Questa è una vecchia versione del documento!
Indice
Instructions for the new VPN UNITN service
The VPN service allows access to internal resources of the UniTN network from external locations. It is based on SSL encryption.
For the usage and configuration of the VPN you have to install Pulse Secure, visit the right section:
Operating System | Supported Client | Instructions |
---|---|---|
Windows, Macosx | Pulse Secure | Pulse Secure Desktop |
Linux | Pulse Secure | Pulse Secure Linux |
Dispositivi Mobili (Smartphone & Tablet) | Pulse Secure | Pulse Secure Mobile |
MACOSX, Windows (Pulse Secure)
For Mac and Safari: Warning !!! Be sure that your browser is saving the file with .dmg extension (and not .exe) as “pulse.dmg”.
After the installation, launch the Pulse Secure Application, the main screen appears:
Create a new connection by clicking the '+' sign and entering the following parameters:
To start the connection, click on <Connect>
Fill the form with the username (@unitn.it) and password:
The connection is established, you can stop the vpn clicking on <Disconnect>
You can see the Pulse Secure notification icon in the lower right area:
You can show a status window from File→Connections→Advanced Connection Details…
Linux Pulse Secure Client
Pulse Secure for Linux Download |
---|
Linux CentOS Pulse Secure 8.1r7.0-b41041 |
Linux Ubuntu (> 14.04) Pulse Secure 8.1r7.0-b41041 |
Download the package installer to the Linux client then run the installer using the following command:
Debian-based Linux (Ubuntu):
dpkg -i <package name>
RPM-based Linux (CentOS):
rpm -ivh <package name>
For example, if the Pulse Linux client is saved in /$HOME/Downloads on Ubuntu, then the command would be:
sudo dpkg -i /$HOME/Downloads/ps-pulse-linux-8.1r7.0-b41041-ubuntu-debian-installer.deb
The script will prompt the user to install any missing dependent packages if they are not already installed (in this case libc6-i386 and lib32z1):
user@host:~$ sudo dpkg -i /$HOME/Downloads/ps-pulse-linux-8.1r7.0-b41041-ubuntu-debian-installer.deb (Reading database ... 154703 files and directories currently installed.) Preparing to replace pulse 8.1 (using .../ps-pulse-linux-8.1r7.0-b41041-ubuntu-debian-installer.deb) ... Unpacking replacement pulse ... Setting up pulse (8.1) ... Please execute below commands to install missing dependent packages apt-get install libc6-i386 apt-get install lib32z1 Please refer /usr/local/pulse/README for instructions to launch the Pulse Client
You have to download the device certificate from the Secure Access server in DER format:
NB: this is has to be done only one time
user@host:~$ openssl s_client -connect vpn-ssl.unitn.it:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform der > /$HOME/Downloads/vpn-ssl.crt
You can also download the certificate from here vpn-ssl.zip and unzip it with:
user@host:~$ unzip /%HOME/Downloads/vpn-ssl.zip
Use the following command to launch the VPN client (you will be asked for the UniTN password):
/usr/local/pulse/PulseClient.sh -h vpn-ssl.unitn.it -u nome.cognome@unitn.it -f /$HOME/Downloads/vpn-ssl.crt -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad
Foe example::
user@host:~$ /usr/local/pulse/PulseClient.sh -h vpn-ssl.unitn.it -u username@unitn.it -f /$HOME/Downloads/vpn-ssl.crt -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad Reading package lists... Done Building dependency tree Reading state information... Done lib32z1 is already the newest version. libc6-i386 is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 557 not upgraded. executing command : /usr/local/pulse/pulsesvc -h vpn-ssl.unitn.it -u username@unitn.it -f /$HOME/Downloads/vpn-ssl.crt -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad VPN Password:
After few seconds the vpn connection is established, you have to leave this terminal window open and you can monitor the connection from another terminal window with the command:
user@host:~$ /usr/local/pulse/PulseClient.sh -S Connection Status : connection status : Connected bytes sent : 1722 bytes received : 2586 Connection Mode : ESP Encryption Type : AES128/SHA1 Comp Type : None Assigned IP : 10.31.0.80
To kill the connection:
user@host:~$ /usr/local/pulse/PulseClient.sh -K
References - official documentation:
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40126/?q=linux&l=en_US&fs=Search&pn=1&atype=
Dispositivi Mobili
REQUISITI
- iPhone, iPod Touch, iPad
- Android devices 4.0 o superiori
- Windows Mobile 6.5
ISTRUZIONI: (screenshots relativi alla versione Android 5)
- installare l'app “Pulse Secure” dall' App Store o da Google Play
- avviare l' applicazione “Pulse Secure”
- Creare una nuova connessione inserendo:
- “Nome connessione” (a scelta)
- “URL”: https://vpn-ssl.unitn.it/
- “Nome utente” (nella forma nomeutente@unitn.it)
- toccare su “Crea connessione”
- toccare su “Connetti”, inserire la password e selezionare “Sign In” (eventualmente accettare la richiesta di considerare l' applicazione attendibile)
- a questo punto viene stabilita la connessione, verificabile tramite un tocco su “Stato”
- al termine della sessione, per terminare la connessione, toccare su “Disconnetti”
Features of vpn-ssl service
IP addresses assigned to the clients
To connected vpn clients is assigned an ip in the range from 10.31.0.10 to 10.31.0.254
"split-tunnel" mode
The VPN connection provides traffic directed to intranet IP using the VPN tunnel while traffic to other networks (eg Internet) is provided by standard client connection (eg ADSL at home).
NB: the routing change doesn't affect the already “established” connections at the moment of the connection
User-side Firewall rules
VPN traffic is encrypted in SSL and uses TCP destination port 443. For the ESP mode (which increases performance) you must open the UDP destination port 4500 too.
Supported clients
Platform | SO | Browsers and Java Environment |
---|---|---|
Windows | - Windows 8 on 32-bit or 64-bit platforms.- Windows 8 Enterprise on 32-bit. - Windows 7 on 32-bit or 64-bit platforms - Windows 7 SP1 Enterprise on 32-bit - Windows Vista on 32-bit or 64-bit platforms - Windows XP with SP3 on 32 bit | - Internet Explorer 10 - Internet Explorer 9.0 - Internet Explorer 8.0 - Internet Explorer 7.0 - Firefox 3.0 and above including FF10 - Oracle JRE 6 and above |
Mac | - Mac OS X 10.6.x, 32 bit and 64 bit - Mac OS X 10.7.x, 32 bit - Mac OS X 10.8.x, 32 bit | - Safari 6.0 Sun JRE 6 - Safari 5.1 Sun JRE 6 - Safari 5.0 Sun JRE 6 |
Linux | - OpenSuse 10.x and 11.x - Ubuntu 9.10, 10.x and 11.x - Red Hat Enterprise Linux 5 | - Firefox 3.0 and above - Oracle JRE 6 and above |
Solaris | - Solaris 10, 32 bit only | - Mozilla 2.0 and above |
NOTE:
1) IE 10 is supported in Windows 8 Desktop Mode on Windows 8
2) 32 bit Network Connect is supported only on the following distributions:
Platform | Operating System | Browsers and Java Environment |
---|---|---|
Linux | - Ubuntu 12.04 LTS - OpenSUSe 12.1 - Fedora 17 | - FireFox 10-ESR - Oracle JRE 6 and 7 - IcedTea-Web 1.2 with OpenJDK 6 and 7 |
Other operating systems, browsers and versions of Java, it may work by requiring, in some cases, possible interventions configuration on the client.