0:2/64, using SSLwith DTLS in progress 
 +Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(ECDHE-RSA)-(AES-256-GCM). 
 +Error: any valid prefix is expected rather than "dev"
 + 
 +</code> 
 + 
 +A browser-window will ask for your username and password, next it will ask for the PIN which you need 
 +to generate with an Authenticator! 
 + 
 +Last thing to enter is the sudo password to enable the network interface. 
 + 
 +====== Install openconnect-sso Ubuntu with SAML ====== 
 + 
 +Requirements: 
 + 
 +  sudo apt install python3.8-venv openconnect 
 + 
 +  pip install --user pipx 
 +  pipx install "openconnect-sso[full]" 
 +  pipx ensurepath 
 + 
 +Launch openconnect-sso 
 + 
 +  openconnect-sso --server vpn.scientificnet.org/saml
  
-1. Go to http://www.shrew.net/home and download latest stable release of Shrew Soft VPN Client for Windows: http://www.shrew.net/download/vpn+A browser window will open, where it might ask for your 2FA/MFA, 
 +then it will ask for your sudo password to get the VPN interface up. 
 +Leave the command running as long as you need VPN.
  
-2. Download unibz profile (need to login with unibz login&password+You can also add an ampersand (&and the end of the command to put the command 
-https://pro.unibz.it/vpn/profiles/unibz/Free%20University%20of%20Bozen-Bolzano.zip+into background:
  
-3Install Shrew Soft VPN Client for Windows+  openconnect-sso --server vpn.scientificnet.org/saml &
  
-4. Start Shrew Soft VPN Client, unzip unibz profile and Import in VPN client 
  
  
/data/www/wiki.inf.unibz.it/data/attic/auth/howto/linux/vpnclient.1460099279.txt.gz · Last modified: 2019/01/16 10:03 (external edit)