VPN on Linux

From COEHELP

(Difference between revisions)
Jump to: navigation, search
 
(7 intermediate revisions not shown)
Line 1: Line 1:
==== Install and set up the GlobalProtect VPN client on a Linux computer - Faculty-Staff Settings ====
==== Install and set up the GlobalProtect VPN client on a Linux computer - Faculty-Staff Settings ====
-
''Note: these instructions were copied from the Knowledge Base on the ITS web site.  Please go to [http://www.northeastern.edu/its/howto/vpn http://www.northeastern.edu/its/howto/vpn] for the latest version of these instructions.''
+
''Note: these instructions were copied from the Knowledge Base on the ITS web site.  Please go to [http://www.northeastern.edu/its/howto/globalprotect-linux http://www.northeastern.edu/its/howto/globalprotect-linux] for the latest version of these instructions.''
Solution: Northeastern uses the Palo Alto GlobalProtect VPN (Virtual Private Network) for securing off-campus access to certain on-campus resources. You must install the GlobalProtect client on your computers and devices to access those resources.
Solution: Northeastern uses the Palo Alto GlobalProtect VPN (Virtual Private Network) for securing off-campus access to certain on-campus resources. You must install the GlobalProtect client on your computers and devices to access those resources.
Line 15: Line 15:
* Use the following settings under the VPN tab:
* Use the following settings under the VPN tab:
-
   gateway - 129.10.4.36
+
   gateway - XXX.XXX.XXX.XXX
   group - XXXX
   group - XXXX
   group password - XXXX
   group password - XXXX
-
NOTE: These settings are ONLY for faculty, staff and Sponsored Account holders. Students have separate settings. If you have students who need VPN access, tell them to sign in to myKnowledge and search for "GlobalProtect" to find the Linux installation and setup instructions.
+
''NOTE:'' The above settings '''MUST''' be obtained directly from the ITS Knowledge Base. Go to [http://www.northeastern.edu/its/howto/globalprotect-linux http://www.northeastern.edu/its/howto/globalprotect-linux] for directions on how to access the KnowledgeBase article.
By default the VPN client tunnels all traffic through the firewall. This is purely a client issue. The client does allow you to "split-tunnel" and send only the required routes through the tunnel. This can be done by editing the properties of the VPN connection, browsing to the IPv4 tab and selecting the Routes button.
By default the VPN client tunnels all traffic through the firewall. This is purely a client issue. The client does allow you to "split-tunnel" and send only the required routes through the tunnel. This can be done by editing the properties of the VPN connection, browsing to the IPv4 tab and selecting the Routes button.
Line 28: Line 28:
   155.33.0.0    255.255.0.0    129.10.4.36
   155.33.0.0    255.255.0.0    129.10.4.36
-
As of Jan. 30, 2015, the following applications that will require the VPN in order to function properly:
+
As of Jan. 30, 2015, the following applications will require the VPN in order to function properly.  This list was last updated on 1/23/2015.
-
AirDroid
+
* AirDroid
-
Apple Remote Desktop
+
* Apple Remote Desktop
-
Avocent
+
* Avocent
-
BeInSync
+
* BeInSync
-
Dell Remote Access Card (DRAC)
+
* Dell Remote Access Card (DRAC)
-
DeskShare
+
* DeskShare
-
eklogin
+
* eklogin
-
exhelp
+
* exhelp
-
Glide
+
* Glide
-
Jump Desktop
+
* Jump Desktop
-
klogin
+
* klogin
-
Layer 2 Tunneling Protocol (L2TP)
+
* Layer 2 Tunneling Protocol (L2TP)
-
Mocha RDP
+
* Mocha RDP
-
Mosh (Mobile Shell)
+
* Mosh (Mobile Shell)
-
Microsoft Hyper-V Virtual Machine Connection
+
* Microsoft Hyper-V Virtual Machine Connection
-
Microsoft Remote Desktop Protocol (RDP)
+
* Microsoft Remote Desktop Protocol (RDP)
-
PC Anywhere
+
* PC Anywhere
-
PC-over-IP (PCoIP)
+
* PC-over-IP (PCoIP)
-
Pocket Controller Pro for Windows
+
* Pocket Controller Pro for Windows
-
Point-to-Point Tunneling Protocol (PPTP)
+
* Point-to-Point Tunneling Protocol (PPTP)
-
Rexec
+
* Rexec
-
vR-services
+
* vR-services
-
Radmin
+
* Radmin
-
RDM+ Remote Desktop
+
* RDM+ Remote Desktop
-
rlogin
+
* rlogin
-
Remote Shell (rsh)
+
* Remote Shell (rsh)
-
ScreenConnect
+
* ScreenConnect
-
Synergy
+
* Synergy
-
TeamViewer (direct IP-IP)
+
* TeamViewer (direct IP-IP)
-
Telnet
+
* Telnet
-
VNC
+
* VNC
-
Webot
+
* Webot
-
webRDP
+
* webRDP
-
X Font Server
+
* X Font Server
-
X11
+
* X11
-
XDMCP
+
* XDMCP

Latest revision as of 10:47, 23 January 2015

Install and set up the GlobalProtect VPN client on a Linux computer - Faculty-Staff Settings

Note: these instructions were copied from the Knowledge Base on the ITS web site. Please go to http://www.northeastern.edu/its/howto/globalprotect-linux for the latest version of these instructions.

Solution: Northeastern uses the Palo Alto GlobalProtect VPN (Virtual Private Network) for securing off-campus access to certain on-campus resources. You must install the GlobalProtect client on your computers and devices to access those resources.

Details: NOTE: This software has only been officially tested on Ubuntu and CentOS distributions. The VPN software uses community-based vpnc software, please direct support questions about the actual client to your distribution's support channels.

The following documentation is based on Ubuntu 14.04 LTS

  • Install Network Manager Applet via the command line: sudo apt-get install vpnc network-manager-vpnc
  • Right click on the network manager icon on the top right corner of the screen and select the "Networks Settings" option.
  • Click the icon to add a new connection.
  • Select the VPN interface type and click on create (Choose Cisco Compatible VPN).
  • Use the following settings under the VPN tab:
  gateway - XXX.XXX.XXX.XXX
  group - XXXX
  group password - XXXX

NOTE: The above settings MUST be obtained directly from the ITS Knowledge Base. Go to http://www.northeastern.edu/its/howto/globalprotect-linux for directions on how to access the KnowledgeBase article.

By default the VPN client tunnels all traffic through the firewall. This is purely a client issue. The client does allow you to "split-tunnel" and send only the required routes through the tunnel. This can be done by editing the properties of the VPN connection, browsing to the IPv4 tab and selecting the Routes button.

Make sure to select the option "Use this connection only for resources on its network." You will also need to enter the routes manually in the table.

 129.10.0.0     255.255.0.0    129.10.4.36
 155.33.0.0     255.255.0.0    129.10.4.36

As of Jan. 30, 2015, the following applications will require the VPN in order to function properly. This list was last updated on 1/23/2015.

  • AirDroid
  • Apple Remote Desktop
  • Avocent
  • BeInSync
  • Dell Remote Access Card (DRAC)
  • DeskShare
  • eklogin
  • exhelp
  • Glide
  • Jump Desktop
  • klogin
  • Layer 2 Tunneling Protocol (L2TP)
  • Mocha RDP
  • Mosh (Mobile Shell)
  • Microsoft Hyper-V Virtual Machine Connection
  • Microsoft Remote Desktop Protocol (RDP)
  • PC Anywhere
  • PC-over-IP (PCoIP)
  • Pocket Controller Pro for Windows
  • Point-to-Point Tunneling Protocol (PPTP)
  • Rexec
  • vR-services
  • Radmin
  • RDM+ Remote Desktop
  • rlogin
  • Remote Shell (rsh)
  • ScreenConnect
  • Synergy
  • TeamViewer (direct IP-IP)
  • Telnet
  • VNC
  • Webot
  • webRDP
  • X Font Server
  • X11
  • XDMCP
Personal tools