auth:howto:linux:vpnclient
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
auth:howto:linux:vpnclient [2020/04/21 11:52] – [Instructions for Linux using Openconnect Client (recommended)] kohofer | auth:howto:linux:vpnclient [2022/06/20 11:40] (current) – kohofer | ||
---|---|---|---|
Line 69: | Line 69: | ||
===== Instructions for Linux using openconnect Client (recommended) ===== | ===== Instructions for Linux using openconnect Client (recommended) ===== | ||
- | |||
- | ===== Installation ===== | ||
Run this command to install openconnect client and OpenConnect plugin GNOME GUI | Run this command to install openconnect client and OpenConnect plugin GNOME GUI | ||
Line 78: | Line 76: | ||
Once installed open Settings and go to Network, press + right of the VPN section. | Once installed open Settings and go to Network, press + right of the VPN section. | ||
- | Select **Cisco AnyConnect Compatible VPN (openconnect)** and enter the details: | + | {{: |
+ | |||
+ | Select **Cisco AnyConnect Compatible VPN (openconnect)** and fill out as shown below: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | {{: | ||
**Details** | **Details** | ||
Line 87: | Line 93: | ||
- VPN Protocol: Cisco AnyConnect | - VPN Protocol: Cisco AnyConnect | ||
- Gateway: vpn.scientificnet.org | - Gateway: vpn.scientificnet.org | ||
- | - CA Certificate: | + | - CA Certificate: |
The rest can be left as it is. | The rest can be left as it is. | ||
Line 96: | Line 102: | ||
- Routes: ON | - Routes: ON | ||
+ | Press <color # | ||
+ | |||
+ | Now you can enable the VPN connection! | ||
+ | |||
+ | Move the slider from OFF to ON, a small window should open, | ||
+ | |||
+ | {{: | ||
+ | |||
+ | make sure that for VPN Host you select: **vpn.scientificnet.org** | ||
+ | |||
+ | Enter your unibz Username, without @unibz.it and your unibz Password. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Press **Login** | ||
+ | If all goes well the slider should remain in ON position, if not check the Log. | ||
+ | To verify launch this command in a terminal: | ||
+ | ifconfig | grep 172* | ||
+ | You should get a new interface --> vpn0: with an IP Address: 172.21.66.xxx | ||
===== Instructions for Linux vpnc Client ===== | ===== Instructions for Linux vpnc Client ===== | ||
Line 127: | Line 152: | ||
IPSec gateway vpn.unibz.it | IPSec gateway vpn.unibz.it | ||
IPSec ID Unibz | IPSec ID Unibz | ||
- | IPSec obfuscated secret | + | IPSec obfuscated secret |
- | C9858DD711AA8DE58F6 | + | |
Xauth username your-windows-login | Xauth username your-windows-login | ||
# e.g. Xauth username fmoser (not fmoser@unibz.it) | # e.g. Xauth username fmoser (not fmoser@unibz.it) | ||
Line 242: | Line 266: | ||
/ | / | ||
+ | |||
+ | ---- | ||
+ | |||
+ | Allow local (LAN) access when using VPN (MacOS) | ||
+ | |||
+ | |||
+ | {{: | ||
Line 349: | Line 380: | ||
Per-user configuration is stored in your home directory in a file called .anyconnect | Per-user configuration is stored in your home directory in a file called .anyconnect | ||
+ | |||
+ | ====== Install openconnect-sso macOS with SAML ====== | ||
+ | |||
+ | If you don't want to use Cisco Anyconnect on the Apple Mac, you can install openconnect | ||
+ | and openconnect-sso for using SAML! | ||
+ | |||
+ | **Requirements**: | ||
+ | |||
+ | Install brew | ||
+ | /bin/bash -c " | ||
+ | |||
+ | Install openconnect and pipx | ||
+ | brew install openconnect pipx | ||
+ | pipx ensurepath | ||
+ | |||
+ | Install pipx | ||
+ | pip install --user pipx | ||
+ | |||
+ | Install openconnect-sso | ||
+ | pipx install " | ||
+ | pipx ensurepath | ||
+ | |||
+ | Launch openconnect-sso | ||
+ | / | ||
+ | |||
+ | < | ||
+ | ... | ||
+ | ... | ||
+ | [info ] Loading page | ||
+ | [info ] Terminate requested. | ||
+ | [info ] Exiting browser | ||
+ | [info ] Browser exited | ||
+ | [info ] Response received | ||
+ | [sudo] password for < | ||
+ | |||
+ | Connected to 193.106.xxx.xxx: | ||
+ | SSL negotiation with vpn.scientificnet.org | ||
+ | Server certificate verify failed: signer not found | ||
+ | Connected to HTTPS on vpn.scientificnet.org | ||
+ | Got CONNECT response: HTTP/1.1 200 OK | ||
+ | CSTP connected. DPD 30, Keepalive 20 | ||
+ | Connected as 172.xx.xx.xx + 2a02: | ||
+ | Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(ECDHE-RSA)-(AES-256-GCM). | ||
+ | Error: any valid prefix is expected rather than " | ||
+ | |||
+ | </ | ||
+ | |||
+ | A browser-window will ask for your username and password, next it will ask for the PIN which you need | ||
+ | to generate with an Authenticator! | ||
+ | |||
+ | Last thing to enter is the sudo password to enable the network interface. | ||
+ | |||
+ | ====== Install openconnect-sso Ubuntu with SAML ====== | ||
+ | |||
+ | Requirements: | ||
+ | |||
+ | sudo apt install python3.8-venv openconnect | ||
+ | |||
+ | pip install --user pipx | ||
+ | pipx install " | ||
+ | pipx ensurepath | ||
+ | |||
+ | Launch openconnect-sso | ||
+ | |||
+ | openconnect-sso --server vpn.scientificnet.org/ | ||
+ | |||
+ | A browser window will open, where it might ask for your 2FA/MFA, | ||
+ | then it will ask for your sudo password to get the VPN interface up. | ||
+ | Leave the command running as long as you need VPN. | ||
+ | |||
+ | You can also add an ampersand (&) and the end of the command to put the command | ||
+ | into background: | ||
+ | |||
+ | openconnect-sso --server vpn.scientificnet.org/ | ||
+ | |||
/data/www/wiki.inf.unibz.it/data/attic/auth/howto/linux/vpnclient.1587462721.txt.gz · Last modified: 2020/04/21 11:52 by kohofer