User Tools

Site Tools


auth:howto:linux:vpnclient

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
auth:howto:linux:vpnclient [2020/10/30 13:20] – [Instructions for Linux vpnc Client] kohoferauth:howto:linux:vpnclient [2022/06/20 11:40] (current) kohofer
Line 121: Line 121:
 To verify launch this command in a terminal: To verify launch this command in a terminal:
  
-  ifconfig+  ifconfig | grep 172*
  
-You should get a new interface --> vpn0: with an IP Address: 172.xxx.xxx.xxx+You should get a new interface --> vpn0: with an IP Address: 172.21.66.xxx
  
 ===== Instructions for Linux vpnc Client ===== ===== Instructions for Linux vpnc Client =====
Line 380: Line 380:
  
 Per-user configuration is stored in your home directory in a file called .anyconnect Per-user configuration is stored in your home directory in a file called .anyconnect
 +
 +====== Install openconnect-sso macOS with SAML ======
 +
 +If you don't want to use Cisco Anyconnect on the Apple Mac, you can install openconnect
 +and openconnect-sso for using SAML!
 +
 +**Requirements**: Python3
 +
 +Install brew
 +  /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
 +
 +Install openconnect and pipx
 +  brew install openconnect pipx
 +  pipx ensurepath
 +
 +Install pipx
 +  pip install --user pipx
 +
 +Install openconnect-sso
 +  pipx install "openconnect-sso[full]"
 +  pipx ensurepath
 +
 +Launch openconnect-sso
 +  /Users/user/.local/bin/openconnect-sso --server vpn.scientificnet.org/saml
 +
 +<code>
 +...
 +...
 +[info     ] Loading page                   [webengine] url=https://vpn.scientificnet.org/+CSCOE+/saml/sp/login?tgname=ScientificNetworkSouthTyrol-SAML&acsamlcap=v2
 +[info     ] Terminate requested.           [webengine] 
 +[info     ] Exiting browser                [webengine] 
 +[info     ] Browser exited                 [openconnect_sso.browser.browser] 
 +[info     ] Response received              [openconnect_sso.authenticator] id=success message=
 +[sudo] password for <local-username>:
 +
 +Connected to 193.106.xxx.xxx:443
 +SSL negotiation with vpn.scientificnet.org
 +Server certificate verify failed: signer not found
 +Connected to HTTPS on vpn.scientificnet.org
 +Got CONNECT response: HTTP/1.1 200 OK
 +CSTP connected. DPD 30, Keepalive 20
 +Connected as 172.xx.xx.xx + 2a02:27e8:10:741:0:dacc:0:2/64, using SSL, with DTLS in progress
 +Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(ECDHE-RSA)-(AES-256-GCM).
 +Error: any valid prefix is expected rather than "dev".
 +
 +</code>
 +
 +A browser-window will ask for your username and password, next it will ask for the PIN which you need
 +to generate with an Authenticator!
 +
 +Last thing to enter is the sudo password to enable the network interface.
 +
 +====== Install openconnect-sso Ubuntu with SAML ======
 +
 +Requirements:
 +
 +  sudo apt install python3.8-venv openconnect
 +
 +  pip install --user pipx
 +  pipx install "openconnect-sso[full]"
 +  pipx ensurepath
 +
 +Launch openconnect-sso
 +
 +  openconnect-sso --server vpn.scientificnet.org/saml
 +
 +A browser window will open, where it might ask for your 2FA/MFA,
 +then it will ask for your sudo password to get the VPN interface up.
 +Leave the command running as long as you need VPN.
 +
 +You can also add an ampersand (&) and the end of the command to put the command
 +into background:
 +
 +  openconnect-sso --server vpn.scientificnet.org/saml &
 +
  
  
/data/www/wiki.inf.unibz.it/data/attic/auth/howto/linux/vpnclient.1604060448.txt.gz · Last modified: 2020/10/30 13:20 by kohofer