Differenze

Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.

--- pub:conf-vpn-en [2016/02/09 15:17] – m.fiorazzo@unitn.it
+++ pub:conf-vpn-en [2021/04/21 08:50] (versione attuale) – eliminata m.fiorazzo@unitn.it
@@ Linea 1: / Linea 1: @@
-====== Instructions for the new VPN UNITN service ======
-The VPN service allows access to internal resources of the UniTN network from external locations.
-It is based on SSL encryption.
-For the usage and configuration of the VPN you have to install Pulse Secure, visit the right section:
-^Operating System^Supported Client^Instructions^
-|Windows, Macosx|Pulse Secure|[[pub:conf-vpn-en#macosx_windows_pulse_secure|Pulse Secure Desktop]]|
-|Linux|Pulse Secure|[[pub:conf-vpn-en#linux_pulse_secure_client|Pulse Secure Linux]]|
-|Dispositivi Mobili (Smartphone & Tablet)|Pulse Secure|[[pub:conf-vpn-en#dispositivi_mobili|Pulse Secure Mobile]]|
-===== MACOSX, Windows (Pulse Secure) =====
-^Junos Pulse Download^
-|{{:pub:vpn:ps-pulse-mac-5.2r1.0-b227-installer.dmg|MACOSX (>= 10.6) Pulse Secure 5.2r1.0-b227}}|
-|{{:pub:vpn:ps-pulse-win-5.2r1.0-b227-32bitinstaller.msi|Windows XP, Vista and Windows 7/8/10 (32bit) Pulse Secure 5.2r1.0-b227}}|
-|{{:pub:vpn:ps-pulse-win-5.2r1.0-b227-64bitinstaller.msi|Windows XP, Vista and Windows 7/8/10 (64bit) Pulse Secure 5.2r1.0-b227}}|}}
-For Mac and Safari: Warning !!! Be sure that your browser is saving the file with .dmg extension (and not .exe) as "pulse.dmg". \\
-After the installation, launch the Pulse Secure Application, the main screen appears:\\
-{{:pub:vpn:1_pulse_avvio.png|}}
-Create a new connection by clicking the '+' sign and entering the following parameters:\\
-{{:pub:vpn:2_pulse_crea_connessione.png|}}
-To start the connection, click on <Connect>\\
-{{:pub:vpn:3_pulse_connetti.png|}}
-Fill the form with the username (@unitn.it) and password:\\
-{{:pub:vpn:4_pulse_password.png|}}
-The connection is established, you can stop the vpn clicking on <Disconnect>\\
-{{:pub:vpn:5_pulse_connessione_ok.png|}}
-You can see the Pulse Secure notification icon in the lower right area:\\
-{{:pub:vpn:6_pulse_bar.png|}}
-You can show a status window from File->Connections->Advanced Connection Details...\\
-{{:pub:vpn:7_pulse_connessione_ok_status.png|}}
-===== Linux Pulse Secure Client =====
-^Pulse Secure for Linux Download^
-|{{:pub:vpn:ps-pulse-linux-8.1r7.0-b41041-centos-rhel-installer.rpm|Linux CentOS Pulse Secure 8.1r7.0-b41041}}|
-|{{:pub:vpn:ps-pulse-linux-8.1r7.0-b41041-ubuntu-debian-installer.deb|Linux Ubuntu (> 14.04) Pulse Secure 8.1r7.0-b41041}}|
-Download the package installer to the Linux client then run the installer using the following command:
-Debian-based Linux (Ubuntu):
-dpkg -i <package name>
-RPM-based Linux (CentOS):
-rpm -ivh <package name>
-For example, if the Pulse Linux client is saved in /$HOME/Downloads on Ubuntu, then the command would be:
-<code>
-sudo dpkg -i /$HOME/Downloads/ps-pulse-linux-8.1r7.0-b41041-ubuntu-debian-installer.deb
-</code>
-The script will prompt the user to install any missing dependent packages if they are not already installed (in this case libc6-i386 and lib32z1):
-<code>
-user@host:~$ sudo dpkg -i /$HOME/Downloads/ps-pulse-linux-8.1r7.0-b41041-ubuntu-debian-installer.deb
-(Reading database ... 154703 files and directories currently installed.)
-Preparing to replace pulse 8.1 (using
-.../ps-pulse-linux-8.1r7.0-b41041-ubuntu-debian-installer.deb) ...
-Unpacking replacement pulse ...
-Setting up pulse (8.1) ...
- Please execute below commands to install missing dependent packages
-apt-get install libc6-i386
-apt-get install lib32z1
-Please refer /usr/local/pulse/README for instructions to launch the Pulse Client
-</code>
-You have to download the device certificate from the Secure Access server in DER format:\\
-**NB: this is has to be done only one time**
-<code>
-user@host:~$ openssl s_client -connect vpn-ssl.unitn.it:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform der > /$HOME/Downloads/vpn-ssl.crt
-</code>
-You can also download the certificate from here {{:pub:vpn-ssl.zip|}} and unzip it with:
-<code>
-user@host:~$ unzip /%HOME/Downloads/vpn-ssl.zip
-</code>
-Use the following command to launch the VPN client (you will be asked for the UniTN password):
-<code>
-/usr/local/pulse/PulseClient.sh -h vpn-ssl.unitn.it -u nome.cognome@unitn.it -f /$HOME/Downloads/vpn-ssl.crt -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad
-</code>
-Foe example::
-<code>
-user@host:~$ /usr/local/pulse/PulseClient.sh -h vpn-ssl.unitn.it -u username@unitn.it -f /$HOME/Downloads/vpn-ssl.crt -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad
-Reading package lists... Done
-Building dependency tree
-Reading state information... Done
-lib32z1 is already the newest version.
-libc6-i386 is already the newest version.
-upgraded, 0 newly installed, 0 to remove and 557 not upgraded.
-executing command : /usr/local/pulse/pulsesvc -h vpn-ssl.unitn.it -u username@unitn.it -f /$HOME/Downloads/vpn-ssl.crt -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad
-VPN Password:
-</code>
-After few seconds the vpn connection is established, you have to leave this terminal window open and you can monitor the connection from another terminal window with the command:
-<code>
-user@host:~$ /usr/local/pulse/PulseClient.sh -S
-Connection Status :
-         connection status : Connected
-         bytes sent : 1722
-         bytes received : 2586
-         Connection Mode : ESP
-         Encryption Type : AES128/SHA1
-         Comp Type : None
-         Assigned IP : 10.31.0.80
-</code>
-To kill the connection:
-<code>
-user@host:~$ /usr/local/pulse/PulseClient.sh -K
-</code>
-References - official documentation:\\ https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40126/?q=linux&l=en_US&fs=Search&pn=1&atype=
-===== Mobile Devices =====
-**REQUISITI**
-  * iPhone, iPod Touch, iPad
-  * Android devices 4.0 or higher
-  * Windows Mobile 6.5
-**INSTRUCTIONS:** (screenshots related to Android version 5)
-  * Install the app "Pulse Secure" from ther App Store or Google Play
-  * Start the application "Pulse Secure"
-{{:pub:vpn:1_pulse_secure_mobile.png?200|}}
-  * Create a new connection by entering:
-    * "Connection Name" (your choice)
-    * "URL": https://vpn-ssl.unitn.it/
-    * "User Name" (in the form username@unitn.it)
-    * Touch on "Create Connection"
-{{:pub:vpn:2_pulse_secure_mobile_connessione.png?200|}}
-  * Tap on "Connect", enter your password and select "Sign In" (possibly accept the warning about security and trusted application)
-{{:pub:vpn:4_pulse_secure_mobile_connetti.png?200|}}
-{{:pub:vpn:3_pulse_secure_mobile_login.png?200|}}
-  * after a while, the connection is established, verify it by tapping on "Status"
-{{:pub:vpn:5_pulse_secure_mobile_connesso_ok.png?200|}}
-{{:pub:vpn:6_pulse_secure_mobile_status.png?200|}}
-  * to terminate the session, tap on "Disconnect"
-===== Features of vpn-ssl service =====
-==== IP addresses assigned to the clients ====
-To connected vpn clients is assigned an ip in the range from 10.31.0.10 to 10.31.0.254
-==== "split-tunnel" mode ====
-The VPN connection provides traffic directed to intranet IP using the VPN tunnel while traffic to other networks (eg Internet) is provided by standard client connection (eg ADSL at home).
-NB: the routing change doesn't affect the already "established" connections at the moment of the connection
-==== User-side Firewall rules ====
-VPN traffic is encrypted in SSL and uses TCP destination port 443. For the ESP mode (which increases performance) you must open the UDP destination port 4500 too.