Changes

← Older edit

Proxies and VPN

2,253 bytes added, 6 November

no edit summary

=Proxies=

== Web Proxy ==

If you're just looking to access library resources like subscription journals, you can make use of the library's [http://www.lib.vt.edu/help/extended/extproxy.html web-based proxy].

== SSH Tunnel ==

If you're looking for a quick and dirty way to obtain a VT IP, you can run a [[Secure Shell#Tunneling|secure shell socks proxy]] using a [[CVL]] (ECE) or [[rlogin]] (CS) shell account. = VPN =Connecting to the Internet through Virginia Tech's [http://~~dltj~~en.wikipedia.org/~~article~~wiki/Virtual_private_network Virtual Private Network] (VPN) is the only officially advertised and supported method of accessing certain resources such as [http://network.software.vt.edu/ VT Network Software] from off-campus. Alternatively, you can use '''SSH tunnels''' or proxies to obtain a Virginia Tech IP address. To connect to Virginia Tech's VPN service you have two options:#Use the graphical [https://4help.vt.edu/sp?id=kb_article&sysparm_article=KB0016112 Cisco Secure client] offered. To install and use this application see their KB by clicking that link to the left.#Setup OpenConnect for the CLI option. Which is detailed below. (There may be a way to tie this into the Network Manager GUI tool, but I haven't gone that far yet) === OpenConnect Install === There is a bug ( ''Cisco Anyconnect STRAP channel bindings with TLSv1.3 (#659)'' ) in the repo versions that prevents OpenConnect from connecting to VT's VPN service. This was fixed in the HEAD branch, but that means we need to build and install it from source. In the following instructions whenever you see <span style="color:#FF0000">USERNAME</~~ssh~~span>, replace this with your Linux system's username. I want to also note that these instructions were tested on Ubuntu linux with the Firefox browser. If you have something different you may need to modify the below instructions to work with your distro. '''Build OpenConnect --HEAD from source and configure system''' Install GIT if it is not already installed on the system: <pre>sudo apt-get install git</pre> Then clone the source code for OpenConnect --HEAD: <pre>cd $HOMEgit clone git://git.infradead.org/users/dwmw2/openconnect.git</pre> The next step is to install required dependencies, then build and install OpenConnect. The script below handles all those tasks. You can copy the below code into a file and run asa script or you can run each command individually in a terminal if you so choose. <pre>#!/bin/bash # Install dependenciessudo apt install \ build-~~socks~~essential gettext autoconf automake libproxy-dev \ libxml2-dev libtool vpnc-scripts pkg-config zlib1g-dev \ libp11-kit-dev libp11-dev libssl-dev # Buildcd openconnect./autogen.sh./configuremake && make checksudo make install && sudo ldconfig # Verifyopenconnect --version</pre> Next download the latest vpnc-script for OpenConnect and make executable. <pre>cd $HOMEwget https://gitlab.com/openconnect/vpnc-scripts/raw/master/vpnc-scriptchmod 744 vpnc-~~proxy~~script</ ~~SOCKS proxy~~ pre> The command that gets used to connect to the VPN has one portion that requires the use of sudo for the vpnc-script. The sudo credentials prompt tends to get buried in all of OpenConnect’s message output to the terminal window. We can add a line to the sudoers file to avoid getting prompted. Open the sudoers file for editing with ~~SSH~~the following command: <pre>sudo visudo</pre>(or ''sudo vi /etc/sudoers'' if that is your preference) Now add the following line to end of the sudoers file to allow the user to run the vpnc-script without being prompted for an admin password: <code><span style="color:#FF0000">USERNAME</span> ALL=(ALL) NOPASSWD: SETENV: /home/<span style="color:#FF0000">USERNAME</span>/vpnc-script</code> As the user account does not have permission to create the required /var/run/vpnc directory (and this directory gets deleted every reboot) we need to run the following command to have the system create the directory for us at boot and set some proper permissions: <pre>echo "d /run/vpnc 770 root netdev - -" | sudo tee /etc/tmpfiles.d/vpnc.conf</pre> Add the user to the groups netdev and kvm so they have proper permissions to access certain files and directories: <code>sudo usermod -a -G kvm <span style="color:#FF0000">USERNAME</span></code><br /><code>sudo usermod -a -G netdev <span style="color:#FF0000">USERNAME</span></code> We need to create a TUN/TAP interface device so that it is ready to use by the user and OpenConnect when connecting to the VPN. If we don’t do this OpenConnect will fail as it cannot create this interface for us since it is getting run by the non-root user account. We can have the system create a tun interface at boot for us by creating the following file: <pre>cd /etc/systemd/network/sudo vi 90-tun0.netdev</pre> Then add the following to this file: <code> [NetDev]<br />Name=tun0<br />Kind=tun<br /> [TUN] ~~using~~ <br />Mode=tun<br />User=<span style="color:#FF0000">USERNAME</span></code> Now enable the system-networkd service: <pre>sudo systemctl enable systemd-networkd</pre> And to be safe that everything has taken affect lets do a ~~CVL~~ '''restart of the system'''. '''Connecting to the Cisco Secure VPN''' Below are the commands for connecting to the different VPN Realms (~~ECE)~~ VT-Traffic or ~~rlogin (CS~~All-Traffic) : Connect to '''VT-Traffic''': <code>openconnect --server=<nowiki>https://vpn.vt.edu/VT-Traffic</nowiki> --useragent=AnyConnect -s 'sudo -E /home/<span style="color:#FF0000">USERNAME</span>/vpnc-script' --external-browser /usr/bin/firefox -i tun0</code> Connect to '''All-Traffic''': <code>openconnect --server=<nowiki>https://vpn.vt.edu/All-Traffic</nowiki> --useragent=AnyConnect -s 'sudo -E /home/<span style="color:#FF0000">USERNAME</span>/vpnc-script' --external-browser /usr/bin/firefox -i tun0</code> If you want to make things easier to type each time you connect, add the above commands as shell ~~account~~aliases. Once you've run the above command and done the Single-Sign On/Two-Factor authentication in the browser window that opens, you should be connected to the VPN. Just leave the terminal window open that you ran the openconnect command in initially to maintain the VPN connection.

~~== How to connect to Virginia Tech's VPN ==~~

Connecting to the Internet through Virginia Tech's [http://en.wikipedia.org/wiki/Virtual_private_network Virtual Private Network] (VPN) is the only officially advertised and supported method of accessing certain resources such as [http://network.software.vt.edu/ VT Network Software] from off-campus.

~~<ul><li>~~ '''~~Important:''' You must first create a [http://computing.vt.edu/accounts_and_access/remote_access_id/ Remote Access ID] to be able to log into~~ Disconnecting from the VPN~~. This is different from your normal VT PID password.</li></ul>=== Using Ubuntu or Debian ===<ol><li> Install the [http://www.gnome.org/projects/NetworkManager/ Network Manager] applet if you do not already have it.</li><li> Install the '''network-manager-pptp~~''' ~~package for your distribution.</li></ol>From here you will need to configure the VPN somewhat differentlydepending on your version of NetworkManager. To see your version ofNetworkManager, right click the NetworkManager applet on your upperpanel. The nm-applet looks like one of the following, depending on ifyour connected:~~

~~<table border="1">~~Disconnecting is pretty simple. When done use Ctrl-C in the same terminal window that OpenConnect is running and allow a few seconds for it to close the connection and return to a terminal prompt.

~~<tbody><tr><th>Not Connected </th><th> Connected</th></tr><tr>~~<td><a href="http://www.vtluug.org/wiki/index.php?title=Image:Nm_not_connected.png" class="image" title="Image:nm_not_connected.png"><img alt="Image:nm_not_connected.png" src="VPN_files/Nm_not_connected.html" height="24" width="24" border="0"></a> </td><td> <a href="http://www.vtluug.org/wiki/index.php?title=Image:Nm_connected.png" class="image" title="Image:nm_connected.png"><img alt="Image:nm_connected.png" src="VPN_files/Nm_connected.html" height="22" width="22" border="0"></a>~~</td></tr></tbody></table>==== NetworkManager 0.6 (Ubuntu 8.04 Hardy Heron) ====<ol><li> Click the Network Manager applet in your panel.</li><li> Under '''VPN Connections''', select '''Configure VPN...'''.</li><li> Click the '''Add''' button.</li><li> Click '''Forward'''.</li><li> Click '''Forward''' again.</li><li> In the '''Connection Name''' box, type <code>VT PPTP VPN</code>.</li><li> In the '''Gateway''' box, type <code>pptp.cns.vt.edu</code></li><li> At the top, click the '''Authentication''' tab.</li><li> Check the box labeled '''Refuse CHAP'''.</li><li> Click '''Forward'''.</li><li> Click '''Apply'''.</li><li> Restart Network Manager with the following commands:</li></ol><code></code><pre>sudo /etc/dbus-1/event.d/25NetworkManager restartsudo /etc/dbus-1/event.d/26NetworkManagerDispatcher restart</pre>==== NetworkManager 0.7 (Ubuntu 8.10 Intrepid Ibex)~~ ==IPsec==~~<ol><li> Click the NetworkManager applet → VPN Connections → Configure VPN</li><li> Go to the VPN tab</li><li> Click Add</li><li> You will be asked to choos a VPN connection type. Select Point-to-Point Tunneling Protocol (PPTP) and click Create</li><li> Enter the following and click OK:</li></ol><table align="center" border="1">~~See [[IPsec]]

~~<tbody><tr>~~[[Category:Howtos]]~~<th>Connection name~~[[Category:Software]]~~</th><td>VT PPTP VPN (really, can be whatever you like)~~[[Category:VTLUUG:Projects]]~~</td></tr><tr><th>Gateway</th><td>pptp.cns.vt.edu</td></tr><tr><th>User name</th><td>''your PID''</td></tr><tr><th>Password</th><td>''your VPN password''</td></tr><tr><th>NT Domain</th><td>''(blank)''</td></tr></tbody></table>==== Connecting to the VPN ====<ol><li> Click the Network Manager applet in your panel.</li><li> Under '''VPN Connections''', select '''VT PPTP VPN'''</li><li> Log in using your Remote Access ID.</li></ol>==== Ubuntu upgraders from 8.04 Hardy Heron to 8.10 ====If you experience an error "unable to find valid VPN secrets", youneed to delete your saved password. Go to Applications → Passwords andEncryption Keys, then go to the Passwords tab and delete the entry foryour VPN password (e.g., "VPN password secret for VT PPTP VPN..."). Nowleft-click the NetworkManager applet icon, select the VT PPTP VPN, andenter your VPN password.~~[[Category:Needs restoration]]

Chir0075

1

edit

Linux and Unix Users Group at Virginia Teck Wiki β

Changes

Proxies and VPN

Linux and Unix Users Group at Virginia Teck Wiki ^β