Wiki UniTn

Strumenti Utente

Strumenti Sito

Traccia:
pub:conf-vpn-en

Differenze

Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.

Link a questa pagina di confronto

Entrambe le parti precedenti la revisioneRevisione precedente
Prossima revisione		Revisione precedente
pub:conf-vpn-en [2016/02/09 14:57] m.fiorazzo@unitn.itpub:conf-vpn-en [2021/04/21 08:50] (versione attuale) – eliminata m.fiorazzo@unitn.it
Linea 1: Linea 1:
-====== Instructions for the new VPN UNITN service ====== 
- 
-The VPN service allows access to internal resources of the UniTN network from external locations. 
-It is based on SSL encryption. 
- 
-For the usage and configuration of the VPN you have to install Pulse Secure, visit the right section: 
- 
-^Operating System^Supported Client^Instructions^ 
-|Windows, Macosx|Pulse Secure|[[pub:conf-vpn-en#macosx_windows_pulse_secure|Pulse Secure Desktop]]| 
-|Linux|Pulse Secure|[[pub:conf-vpn-en#linux_pulse_secure_client|Pulse Secure Linux]]| 
-|Dispositivi Mobili (Smartphone & Tablet)|Pulse Secure|[[pub:conf-vpn-en#dispositivi_mobili|Pulse Secure Mobile]]| 
- 
-===== MACOSX, Windows (Pulse Secure) ===== 
- 
-^Junos Pulse Download^ 
-|{{:pub:vpn:ps-pulse-mac-5.2r1.0-b227-installer.dmg|MACOSX (>= 10.6) Pulse Secure 5.2r1.0-b227}}| 
-|{{:pub:vpn:ps-pulse-win-5.2r1.0-b227-32bitinstaller.msi|Windows XP, Vista and Windows 7/8/10 (32bit) Pulse Secure 5.2r1.0-b227}}| 
-|{{:pub:vpn:ps-pulse-win-5.2r1.0-b227-64bitinstaller.msi|Windows XP, Vista and Windows 7/8/10 (64bit) Pulse Secure 5.2r1.0-b227}}|}} 
- 
-For Mac and Safari: Warning !!! Be sure that your browser is saving the file with .dmg extension (and not .exe) as "pulse.dmg". \\ 
- 
-After the installation, launch the Pulse Secure Application, the main screen appears:\\ 
- 
-{{:pub:vpn:1_pulse_avvio.png|}} 
- 
-Create a new connection by clicking the '+' sign and entering the following parameters:\\ 
- 
-{{:pub:vpn:2_pulse_crea_connessione.png|}} 
- 
-To start the connection, click on <Connect>\\ 
- 
-{{:pub:vpn:3_pulse_connetti.png|}} 
- 
-Fill the form with the username (@unitn.it) and password:\\ 
- 
-{{:pub:vpn:4_pulse_password.png|}} 
- 
-The connection is established, you can stop the vpn clicking on <Disconnect>\\ 
- 
-{{:pub:vpn:5_pulse_connessione_ok.png|}} 
- 
-You can see the Pulse Secure notification icon in the lower right area:\\ 
- 
-{{:pub:vpn:6_pulse_bar.png|}} 
- 
-You can show a status window from File->Connections->Advanced Connection Details...\\ 
- 
-{{:pub:vpn:7_pulse_connessione_ok_status.png|}} 
- 
-===== Linux Pulse Secure Client ===== 
- 
-^Pulse Secure for Linux Download^ 
-|{{:pub:vpn:ps-pulse-linux-8.1r7.0-b41041-centos-rhel-installer.rpm|Linux CentOS Pulse Secure 8.1r7.0-b41041}}| 
-|{{:pub:vpn:ps-pulse-linux-8.1r7.0-b41041-ubuntu-debian-installer.deb|Linux Ubuntu (> 14.04) Pulse Secure 8.1r7.0-b41041}}| 
- 
-Download the package installer to the Linux client then run the installer using the following command: 
- 
-Debian-based Linux (Ubuntu):   
- 
-dpkg -i <package name> 
- 
-RPM-based Linux (CentOS): 
- 
-rpm -ivh <package name> 
- 
-For example, if the Pulse Linux client is saved in /$HOME/Downloads on Ubuntu, then the command would be: 
- 
-<code> 
-sudo dpkg -i /$HOME/Downloads/ps-pulse-linux-8.1r7.0-b41041-ubuntu-debian-installer.deb 
-</code> 
- 
-The script will prompt the user to install any missing dependent packages if they are not already installed (in this case libc6-i386 and lib32z1): 
- 
-<code> 
-user@host:~$ sudo dpkg -i /$HOME/Downloads/ps-pulse-linux-8.1r7.0-b41041-ubuntu-debian-installer.deb 
-(Reading database ... 154703 files and directories currently installed.) 
-Preparing to replace pulse 8.1 (using 
-.../ps-pulse-linux-8.1r7.0-b41041-ubuntu-debian-installer.deb) ... 
-Unpacking replacement pulse ... 
-Setting up pulse (8.1) ... 
- Please execute below commands to install missing dependent packages 
-apt-get install libc6-i386 
-apt-get install lib32z1 
-Please refer /usr/local/pulse/README for instructions to launch the Pulse Client 
-</code> 
- 
-You have to download the device certificate from the Secure Access server in DER format:\\ 
-**NB: this is has to be done only one time** 
- 
-<code> 
-user@host:~$ openssl s_client -connect vpn-ssl.unitn.it:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform der > /$HOME/Downloads/vpn-ssl.crt 
-</code> 
- 
-You can also download the certificate from here {{:pub:vpn-ssl.zip|}} and unzip it with: 
- 
-<code> 
-user@host:~$ unzip /%HOME/Downloads/vpn-ssl.zip 
-</code> 
- 
-Use the following command to launch the VPN client (you will be asked for the UniTN password): 
-<code> 
-/usr/local/pulse/PulseClient.sh -h vpn-ssl.unitn.it -u nome.cognome@unitn.it -f /$HOME/Downloads/vpn-ssl.crt -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad 
-</code> 
- 
-Foe example:: 
- 
-<code> 
-user@host:~$ /usr/local/pulse/PulseClient.sh -h vpn-ssl.unitn.it -u username@unitn.it -f /$HOME/Downloads/vpn-ssl.crt -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad 
-Reading package lists... Done 
-Building dependency tree 
-Reading state information... Done 
-lib32z1 is already the newest version. 
-libc6-i386 is already the newest version. 
-0 upgraded, 0 newly installed, 0 to remove and 557 not upgraded. 
-executing command : /usr/local/pulse/pulsesvc -h vpn-ssl.unitn.it -u username@unitn.it -f /$HOME/Downloads/vpn-ssl.crt -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad 
-VPN Password: 
-</code> 
- 
-After few seconds the vpn connection is established, you have to leave this terminal window open and you can monitor the connection from another terminal window with the command: 
- 
-<code> 
-user@host:~$ /usr/local/pulse/PulseClient.sh -S 
- 
-Connection Status : 
- 
-         connection status : Connected 
-         bytes sent : 1722 
-         bytes received : 2586 
-         Connection Mode : ESP 
-         Encryption Type : AES128/SHA1 
-         Comp Type : None 
-         Assigned IP : 10.31.0.80 
-</code> 
- 
-To kill the connection: 
- 
-<code> 
-user@host:~$ /usr/local/pulse/PulseClient.sh -K 
-</code> 
- 
-References - official documentation:\\ https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40126/?q=linux&l=en_US&fs=Search&pn=1&atype= 
- 
-===== Dispositivi Mobili ===== 
- 
-**REQUISITI** 
-  * iPhone, iPod Touch, iPad 
-  * Android devices 4.0 o superiori 
-  * Windows Mobile 6.5 
- 
-**ISTRUZIONI:** (screenshots relativi alla versione Android 5) 
-  * installare l'app "Pulse Secure" dall' App Store o da Google Play 
-  * avviare l' applicazione "Pulse Secure" 
- 
-{{:pub:vpn:1_pulse_secure_mobile.png?200|}} 
- 
-  * Creare una nuova connessione inserendo: 
-    * "Nome connessione" (a scelta) 
-    * "URL": https://vpn-ssl.unitn.it/ 
-    * "Nome utente" (nella forma nomeutente@unitn.it) 
-    * toccare su "Crea connessione" 
- 
-{{:pub:vpn:2_pulse_secure_mobile_connessione.png?200|}} 
- 
-  * toccare su "Connetti", inserire la password e selezionare "Sign In" (eventualmente accettare la richiesta di considerare l' applicazione attendibile)  
- 
-{{:pub:vpn:4_pulse_secure_mobile_connetti.png?200|}} 
-{{:pub:vpn:3_pulse_secure_mobile_login.png?200|}} 
- 
-  * a questo punto viene stabilita la connessione, verificabile tramite un tocco su "Stato" 
- 
-{{:pub:vpn:5_pulse_secure_mobile_connesso_ok.png?200|}} 
-{{:pub:vpn:6_pulse_secure_mobile_status.png?200|}} 
- 
-  * al termine della sessione, per terminare la connessione, toccare su "Disconnetti" 
-===== Features of vpn-ssl service ===== 
- 
-==== IP addresses assigned to the clients ==== 
- 
-To connected vpn clients is assigned an ip in the range from 10.31.0.10 to 10.31.0.254 
- 
-==== "split-tunnel" mode ==== 
- 
-The VPN connection provides traffic directed to intranet IP using the VPN tunnel while traffic to other networks (eg Internet) is provided by standard client connection (eg ADSL at home). 
- 
-NB: the routing change doesn't affect the already "established" connections at the moment of the connection 
-==== User-side Firewall rules ==== 
- 
-VPN traffic is encrypted in SSL and uses TCP destination port 443. For the ESP mode (which increases performance) you must open the UDP destination port 4500 too. 
- 
-==== Supported clients ==== 
- 
-^Platform^SO^Browsers and Java Environment^ 
-|Windows|- Windows 8 on 32-bit or 64-bit platforms.- Windows 8 Enterprise on 32-bit. \\ - Windows 7 on 32-bit or 64-bit platforms \\ - Windows 7 SP1 Enterprise on 32-bit \\ - Windows Vista on 32-bit or 64-bit platforms \\ - Windows XP with SP3 on 32 bit|- Internet Explorer 10 \\ - Internet Explorer 9.0 \\ - Internet Explorer 8.0 \\ - Internet Explorer 7.0 \\ - Firefox 3.0 and above including FF10 \\ - Oracle JRE 6 and above| 
-|Mac|- Mac OS X 10.6.x, 32 bit and 64 bit \\ - Mac OS X 10.7.x, 32 bit \\ - Mac OS X 10.8.x, 32 bit|- Safari 6.0 Sun JRE 6 \\ - Safari 5.1 Sun JRE 6 \\ - Safari 5.0 Sun JRE 6| 
-|Linux|- OpenSuse 10.x and 11.x \\ - Ubuntu 9.10, 10.x and 11.x \\ - Red Hat Enterprise Linux 5|- Firefox 3.0 and above \\ - Oracle JRE 6 and above| 
-|Solaris|- Solaris 10, 32 bit only|- Mozilla 2.0 and above| 
-**NOTE:**\\ \\ 
-1) IE 10 is supported in Windows 8 Desktop Mode on Windows 8\\ 
-2) 32 bit Network Connect is supported only on the following distributions:\\ 
-^Platform^Operating System^Browsers and Java Environment^ 
-|Linux|- Ubuntu 12.04 LTS \\ - OpenSUSe 12.1 \\ - Fedora 17|- FireFox 10-ESR \\ - Oracle JRE 6 and 7 \\ - IcedTea-Web 1.2 with OpenJDK 6 and 7| 
- 
-Other operating systems, browsers and versions of Java, it may work by requiring, in some cases, possible interventions configuration on the client. 
  
pub/conf-vpn-en.1455029821.txt.gz · Ultima modifica: 2016/02/09 14:57 da m.fiorazzo@unitn.it