pub:conf-vpn-en
Differenze
Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.
Entrambe le parti precedenti la revisioneRevisione precedenteProssima revisione | Revisione precedenteUltima revisioneEntrambe le parti successive la revisione | ||
pub:conf-vpn-en [2015/12/17 07:22] – m.fiorazzo@unitn.it | pub:conf-vpn-en [2019/11/05 09:34] – m.fiorazzo@unitn.it | ||
---|---|---|---|
Linea 1: | Linea 1: | ||
====== Instructions for the new VPN UNITN service ====== | ====== Instructions for the new VPN UNITN service ====== | ||
- | **NOTE:** for MacosX Yosemite only Junos Pulse is supported\\ | + | The VPN service allows access to internal resources of the UniTN network from external locations. |
- | **NOTE2:** after the upgrade to MacosX El Capitan it may be necessary to delete the Junos Pulse connection and recreate it from scratch - DO NOT save the password in the connection profile ! | + | |
- | + | ||
- | The VPN service allows access to internal resources of the University | + | |
It is based on SSL encryption. | It is based on SSL encryption. | ||
- | For the usage and configuration, | + | For the usage and configuration |
^Operating System^Supported Client^Instructions^ | ^Operating System^Supported Client^Instructions^ | ||
- | |Linux|Network Connect|[[pub: | + | |Windows, Macosx|Pulse Secure|[[pub: |
- | |Linux | + | |Linux|Pulse |
- | |Macosx, Windows|Junos Pulse|[[pub: | + | |Mobile |
- | |Mobile | + | |
+ | **NEWS:** | ||
+ | The new version for linux (5.3r4.1) is 64bit native and provide a stable connection. | ||
- | ===== Windows | + | ===== MACOSX, |
- | ==== Installing the Network Connect client ==== | + | ^Pulse Secure Download^ |
+ | |{{: | ||
+ | |{{: | ||
+ | |{{: | ||
+ | |{{: | ||
+ | |{{: | ||
+ | |{{: | ||
+ | |{{: | ||
- | Before being able to use the service, you need to install | + | For Mac and Safari: Warning !!! Be sure that your browser is saving |
- | ** NOTE: ** | + | After the installation, launch |
- | * ** Before starting, it is recommended | + | |
- | * ** The PC must have a correct proxy configuration: | + | |
- | To install " | + | {{:pub: |
- | === 1) MANUAL MODE === | + | Create a new connection by clicking the ' |
- | **REQUISITES:** | + | {{:pub: |
- | * Administrator rights (Windows), root privileges (Linux / Mac) | + | |
- | **INSTRUCTIONS: | + | To start the connection, click on <Connect>\\ |
- | * Manually download, from the links below, the " | + | |
- | ^Operative System^Download link^ | + | {{:pub:vpn:3_pulse_connetti.png|}} |
- | |Windows 32bit|[[https:// | + | |
- | |Windows 64bit|[[https:// | + | |
- | |Linux|[[https:// | + | |
- | For Mac and Safari: Warning !!! Be sure that your browser is saving | + | Fill the form with the username |
- | ^Operative System^Download link^ | + | {{:pub:vpn:4_pulse_password.png|}} |
- | |Mac OS X|[[https:// | + | |
+ | The connection is established, | ||
- | * Run the downloaded installation package on your PC | + | {{:pub: |
- | * NB: you will need Administrator rights (Windows), root privileges (Linux / Mac) | + | |
- | === 2) " | + | You can see the Pulse Secure notification icon in the lower right area:\\ |
- | **REQUISITES:** | + | {{:pub:vpn:6_pulse_bar.png|}} |
- | * Administrator rights (Windows), root privileges (Linux / Mac) | + | |
- | * Browser with Java JRE 6 or higher installed and running | + | |
- | * after Java 7u51 update, you need to add a security exception in the Java Control Panel under " | + | |
- | * Verification and updating Java installation: http:// | + | |
- | * Java installation instructions: | + | |
- | * For Ubuntu Linux + Firefox you have to install the IcedTea-Web Plugin (via Firefox Add-ons Manager) and OpenJDK 6 or 7 (via apt-get see below) | + | |
- | **NOTE FOR LINUX 64bit:** | + | You can show a status window from File-> |
- | * Linux 64bit is currently only supported with 32bit client then you also need the 32bit Java version | + | |
- | * On Ubuntu Linux 64bit (12.0.4) you have to install the openjdk 6 or 7 (32bit) with this command: "sudo apt-get install openjdk-6-jre: | + | |
- | **INSTRUCTIONS: | + | {{:pub:vpn:7_pulse_connessione_ok_status.png|}} |
- | * Connect with a browser at [[https:// | + | |
- | * click on " | + | |
- | + | ||
- | {{:pub:vpn:start.png? | + | |
- | + | ||
- | * " | + | |
- | + | ||
- | **ONLY FOR WINDOWS: | + | |
- | * To confirm the connection, in the notification area at the bottom right (next to clock) you will see a icon like this: {{: | + | |
- | + | ||
- | + | ||
- | ==== Using the Network Connect client ==== | + | |
- | + | ||
- | Once the Network Connect client has been installed with one of the previous mode, for further connections, | + | |
- | + | ||
- | ** NOTE: ** | + | |
- | * ** Before starting, it is recommended the elimination of the old vpn connection (if any) ** | + | |
- | * ** The PC must have a correct proxy configuration: | + | |
- | + | ||
- | At this point, just perform these 3 simple steps: | + | |
- | + | ||
- | - Insert the connection URL (Sign-in Page): **< | + | |
- | - Enter username and password (University credentials) | + | |
- | - Click " | + | |
- | + | ||
- | {{: | + | |
- | In a few seconds you will be connected to the VPN session. | + | ===== Linux Pulse Secure Client ===== |
- | **ONLY FOR WINDOWS:** | + | **NEWS:** |
- | * To confirm the connection, in the notification area at the bottom right (next to clock) you will see a icon like this: {{: | + | The new version for linux (5.3r3) is 64bit native and provide |
- | * By double clicking the icon, you can view the connection information: | + | |
- | {{: | + | ^Pulse Secure for Linux Download^ |
+ | |{{:pub:vpn: | ||
+ | |{{:pub:vpn:ps-pulse-linux-5.3r7.0-b919-ubuntu-debian-32-bit-installer.deb|Linux Ubuntu (> 14.04) 32bit Pulse Secure 5.3R7 (Jan 2019)}}| | ||
+ | |{{: | ||
+ | |{{: | ||
+ | |{{: | ||
+ | |{{: | ||
- | **NB: ** you can always make the connection by accessing via browser by repeating | + | Download |
- | ===== Using the Network Connect client from the command line (Linux) | + | Debian-based |
- | After the succesful installation of Network Connect, you can connect directly from the command line, the files are in the directory / | + | dpkg -i <package name> |
- | if you can't find this directory, you can download and extract this archive: {{: | + | RPM-based Linux (CentOS): |
- | Follow this procedure (tested on Ubuntu 64bit 12.0.4):\\ | + | rpm -ivh <package name> |
- | * 1) move to the directory | + | For example, if the Pulse Linux client is saved in /$HOME/Downloads on Ubuntu, then the command would be: |
< | < | ||
- | user@linux: | + | sudo dpkg -i /$HOME/Downloads/ |
</ | </ | ||
- | * 2) Download | + | Install |
< | < | ||
- | user@linux:home/user/.juniper_networks/ | + | user@host:~$ sudo /usr/local/pulse/PulseClient.sh install_dependency_packages |
</ | </ | ||
- | * 3a) to establish | + | if you want to launch |
< | < | ||
- | user@linux:home/ | + | export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pulse |
- | Searching for ncsvc in current working directory done | + | |
- | Password: | + | |
</ | </ | ||
- | * 3b) to establish | + | Or you can launch Pulse from your Applications by clicking on the Pulse icon. |
- | < | + | - Main screen |
- | user@linux: | + | |
- | Password: | + | |
- | Connecting to vpn-ssl.unitn.it : 443 | + | |
- | </ | + | |
- | * 4) Check and verify the connection status: | + | {{:pub: |
- | < | + | - Create the connection: |
- | user@linux:home/ | + | |
- | 8: tun0: < | + | |
- | link/none | + | |
- | inet 10.31.0.36/ | + | |
- | </ | + | |
- | ===== MACOSX 10.9 Maverick, Windows (Junos Pulse) ===== | + | {{: |
- | As an alternative to Network Connect, for MACOSX (>10.6) and Windows it is possible to download and use Junos Pulse following the instructions below (screenshots taken from MACOSX 10.9)\\ | + | - Login: |
- | **NB: for MacOSX 10.9 Maverick Junos Pulse is the ONLY supported client** \\ | + | {{:pub: |
- | ^Junos Pulse Download^ | + | |
- | |{{: | + | |
- | |{{:pub: | + | |
- | |{{: | + | |
- | For Mac and Safari: Warning !!! Be sure that your browser is saving the file with .dmg extension (and not .exe) as " | + | {{:pub: |
- | After the installation, launch the Junos Pulse Application, | + | If you don't want to use the UI, use the following command to launch the VPN client (you will be asked for the UniTN password): |
+ | < | ||
+ | / | ||
+ | </ | ||
- | {{:pub:vpn: | + | Foe example:: |
- | Create a new connection by clicking | + | < |
+ | user@host: | ||
+ | Reading package lists... Done | ||
+ | Building dependency tree | ||
+ | Reading state information... Done | ||
+ | lib32z1 is already | ||
+ | libc6-i386 is already | ||
+ | 0 upgraded, 0 newly installed, 0 to remove and 557 not upgraded. | ||
+ | executing command : / | ||
+ | VPN Password: | ||
+ | </ | ||
- | {{:pub:vpn:2_pulse_crea_connessione.png|}} | + | After few seconds the vpn connection is established, |
- | To start the connection, click on <Connect>\\ | + | <code> |
+ | user@host: | ||
- | {{:pub: | + | Connection Status |
- | Fill the form with the username (@unitn.it) and password: (DO NOT save password with MacOSX El Captain\\ | + | |
+ | bytes sent : 1722 | ||
+ | bytes received : 2586 | ||
+ | | ||
+ | | ||
+ | Comp Type : None | ||
+ | | ||
+ | </ | ||
- | {{: | + | To kill the connection: |
- | + | ||
- | The connection | + | |
- | + | ||
- | {{: | + | |
- | + | ||
- | On the top you can see the Junos Pulse menu bar with the status icon:\\ | + | |
- | + | ||
- | {{: | + | |
- | + | ||
- | You can show a status window from File-> | + | |
- | + | ||
- | {{: | + | |
- | + | ||
- | It is possible to verify the assigned vpn ip from a terminal window with the ' | + | |
< | < | ||
- | MAC user$ ifconfig | + | user@host:~$ / |
- | lo0: flags=8049< | + | |
- | .... | + | |
- | .... | + | |
- | utun0: flags=8051< | + | |
- | inet 10.31.101.10 | + | |
</ | </ | ||
===== Mobile Devices ===== | ===== Mobile Devices ===== | ||
- | **REQUISITES** | + | **REQUISITI** |
- | * iPhone, iPod Touch, iPad (iOS 5.0, | + | * iPhone, iPod Touch, iPad |
* Android devices 4.0 or higher | * Android devices 4.0 or higher | ||
* Windows Mobile 6.5 | * Windows Mobile 6.5 | ||
- | **INSTRUCTIONS: | + | **INSTRUCTIONS: |
- | * Install the app "Junos Pulse" from ther App Store or Google Play | + | * Install the app " |
- | * Start the application "Junos Pulse" | + | * Start the application " |
- | {{:pub:vpn:screenshot_2013-03-01-13-05-09.png?200|}} | + | {{:pub:vpn:1_pulse_secure_mobile.png?200|}} |
* Create a new connection by entering: | * Create a new connection by entering: | ||
Linea 219: | Linea 174: | ||
* Touch on " | * Touch on " | ||
- | {{:pub:vpn:screenshot_2013-03-01-13-06-42_2.png?200|}} | + | {{:pub:vpn:2_pulse_secure_mobile_connessione.png?200|}} |
* Tap on " | * Tap on " | ||
- | {{:pub:vpn:screenshot_2013-03-01-13-07-12.png? | + | {{:pub:vpn:4_pulse_secure_mobile_connetti.png? |
- | {{:pub:vpn:screenshot_2013-03-01-13-07-45.png? | + | {{:pub:vpn:3_pulse_secure_mobile_login.png?200|}} |
- | {{: | + | |
- | * At this point the connection is established, | + | * after a while, |
- | {{:pub:vpn:screenshot_2013-03-01-13-08-09.png? | + | {{:pub:vpn:5_pulse_secure_mobile_connesso_ok.png? |
- | {{:pub:vpn:screenshot_2013-03-01-13-08-17.png?200|}} | + | {{:pub:vpn:6_pulse_secure_mobile_status.png?200|}} |
- | * At the end of the session, to end the connection, tap on " | + | * to terminate |
===== Features of vpn-ssl service ===== | ===== Features of vpn-ssl service ===== | ||
Linea 245: | Linea 199: | ||
NB: the routing change doesn' | NB: the routing change doesn' | ||
+ | |||
==== User-side Firewall rules ==== | ==== User-side Firewall rules ==== | ||
VPN traffic is encrypted in SSL and uses TCP destination port 443. For the ESP mode (which increases performance) you must open the UDP destination port 4500 too. | VPN traffic is encrypted in SSL and uses TCP destination port 443. For the ESP mode (which increases performance) you must open the UDP destination port 4500 too. | ||
- | |||
- | ==== Supported clients ==== | ||
- | |||
- | ^Platform^SO^Browsers and Java Environment^ | ||
- | |Windows|- Windows 8 on 32-bit or 64-bit platforms.- Windows 8 Enterprise on 32-bit. \\ - Windows 7 on 32-bit or 64-bit platforms \\ - Windows 7 SP1 Enterprise on 32-bit \\ - Windows Vista on 32-bit or 64-bit platforms \\ - Windows XP with SP3 on 32 bit|- Internet Explorer 10 \\ - Internet Explorer 9.0 \\ - Internet Explorer 8.0 \\ - Internet Explorer 7.0 \\ - Firefox 3.0 and above including FF10 \\ - Oracle JRE 6 and above| | ||
- | |Mac|- Mac OS X 10.6.x, 32 bit and 64 bit \\ - Mac OS X 10.7.x, 32 bit \\ - Mac OS X 10.8.x, 32 bit|- Safari 6.0 Sun JRE 6 \\ - Safari 5.1 Sun JRE 6 \\ - Safari 5.0 Sun JRE 6| | ||
- | |Linux|- OpenSuse 10.x and 11.x \\ - Ubuntu 9.10, 10.x and 11.x \\ - Red Hat Enterprise Linux 5|- Firefox 3.0 and above \\ - Oracle JRE 6 and above| | ||
- | |Solaris|- Solaris 10, 32 bit only|- Mozilla 2.0 and above| | ||
- | **NOTE:**\\ \\ | ||
- | 1) IE 10 is supported in Windows 8 Desktop Mode on Windows 8\\ | ||
- | 2) 32 bit Network Connect is supported only on the following distributions: | ||
- | ^Platform^Operating System^Browsers and Java Environment^ | ||
- | |Linux|- Ubuntu 12.04 LTS \\ - OpenSUSe 12.1 \\ - Fedora 17|- FireFox 10-ESR \\ - Oracle JRE 6 and 7 \\ - IcedTea-Web 1.2 with OpenJDK 6 and 7| | ||
- | |||
- | Other operating systems, browsers and versions of Java, it may work by requiring, in some cases, possible interventions configuration on the client. | ||
- |