Differenze

Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.

--- pub:conf-vpn-en [2015/12/17 07:22] – m.fiorazzo@unitn.it
+++ pub:conf-vpn-en [2019/11/05 09:34] – m.fiorazzo@unitn.it
@@ Linea 1: / Linea 1: @@
 ====== Instructions for the new VPN UNITN service ======
-**NOTE:** for MacosX Yosemite only Junos Pulse is supported\\
+The VPN service allows access to internal resources of the UniTN network from external locations.
-**NOTE2:** after the upgrade to MacosX El Capitan it may be necessary to delete the Junos Pulse connection and recreate it from scratch - DO NOT save the password in the connection profile !
-The VPN service allows access to internal resources of the University network from external locations.
 It is based on SSL encryption.
-For the usage and configuration, visit the right section:
+For the usage and configuration of the VPN you have to install Pulse Secure, visit the right section:
 ^Operating System^Supported Client^Instructions^
-|Linux|Network Connect|[[pub:conf-vpn-en#windows_mac_linux_pcs|Network Connect]]|
+|Windows, Macosx|Pulse Secure|[[pub:conf-vpn-en#macosx_windows_pulse_secure|Pulse Secure Desktop]]|
-|Linux from command line (shell)|Network Connect|[[pub:conf-vpn-en#using_the_network_connect_client_from_the_command_line_linux|Network Connect (command line)]]|
+|Linux|Pulse Secure|[[pub:conf-vpn-en#linux_pulse_secure_client|Pulse Secure Linux]]|
-|Macosx, Windows|Junos Pulse|[[pub:conf-vpn-en#macosx_109_maverick_windows_junos_pulse|Junos Pulse]]|
+|Mobile devices (Smartphone & Tablet)|Pulse Secure|[[pub:conf-vpn-en#dispositivi_mobili|Pulse Secure Mobile]]|
-|Mobile Devices (Smartphone & Tablet)|Junos Pulse|[[pub:conf-vpn-en#mobile_devices|Junos Pulse App]]|
+**NEWS:**
+The new version for linux (5.3r4.1) is 64bit native and provide a stable connection.
-===== Windows / MAC / Linux PCs =====
+===== MACOSX, Windows (Pulse Secure) =====
-==== Installing the Network Connect client ====
+^Pulse Secure Download^
+|{{:pub:vpn:ps-pulse-win-5.3R7.0-b1933-64bitinstaller.msi|Windows 7/8/10 (64bit) Pulse Secure 5.3R7 (Jan 2019)}}|
+|{{:pub:vpn:ps-pulse-win-5.3R7.0-b1933-32bitinstaller.msi|Windows 7/8/10 (32bit) Pulse Secure 5.3R7 (Jan 2019)}}|
+|{{:pub:ps-pulse-win-5.0r15.1-b61501-32bitinstaller.msi|Windows Vista 32bit Pulse Secure 5.0R15}}|
+|{{:pub:ps-pulse-win-5.0r15.1-b61501-64bitinstaller.msi|Windows Vista 64bit Pulse Secure 5.0R15}}|
+|{{:pub:vpn:ps-pulse-mac-5.3R7.0-b1933-installer.dmg|MACOSX (> 10.10) Pulse Secure 5.3R7 (Jan 2019)}} (*)|
+|{{:pub:vpn:ps-pulse-mac-5.3r3.0-b1021-installer.dmg|MACOSX (> 10.6) Pulse Secure 5.3R3}} (*)|
+|{{:pub:vpn:ps-pulse-mac-9.1r3.0-b1313-installer.dmg|MACOSX Catalina Pulse Secure 9.1r3}} (*)|
-Before being able to use the service, you need to install the "Network Connect" client.
+For Mac and Safari: Warning !!! Be sure that your browser is saving the file with .dmg extension (and not .exe) as "pulse.dmg". \\
-** NOTE: **
+After the installation, launch the Pulse Secure Application, the main screen appears:\\
-  * ** Before starting, it is recommended the elimination of the old vpn connection (if any)  **
-  * ** The PC must have a correct proxy configuration: proxy automatically configured by http://proxypac.unitn.it (internal networks) or no proxy (external networks ES: home ADSL) **
-To install "Network Connect" on your PC there are 2 possible ways:
+{{:pub:vpn:1_pulse_avvio.png|}}
-=== 1) MANUAL MODE ===
+Create a new connection by clicking the '+' sign and entering the following parameters:\\
-**REQUISITES:**
+{{:pub:vpn:2_pulse_crea_connessione.png|}}
-  * Administrator rights (Windows), root privileges (Linux / Mac)
-**INSTRUCTIONS:**
+To start the connection, click on <Connect>\\
-  * Manually download, from the links below, the "Network Connect" client suitable for your operating system: \\
-^Operative System^Download link^
+{{:pub:vpn:3_pulse_connetti.png|}}
-|Windows 32bit|[[https://wiki.unitn.it/_media/pub:vpn:ncinst.exe|Network Connect 8.0R11 (build 36363)]]|
-|Windows 64bit|[[https://wiki.unitn.it/_media/pub:vpn:ncinst64.exe|Network Connect 8.0R11 (build 36363)]]|
-|Linux|[[https://wiki.unitn.it/_media/pub:vpn:ncui-7.3r3.i386.rpm|Network Connect 8.0R11 (build 36363)]]| \\
-For Mac and Safari: Warning !!! Be sure that your browser is saving the file with .dmg extension (and not .exe) as "networkconnect.dmg". \\
+Fill the form with the username (@unitn.it) and password:\\
-^Operative System^Download link^
+{{:pub:vpn:4_pulse_password.png|}}
-|Mac OS X|[[https://wiki.unitn.it/_media/pub:vpn:networkconnect.dmg|Network Connect 8.0R11 (build 36363)]]|
+The connection is established, you can stop the vpn clicking on <Disconnect>\\
-  * Run the downloaded installation package on your PC
+{{:pub:vpn:5_pulse_connessione_ok.png|}}
-  * NB: you will need Administrator rights (Windows), root privileges (Linux / Mac)
-=== 2) "WEB" MODE ===
+You can see the Pulse Secure notification icon in the lower right area:\\
-**REQUISITES:**
+{{:pub:vpn:6_pulse_bar.png|}}
-  * Administrator rights (Windows), root privileges (Linux / Mac)
-  * Browser with Java JRE 6 or higher installed and running
-      * after Java 7u51 update, you need to add a security exception in the Java Control Panel under "Security=>Exeption Site list” and add the URL https://vpn-ssl.unitn.it to the exceptions list.
-      * Verification and updating Java installation: http://www.java.com/it/download/testjava.jsp
-      * Java installation instructions: http://www.java.com/it/download/help/download_options.xml
-      * For Ubuntu Linux + Firefox you have to install the IcedTea-Web Plugin (via Firefox Add-ons Manager) and OpenJDK 6 or 7 (via apt-get see below)
-**NOTE FOR LINUX 64bit:**
+You can show a status window from File->Connections->Advanced Connection Details...\\
-  * Linux 64bit is currently only supported with 32bit client then you also need the 32bit Java version
-  * On Ubuntu Linux 64bit (12.0.4) you have to install the openjdk 6 or 7 (32bit) with this command: "sudo apt-get install openjdk-6-jre:i386" or "sudo apt-get install openjdk-7-jre:i386"
-**INSTRUCTIONS:**
+{{:pub:vpn:7_pulse_connessione_ok_status.png|}}
-  * Connect with a browser at [[https://vpn-ssl.unitn.it]], logging in with your credentials of the university.
-  * click on "Start" near the "Network Connect" entry
-{{:pub:vpn:start.png?1200|}}
-  * "Network Connect" will be installed and run on the client PC (agree to the changes and accept all security warnings if any)
-**ONLY FOR WINDOWS:**
-  * To confirm the connection, in the notification area at the bottom right (next to clock) you will see a icon like this: {{:pub:vpn:nc-icon.png|}} \\
-==== Using the Network Connect client ====
-Once the Network Connect client has been installed with one of the previous mode, for further connections, simply launch Network Connect application on your PC, a connection window appears:
-** NOTE: **
-  * ** Before starting, it is recommended the elimination of the old vpn connection (if any)  **
-  * ** The PC must have a correct proxy configuration: proxy automatically configured by http://proxypac.unitn.it (internal networks) or no proxy (external networks ES: home ADSL) **
-At this point, just perform these 3 simple steps:
-  - Insert the connection URL (Sign-in Page): **<nowiki>https://vpn-ssl.unitn.it/</nowiki>** (if not already present)
-  - Enter username and password (University credentials)
-  - Click "Login"
-{{:pub:vpn:vpn-ssl-login2.png?450|}}
-In a few seconds you will be connected to the VPN session.
+===== Linux Pulse Secure Client =====
-**ONLY FOR WINDOWS:**
+**NEWS:**
-  * To confirm the connection, in the notification area at the bottom right (next to clock) you will see a icon like this: {{:pub:vpn:nc-icon.png|}}
+The new version for linux (5.3r3) is 64bit native and provide a stable connection.
-  * By double clicking the icon, you can view the connection information:
-{{:pub:vpn:vpn-ssl-status.png|}}
+^Pulse Secure for Linux Download^
+|{{:pub:vpn:ps-pulse-linux-5.3r7.0-b919-centos-rhel-32-bit-installer.rpm|Linux CentOS 32bit Pulse Secure 5.3R7 (Jan 2019)}}|
+|{{:pub:vpn:ps-pulse-linux-5.3r7.0-b919-ubuntu-debian-32-bit-installer.deb|Linux Ubuntu (> 14.04) 32bit Pulse Secure 5.3R7 (Jan 2019)}}|
+|{{:pub:vpn:ps-pulse-linux-5.3r7.0-b919-centos-rhel-64-bit-installer.rpm|Linux CentOS 64bit Pulse Secure 5.3R7 (Jan 2019)}}|
+|{{:pub:vpn:ps-pulse-linux-5.3r7.0-b919-ubuntu-debian-64-bit-installer.deb|Linux Ubuntu (<= 16.04) 64bit Pulse Secure 5.3R7 (Jan 2019)}}|
+|{{:pub:vpn:ps-pulse-linux-9.0r3.0-b923-ubuntu-debian-64-bit-installer.deb|Linux Ubuntu (18.04) 64bit Pulse Secure 9.0R3 (Feb 2019)}}|
+|{{:pub:vpn:ps-pulse-5.3r3-linux-quickstart-guide.pdf|Documentazione ufficiale client linux 5.3r3}}|
-**NB: ** you can always make the connection by accessing via browser by repeating the steps above in the section  **1) "WEB" MODE **
+Download the package installer to the Linux client then run the installer using the following command:
-===== Using the Network Connect client from the command line (Linux) =====
+Debian-based Linux (Ubuntu):
-After the succesful installation of Network Connect, you can connect directly from the command line, the files are in the directory /home/user/.juniper_networks/network_connect\\
+dpkg -i <package name>
-if you can't find this directory, you can download and extract this archive: {{:pub:vpn:nc.tgz|}}
+RPM-based Linux (CentOS):
-Follow this procedure (tested on Ubuntu 64bit 12.0.4):\\
+rpm -ivh <package name>
-  * 1) move to the directory /home/user/.juniper_networks/network_connect (or where you have extracted the archive) and check the files:
+For example, if the Pulse Linux client is saved in /$HOME/Downloads on Ubuntu, then the command would be:
 <code>
-user@linux:home/user# cd .juniper_networks/network_connect
+sudo dpkg -i /$HOME/Downloads/ps-pulse-linux-8.2r4.0-b47329-ubuntu-debian-installer.deb
 </code>
-  * 2) Download the ssl vpn certificate (check if the file "certificato_vpn-ssl.crt" is already present in your directory first)
+Install the dependencies:
 <code>
-user@linux:home/user/.juniper_networks/network_connect# openssl s_client -connect vpn-ssl.unitn.it:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform der > certificato_vpn-ssl.crt
+user@host:~$ sudo /usr/local/pulse/PulseClient.sh install_dependency_packages
 </code>
-  * 3a) to establish the connection with the control applet (insert the password when required):
+if you want to launch the UI from a command line (/usr/local/pulse/pulseUi) you have to export this library path:
 <code>
-user@linux:home/user/.juniper_networks/network_connect# /usr/lib/jvm/java-6-openjdk-i386/bin/java -jar NC.jar -h vpn-ssl.unitn.it -u username@unitn.it -f certificato_vpn-ssl.crt -r AR-unitn-ldap-ad
+export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pulse
-Searching for ncsvc in current working directory done
-Password:
 </code>
-  * 3b) to establish the connection in "silent" mode, without control applet (insert the password when required):
+Or you can launch Pulse from your Applications by clicking on the Pulse icon.
-<code>
+ - Main screen
-user@linux:home/user/.juniper_networks/network_connect# ./ncsvc -h vpn-ssl.unitn.it -u username@unitn.it -f certificato_vpn-ssl.crt -r AR-unitn-ldap-ad
-Password:
-Connecting to vpn-ssl.unitn.it : 443
-</code>
-  * 4) Check and verify the connection status:
+{{:pub:vpn:pulseui-linux-1.png?200|}}
-<code>
+  - Create the connection:
-user@linux:home/user/.juniper_networks/network_connect# ip addr show tun0
-: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc pfifo_fast state UNKNOWN qlen 500
-    link/none
-    inet 10.31.0.36/32 scope global tun0
-</code>
-===== MACOSX 10.9 Maverick, Windows (Junos Pulse) =====
+{{:pub:vpn:pulseui-linux-2.png?200|}}
-As an alternative to Network Connect, for MACOSX (>10.6) and Windows it is possible to download and use Junos Pulse following the instructions below (screenshots taken from MACOSX 10.9)\\
+  - Login:
-**NB: for MacOSX 10.9 Maverick Junos Pulse is the ONLY supported client** \\
+{{:pub:vpn:pulseui-linux-3.png?200|}}
-^Junos Pulse Download^
+  - Connection state:
-|{{:pub:vpn:ps-pulse-mac-5.1r6.0-b61491-installer.dmg|MACOSX (>= 10.6) Pulse Secure 5.1r6.0-b61491}}|
-|{{:pub:vpn:ps-pulse-win-5.1r6.0-b61491-32bitinstaller.msi|Windows XP, Vista and Windows 7/8 (32bit) Pulse Secure 5.1r6.0-b61491}}|
-|{{:pub:vpn:ps-pulse-win-5.1r6.0-b61491-64bitinstaller.msi|Windows XP, Vista and Windows 7/8 (64bit) Pulse Secure 5.1r6.0-b61491}}|}}
-For Mac and Safari: Warning !!! Be sure that your browser is saving the file with .dmg extension (and not .exe) as "pulse.dmg". \\
+{{:pub:vpn:pulseui-linux-4.png?200|}}
-After the installation, launch the Junos Pulse Application, the main screen appears:\\
+If you don't want to use the UI, use the following command to launch the VPN client (you will be asked for the UniTN password):
+<code>
+/usr/local/pulse/PulseClient.sh -h vpn-ssl.unitn.it -u nome.cognome@unitn.it -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad
+</code>
-{{:pub:vpn:1_pulse_avvio.png|}}
+Foe example::
-Create a new connection by clicking the '+' sign and entering the following parameters:\\
+<code>
+user@host:~$ /usr/local/pulse/PulseClient.sh -h vpn-ssl.unitn.it -u username@unitn.it -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad
+Reading package lists... Done
+Building dependency tree
+Reading state information... Done
+lib32z1 is already the newest version.
+libc6-i386 is already the newest version.
+upgraded, 0 newly installed, 0 to remove and 557 not upgraded.
+executing command : /usr/local/pulse/pulsesvc -h vpn-ssl.unitn.it -u username@unitn.it -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad
+VPN Password:
+</code>
-{{:pub:vpn:2_pulse_crea_connessione.png|}}
+After few seconds the vpn connection is established, you have to leave this terminal window open and you can monitor the connection from another terminal window with the command:
-To start the connection, click on <Connect>\\
+<code>
+user@host:~$ /usr/local/pulse/PulseClient.sh -S
-{{:pub:vpn:3_pulse_connetti.png|}}
+Connection Status :
-Fill the form with the username (@unitn.it) and password: (DO NOT save password with MacOSX El Captain\\
+         connection status : Connected
+         bytes sent : 1722
+         bytes received : 2586
+         Connection Mode : ESP
+         Encryption Type : AES128/SHA1
+         Comp Type : None
+         Assigned IP : 10.31.0.80
+</code>
-{{:pub:vpn:4_pulse_password.png|}}
+To kill the connection:
-The connection is etablished, you can stop the vpn clicking on <Disconnect>\\
-{{:pub:vpn:5_pulse_connessione_ok.png|}}
-On the top you can see the Junos Pulse menu bar with the status icon:\\
-{{:pub:vpn:6_pulse_bar.png|}}
-You can show a status window from File->Connections->Advanced Connection Details...\\
-{{:pub:vpn:7_pulse_connessione_ok_status.png|}}
-It is possible to verify the assigned vpn ip from a terminal window with the 'ifconfig' command:\\
 <code>
-MAC user$ ifconfig
+user@host:~$ /usr/local/pulse/PulseClient.sh -K
-lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
-....
-....
-utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1400
-	inet 10.31.101.10 --> 10.31.101.10 netmask 0xffffffff
 </code>
 ===== Mobile Devices =====
-**REQUISITES**
+**REQUISITI**
-  * iPhone, iPod Touch, iPad (iOS 5.0,4.3.x,4.2.x or higher)
+  * iPhone, iPod Touch, iPad
   * Android devices 4.0 or higher
   * Windows Mobile 6.5
-**INSTRUCTIONS:** (screenshots related to Android version 4.1.2)
+**INSTRUCTIONS:** (screenshots related to Android version 5)
-  * Install the app "Junos Pulse" from ther App Store or Google Play
+  * Install the app "Pulse Secure" from ther App Store or Google Play
-  * Start the application "Junos Pulse"
+  * Start the application "Pulse Secure"
-{{:pub:vpn:screenshot_2013-03-01-13-05-09.png?200|}}
+{{:pub:vpn:1_pulse_secure_mobile.png?200|}}
   * Create a new connection by entering:
@@ Linea 219: / Linea 174: @@
     * Touch on "Create Connection"
-{{:pub:vpn:screenshot_2013-03-01-13-06-42_2.png?200|}}
+{{:pub:vpn:2_pulse_secure_mobile_connessione.png?200|}}
   * Tap on "Connect", enter your password and select "Sign In" (possibly accept the warning about security and trusted application)
-{{:pub:vpn:screenshot_2013-03-01-13-07-12.png?200|}}
+{{:pub:vpn:4_pulse_secure_mobile_connetti.png?200|}}
-{{:pub:vpn:screenshot_2013-03-01-13-07-45.png?200|}}
+{{:pub:vpn:3_pulse_secure_mobile_login.png?200|}}
-{{:pub:vpn:screenshot_2013-03-01-13-08-00.png?200|}}
-  * At this point the connection is established, verifiable by a touch on "Status"
+  * after a while, the connection is established, verify it by tapping on "Status"
-{{:pub:vpn:screenshot_2013-03-01-13-08-09.png?200|}}
+{{:pub:vpn:5_pulse_secure_mobile_connesso_ok.png?200|}}
-{{:pub:vpn:screenshot_2013-03-01-13-08-17.png?200|}}
+{{:pub:vpn:6_pulse_secure_mobile_status.png?200|}}
-  * At the end of the session, to end the connection, tap on "Disconnect"
+  * to terminate the session, tap on "Disconnect"
 ===== Features of vpn-ssl service =====
@@ Linea 245: / Linea 199: @@
 NB: the routing change doesn't affect the already "established" connections at the moment of the connection
 ==== User-side Firewall rules ====
 VPN traffic is encrypted in SSL and uses TCP destination port 443. For the ESP mode (which increases performance) you must open the UDP destination port 4500 too.
-==== Supported clients ====
-^Platform^SO^Browsers and Java Environment^
-|Windows|- Windows 8 on 32-bit or 64-bit platforms.- Windows 8 Enterprise on 32-bit. \\ - Windows 7 on 32-bit or 64-bit platforms \\ - Windows 7 SP1 Enterprise on 32-bit \\ - Windows Vista on 32-bit or 64-bit platforms \\ - Windows XP with SP3 on 32 bit|- Internet Explorer 10 \\ - Internet Explorer 9.0 \\ - Internet Explorer 8.0 \\ - Internet Explorer 7.0 \\ - Firefox 3.0 and above including FF10 \\ - Oracle JRE 6 and above|
-|Mac|- Mac OS X 10.6.x, 32 bit and 64 bit \\ - Mac OS X 10.7.x, 32 bit \\ - Mac OS X 10.8.x, 32 bit|- Safari 6.0 Sun JRE 6 \\ - Safari 5.1 Sun JRE 6 \\ - Safari 5.0 Sun JRE 6|
-|Linux|- OpenSuse 10.x and 11.x \\ - Ubuntu 9.10, 10.x and 11.x \\ - Red Hat Enterprise Linux 5|- Firefox 3.0 and above \\ - Oracle JRE 6 and above|
-|Solaris|- Solaris 10, 32 bit only|- Mozilla 2.0 and above|
-**NOTE:**\\ \\
-) IE 10 is supported in Windows 8 Desktop Mode on Windows 8\\
-) 32 bit Network Connect is supported only on the following distributions:\\
-^Platform^Operating System^Browsers and Java Environment^
-|Linux|- Ubuntu 12.04 LTS \\ - OpenSUSe 12.1 \\ - Fedora 17|- FireFox 10-ESR \\ - Oracle JRE 6 and 7 \\ - IcedTea-Web 1.2 with OpenJDK 6 and 7|
-Other operating systems, browsers and versions of Java, it may work by requiring, in some cases, possible interventions configuration on the client.