=Proxies=
== Web Proxy ==
If you're just looking to access library resources like subscription journals, you can make use of the library's [http://www.lib.vt.edu/help/extended/extproxy.html web-based proxy].
If you're looking for a quick and dirty way to obtain a VT IP, you can run a [[Secure Shell#Tunneling|secure shell socks proxy]] using a [[CVL]] (ECE) or [[rlogin]] (CS) shell account.
== VPN ==If Connecting to the Internet through Virginia Tech's [http://en.wikipedia.org/wiki/Virtual_private_network Virtual Private Network] (VPN) is the only officially advertised and supported method of accessing certain resources such as [http://network.software.vt.edu/ VT Network Software] from off-campus. Alternatively, you are looking for information on how can use '''SSH tunnels''' or proxies to obtain a Virginia Tech IP address. To connect to Virginia Tech's VPNservice you have two options:#Use the graphical [https://4help.vt.edu/sp?id=kb_article&sysparm_article=KB0016112 Cisco Secure client] offered. To install and use this application see their KB by clicking that link to the left.#Setup OpenConnect for the CLI option. Which is detailed below. (There may be a way to tie this into the Network Manager GUI tool, please but I haven't gone that far yet) === OpenConnect Install === There is a bug ( ''Cisco Anyconnect STRAP channel bindings with TLSv1.3 (#659)'' ) in the [[repo versions that prevents OpenConnect from connecting to VT's VPN]] pageservice. This was fixed in the HEAD branch, but that means we need to build and install it from source. The In the following information instructions whenever you see <span style="color:#FF0000">USERNAME</span>, replace this with your Linux system's username. I want to also note that these instructions were tested on Ubuntu linux with the Firefox browser. If you have something different you may be out need to modify the below instructions to work with your distro. '''Build OpenConnect --HEAD from source and configure system''' Install GIT if it is not already installed on the system: <pre>sudo apt-get install git</pre> Then clone the source code for OpenConnect --HEAD: <pre>cd $HOMEgit clone git://git.infradead.org/users/dwmw2/openconnect.git</pre> The next step is to install required dependencies, then build and install OpenConnect. The script below handles all those tasks. You can copy the below code into a file and run as a script or you can run each command individually in a terminal if you so choose. <pre>#!/bin/bash # Install dependenciessudo apt install \ build-essential gettext autoconf automake libproxy-dev \ libxml2-dev libtool vpnc-scripts pkg-config zlib1g-dev \ libp11-kit-dev libp11-dev libssl-dev # Buildcd openconnect./autogen.sh./configuremake && make checksudo make install && sudo ldconfig # Verifyopenconnect --version</pre> Next download the latest vpnc-script for OpenConnect and make executable. <pre>cd $HOMEwget https://gitlab.com/openconnect/vpnc-scripts/raw/master/vpnc-scriptchmod 744 vpnc-script</pre> The command that gets used to connect to the VPN has one portion that requires the use of sudo for the vpnc-script. The sudo credentials prompt tends to get buried in all of date OpenConnect’s message output to the terminal window. We can add a line to the sudoers file to avoid getting prompted. Open the sudoers file for editing with the following command: <pre>sudo visudo</pre>(or inaccurate but ''sudo vi /etc/sudoers'' if that is your preference) Now add the following line to end of the sudoers file to allow the user to run the vpnc-script without being prompted for an admin password: <code><span style="color:#FF0000">USERNAME</span> ALL=(ALL) NOPASSWD: SETENV: /home/<span style="color:#FF0000">USERNAME</span>/vpnc-script</code> As the user account does not have permission to create the required /var/run/vpnc directory (and this directory gets deleted every reboot) we need to run the following command to have the system create the directory for us at boot and set some proper permissions: <pre>echo "d /run/vpnc 770 root netdev - -" | sudo tee /etc/tmpfiles.d/vpnc.conf</pre> Add the user to the groups netdev and kvm so they have proper permissions to access certain files and directories: <code>sudo usermod -a -G kvm <span style="color:#FF0000">USERNAME</span></code><br /><code>sudo usermod -a -G netdev <span style="color:#FF0000">USERNAME</span></code> We need to create a TUN/TAP interface device so that it is ready to use by the user and OpenConnect when connecting to the VPN. If we don’t do this OpenConnect will fail as it cannot create this interface for us since it is getting run by the non-root user account. We can have the system create a tun interface at boot for us by creating the following file: <pre>cd /etc/systemd/network/sudo vi 90-tun0.netdev</pre> Then add the following to this file: <code> [NetDev]<br />Name=tun0<br />Kind=tun<br /> [TUN]<br />Mode=tun<br />User=<span style="color:#FF0000">USERNAME</span></code> Now enable the system-networkd service: <pre>sudo systemctl enable systemd-networkd</pre> And to be retained safe that everything has taken affect lets do a '''restart of the system'''. '''Connecting to the Cisco Secure VPN''' Below are the commands for connecting to the time being for posteritydifferent VPN Realms (VT-Traffic or All-Traffic): Connect to '''VT-Traffic''': <code>openconnect --server=<nowiki>https://vpn.vt.edu/VT-Traffic</nowiki> --useragent=AnyConnect -s 'sudo -E /home/<span style="color:#FF0000">USERNAME</span>/vpnc-script' --external-browser /usr/bin/firefox -i tun0</code> Connect to '''All-Traffic''': <code>openconnect --server=<nowiki>https://vpn.vt.edu/All-Traffic</nowiki> --useragent=AnyConnect -s 'sudo -E /home/<span style="color:#FF0000">USERNAME</span>/vpnc-script' --external-browser /usr/bin/firefox -i tun0</code>
=== Using Ubuntu or Debian ===<ol><li> Install the [http://www.gnome.org/projects/NetworkManager/ Network Manager] applet if If you do not already have it.</li><li> Install the '''network-manager-pptp''' package for your distribution.</li></ol>From here want to make things easier to type each time you will need to configure the VPN somewhat differentlydepending on your version of NetworkManager. To see your version ofNetworkManagerconnect, right click add the NetworkManager applet on your upperpanelabove commands as shell aliases. The nm-applet looks like one of the following, depending on ifyour connected:
<table border="1">
<tr><th>Not Connected <Once you've run the above command and done the Single-Sign On/th><th> Connected</th></tr><tr><td><a href="http://www.vtluug.org/wiki/index.php?title=Image:Nm_not_connected.png" class="image" title="Image:nm_not_connected.png"><img alt="Image:nm_not_connected.png" src="VPN_files/Nm_not_connected.html" height="24" width="24" border="0"></a> </td><td> <a href="http://www.vtluug.org/wiki/indexTwo-Factor authentication in the browser window that opens, you should be connected to the VPN.php?title=Image:Nm_connected Just leave the terminal window open that you ran the openconnect command in initially to maintain the VPN connection.png" class="image" title="Image:nm_connected.png"><img alt="Image:nm_connected.png" src="VPN_files/Nm_connected.html" height="22" width="22" border="0"></a></td></tr></table>
==== NetworkManager 0.6 (Ubuntu 8.04 Hardy Heron) ====
<ol><li> Click the Network Manager applet in your panel.
</li><li> Under '''VPN Connections''', select '''Configure VPN...'''.
</li><li> Click the '''Add''' button.
</li><li> Click '''Forward'''.
</li><li> Click '''Forward''' again.
</li><li> In the '''Connection Name''' box, type <code>VT PPTP VPN</code>.
</li><li> In the '''Gateway''' box, type <code>pptp.cns.vt.edu</code>
</li><li> At the top, click the '''Authentication''' tab.
</li><li> Check the box labeled '''Refuse CHAP'''.
</li><li> Click '''Forward'''.
</li><li> Click '''Apply'''.
</li><li> Restart Network Manager with the following commands:
</li></ol>
<code></code><pre>sudo /etc/dbus-1/event.d/25NetworkManager restart
sudo /etc/dbus-1/event.d/26NetworkManagerDispatcher restart</pre>
==== NetworkManager 0.7 (Ubuntu 8.10 Intrepid Ibex) ====
<ol><li> Click the NetworkManager applet → VPN Connections → Configure VPN
</li><li> Go to the VPN tab
</li><li> Click Add
</li><li> You will be asked to choos a VPN connection type. Select Point-to-Point Tunneling Protocol (PPTP) and click Create
</li><li> Enter the following and click OK:
</li></ol>
<table align="center" border="1">
<tr><th>Connection name</th><td>VT PPTP VPN (really, can be whatever you like)</td></tr><tr><th>Gateway</th><td>pptp.cns.vt.edu</td></tr><tr><th>User name</th><td>''your PID''</td></tr><tr><th>Password</th><td>''your Disconnecting from the VPN password''</td></tr><tr><th>NT Domain</th><td>''(blank)''</td></tr></table>
==== Connecting Disconnecting is pretty simple. When done use Ctrl-C in the same terminal window that OpenConnect is running and allow a few seconds for it to close the VPN ====<ol><li> Click the Network Manager applet in your panel.</li><li> Under '''VPN Connections''', select '''VT PPTP VPN'''</li><li> Log in using your Remote Access IDconnection and return to a terminal prompt.</li></ol>
==IPsec== Ubuntu upgraders from 8.04 Hardy Heron to 8.10 ====If you experience an error "unable to find valid VPN secrets", youneed to delete your saved password. Go to Applications → Passwords andEncryption Keys, then go to the Passwords tab and delete the entry foryour VPN password (e.g., "VPN password secret for VT PPTP VPN..."). Nowleft-click the NetworkManager applet icon, select the VT PPTP VPN, andenter your VPN password.See [[IPsec]]
[[Category:Howtos]]
[[Category:Round 2 migrationSoftware]][[Category:VTLUUG:Projects]][[Category:Needs restoration]]