pub:conf-vpn-en
Differenze
Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.
Entrambe le parti precedenti la revisioneRevisione precedenteProssima revisione | Revisione precedente | ||
pub:conf-vpn-en [2016/02/09 14:57] – m.fiorazzo@unitn.it | pub:conf-vpn-en [2021/04/21 08:50] (versione attuale) – eliminata m.fiorazzo@unitn.it | ||
---|---|---|---|
Linea 1: | Linea 1: | ||
- | ====== Instructions for the new VPN UNITN service ====== | ||
- | |||
- | The VPN service allows access to internal resources of the UniTN network from external locations. | ||
- | It is based on SSL encryption. | ||
- | |||
- | For the usage and configuration of the VPN you have to install Pulse Secure, visit the right section: | ||
- | |||
- | ^Operating System^Supported Client^Instructions^ | ||
- | |Windows, Macosx|Pulse Secure|[[pub: | ||
- | |Linux|Pulse Secure|[[pub: | ||
- | |Dispositivi Mobili (Smartphone & Tablet)|Pulse Secure|[[pub: | ||
- | |||
- | ===== MACOSX, Windows (Pulse Secure) ===== | ||
- | |||
- | ^Junos Pulse Download^ | ||
- | |{{: | ||
- | |{{: | ||
- | |{{: | ||
- | |||
- | For Mac and Safari: Warning !!! Be sure that your browser is saving the file with .dmg extension (and not .exe) as " | ||
- | |||
- | After the installation, | ||
- | |||
- | {{: | ||
- | |||
- | Create a new connection by clicking the ' | ||
- | |||
- | {{: | ||
- | |||
- | To start the connection, click on < | ||
- | |||
- | {{: | ||
- | |||
- | Fill the form with the username (@unitn.it) and password:\\ | ||
- | |||
- | {{: | ||
- | |||
- | The connection is established, | ||
- | |||
- | {{: | ||
- | |||
- | You can see the Pulse Secure notification icon in the lower right area:\\ | ||
- | |||
- | {{: | ||
- | |||
- | You can show a status window from File-> | ||
- | |||
- | {{: | ||
- | |||
- | ===== Linux Pulse Secure Client ===== | ||
- | |||
- | ^Pulse Secure for Linux Download^ | ||
- | |{{: | ||
- | |{{: | ||
- | |||
- | Download the package installer to the Linux client then run the installer using the following command: | ||
- | |||
- | Debian-based Linux (Ubuntu): | ||
- | |||
- | dpkg -i <package name> | ||
- | |||
- | RPM-based Linux (CentOS): | ||
- | |||
- | rpm -ivh <package name> | ||
- | |||
- | For example, if the Pulse Linux client is saved in / | ||
- | |||
- | < | ||
- | sudo dpkg -i / | ||
- | </ | ||
- | |||
- | The script will prompt the user to install any missing dependent packages if they are not already installed (in this case libc6-i386 and lib32z1): | ||
- | |||
- | < | ||
- | user@host: | ||
- | (Reading database ... 154703 files and directories currently installed.) | ||
- | Preparing to replace pulse 8.1 (using | ||
- | .../ | ||
- | Unpacking replacement pulse ... | ||
- | Setting up pulse (8.1) ... | ||
- | | ||
- | apt-get install libc6-i386 | ||
- | apt-get install lib32z1 | ||
- | Please refer / | ||
- | </ | ||
- | |||
- | You have to download the device certificate from the Secure Access server in DER format:\\ | ||
- | **NB: this is has to be done only one time** | ||
- | |||
- | < | ||
- | user@host: | ||
- | </ | ||
- | |||
- | You can also download the certificate from here {{: | ||
- | |||
- | < | ||
- | user@host: | ||
- | </ | ||
- | |||
- | Use the following command to launch the VPN client (you will be asked for the UniTN password): | ||
- | < | ||
- | / | ||
- | </ | ||
- | |||
- | Foe example:: | ||
- | |||
- | < | ||
- | user@host: | ||
- | Reading package lists... Done | ||
- | Building dependency tree | ||
- | Reading state information... Done | ||
- | lib32z1 is already the newest version. | ||
- | libc6-i386 is already the newest version. | ||
- | 0 upgraded, 0 newly installed, 0 to remove and 557 not upgraded. | ||
- | executing command : / | ||
- | VPN Password: | ||
- | </ | ||
- | |||
- | After few seconds the vpn connection is established, | ||
- | |||
- | < | ||
- | user@host: | ||
- | |||
- | Connection Status : | ||
- | |||
- | | ||
- | bytes sent : 1722 | ||
- | bytes received : 2586 | ||
- | | ||
- | | ||
- | Comp Type : None | ||
- | | ||
- | </ | ||
- | |||
- | To kill the connection: | ||
- | |||
- | < | ||
- | user@host: | ||
- | </ | ||
- | |||
- | References - official documentation: | ||
- | |||
- | ===== Dispositivi Mobili ===== | ||
- | |||
- | **REQUISITI** | ||
- | * iPhone, iPod Touch, iPad | ||
- | * Android devices 4.0 o superiori | ||
- | * Windows Mobile 6.5 | ||
- | |||
- | **ISTRUZIONI: | ||
- | * installare l'app "Pulse Secure" | ||
- | * avviare l' applicazione "Pulse Secure" | ||
- | |||
- | {{: | ||
- | |||
- | * Creare una nuova connessione inserendo: | ||
- | * "Nome connessione" | ||
- | * " | ||
- | * "Nome utente" | ||
- | * toccare su "Crea connessione" | ||
- | |||
- | {{: | ||
- | |||
- | * toccare su " | ||
- | |||
- | {{: | ||
- | {{: | ||
- | |||
- | * a questo punto viene stabilita la connessione, | ||
- | |||
- | {{: | ||
- | {{: | ||
- | |||
- | * al termine della sessione, per terminare la connessione, | ||
- | ===== Features of vpn-ssl service ===== | ||
- | |||
- | ==== IP addresses assigned to the clients ==== | ||
- | |||
- | To connected vpn clients is assigned an ip in the range from 10.31.0.10 to 10.31.0.254 | ||
- | |||
- | ==== " | ||
- | |||
- | The VPN connection provides traffic directed to intranet IP using the VPN tunnel while traffic to other networks (eg Internet) is provided by standard client connection (eg ADSL at home). | ||
- | |||
- | NB: the routing change doesn' | ||
- | ==== User-side Firewall rules ==== | ||
- | |||
- | VPN traffic is encrypted in SSL and uses TCP destination port 443. For the ESP mode (which increases performance) you must open the UDP destination port 4500 too. | ||
- | |||
- | ==== Supported clients ==== | ||
- | |||
- | ^Platform^SO^Browsers and Java Environment^ | ||
- | |Windows|- Windows 8 on 32-bit or 64-bit platforms.- Windows 8 Enterprise on 32-bit. \\ - Windows 7 on 32-bit or 64-bit platforms \\ - Windows 7 SP1 Enterprise on 32-bit \\ - Windows Vista on 32-bit or 64-bit platforms \\ - Windows XP with SP3 on 32 bit|- Internet Explorer 10 \\ - Internet Explorer 9.0 \\ - Internet Explorer 8.0 \\ - Internet Explorer 7.0 \\ - Firefox 3.0 and above including FF10 \\ - Oracle JRE 6 and above| | ||
- | |Mac|- Mac OS X 10.6.x, 32 bit and 64 bit \\ - Mac OS X 10.7.x, 32 bit \\ - Mac OS X 10.8.x, 32 bit|- Safari 6.0 Sun JRE 6 \\ - Safari 5.1 Sun JRE 6 \\ - Safari 5.0 Sun JRE 6| | ||
- | |Linux|- OpenSuse 10.x and 11.x \\ - Ubuntu 9.10, 10.x and 11.x \\ - Red Hat Enterprise Linux 5|- Firefox 3.0 and above \\ - Oracle JRE 6 and above| | ||
- | |Solaris|- Solaris 10, 32 bit only|- Mozilla 2.0 and above| | ||
- | **NOTE:**\\ \\ | ||
- | 1) IE 10 is supported in Windows 8 Desktop Mode on Windows 8\\ | ||
- | 2) 32 bit Network Connect is supported only on the following distributions: | ||
- | ^Platform^Operating System^Browsers and Java Environment^ | ||
- | |Linux|- Ubuntu 12.04 LTS \\ - OpenSUSe 12.1 \\ - Fedora 17|- FireFox 10-ESR \\ - Oracle JRE 6 and 7 \\ - IcedTea-Web 1.2 with OpenJDK 6 and 7| | ||
- | |||
- | Other operating systems, browsers and versions of Java, it may work by requiring, in some cases, possible interventions configuration on the client. | ||
pub/conf-vpn-en.1455029821.txt.gz · Ultima modifica: 2016/02/09 14:57 da m.fiorazzo@unitn.it