Differenze

Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.

--- pub:conf-vpn-en [2016/10/11 14:33] – [Linux Pulse Secure Client] m.fiorazzo@unitn.it
+++ pub:conf-vpn-en [2021/04/21 08:50] (versione attuale) – eliminata m.fiorazzo@unitn.it
@@ Linea 1: / Linea 1: @@
-====== Instructions for the new VPN UNITN service ======
-The VPN service allows access to internal resources of the UniTN network from external locations.
-It is based on SSL encryption.
-For the usage and configuration of the VPN you have to install Pulse Secure, visit the right section:
-^Operating System^Supported Client^Instructions^
-|Windows, Macosx|Pulse Secure|[[pub:conf-vpn-en#macosx_windows_pulse_secure|Pulse Secure Desktop]]|
-|Linux|Pulse Secure|[[pub:conf-vpn-en#linux_pulse_secure_client|Pulse Secure Linux]]|
-|Mobile devices (Smartphone & Tablet)|Pulse Secure|[[pub:conf-vpn-en#dispositivi_mobili|Pulse Secure Mobile]]|
-===== MACOSX, Windows (Pulse Secure) =====
-^Junos Pulse Download^
-|{{:pub:vpn:ps-pulse-mac-5.2r5.0-b869-installer.dmg|MACOSX (>= 10.6 incl Sierra) Pulse Secure 5.2r5.0}}|
-|{{:pub:vpn:ps-pulse-win-5.2r5.0-b869-32bitinstaller.msi|Windows XP, Vista and Windows 7/8/10 (32bit) Pulse Secure 5.2r5.0}}|
-|{{:pub:vpn:ps-pulse-win-5.2r5.0-b869-64bitinstaller.msi|Windows XP, Vista and Windows 7/8/10 (64bit) Pulse Secure 5.2r5.0}}|}}
-For Mac and Safari: Warning !!! Be sure that your browser is saving the file with .dmg extension (and not .exe) as "pulse.dmg". \\
-After the installation, launch the Pulse Secure Application, the main screen appears:\\
-{{:pub:vpn:1_pulse_avvio.png|}}
-Create a new connection by clicking the '+' sign and entering the following parameters:\\
-{{:pub:vpn:2_pulse_crea_connessione.png|}}
-To start the connection, click on <Connect>\\
-{{:pub:vpn:3_pulse_connetti.png|}}
-Fill the form with the username (@unitn.it) and password:\\
-{{:pub:vpn:4_pulse_password.png|}}
-The connection is established, you can stop the vpn clicking on <Disconnect>\\
-{{:pub:vpn:5_pulse_connessione_ok.png|}}
-You can see the Pulse Secure notification icon in the lower right area:\\
-{{:pub:vpn:6_pulse_bar.png|}}
-You can show a status window from File->Connections->Advanced Connection Details...\\
-{{:pub:vpn:7_pulse_connessione_ok_status.png|}}
-===== Linux Pulse Secure Client =====
-**NEWS:**
-With the new version for linux (8.2R4) you can manage the Pulse connections with a UI
-^Pulse Secure for Linux Download^
-|{{:pub:vpn:ps-pulse-linux-8.2r4.0-b47329-centos-rhel-installer.rpm|Linux CentOS Pulse Secure 8.1r8}}|
-|{{:pub:vpn:ps-pulse-linux-8.2r4.0-b47329-ubuntu-debian-installer.deb|Linux Ubuntu (> 14.04) Pulse Secure 8.1r8}}|
-Download the package installer to the Linux client then run the installer using the following command:
-Debian-based Linux (Ubuntu):
-dpkg -i <package name>
-RPM-based Linux (CentOS):
-rpm -ivh <package name>
-For example, if the Pulse Linux client is saved in /$HOME/Downloads on Ubuntu, then the command would be:
-<code>
-sudo dpkg -i /$HOME/Downloads/ps-pulse-linux-8.2r4.0-b47329-ubuntu-debian-installer.deb
-</code>
-Install the dependencies:
-<code>
-user@host:~$ sudo /usr/local/pulse/PulseClient.sh install_dependency_packages
-</code>
-if you want to launch the UI from a command line (/usr/local/pulse/pulseUi) you have to export this library path:
-<code>
-export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pulse
-</code>
-:!: With Ubuntu 16.04 a 64bit you have to install 32bit **webkit** dependancy:
-<code>
-sudo apt-get install libwebkitgtk-1.0-0:i386
-Export the path:
-LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/i386-linux-gnu
-export LD_LIBRARY_PATH
-</code>
-Or you can launch Pulse from your Applicazions by clicking on the Pulse icon.
- - Main screen
-{{:pub:vpn:pulseui-linux-1.png?200|}}
-  - Create the connection:
-{{:pub:vpn:pulseui-linux-2.png?200|}}
-  - Login:
-{{:pub:vpn:pulseui-linux-3.png?200|}}
-  - Connection state:
-{{:pub:vpn:pulseui-linux-4.png?200|}}
-If you don't want to use the UI, use the following command to launch the VPN client (you will be asked for the UniTN password):
-<code>
-/usr/local/pulse/PulseClient.sh -h vpn-ssl.unitn.it -u nome.cognome@unitn.it -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad
-</code>
-Foe example::
-<code>
-user@host:~$ /usr/local/pulse/PulseClient.sh -h vpn-ssl.unitn.it -u username@unitn.it -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad
-Reading package lists... Done
-Building dependency tree
-Reading state information... Done
-lib32z1 is already the newest version.
-libc6-i386 is already the newest version.
-upgraded, 0 newly installed, 0 to remove and 557 not upgraded.
-executing command : /usr/local/pulse/pulsesvc -h vpn-ssl.unitn.it -u username@unitn.it -U https://vpn-ssl.unitn.it -r AR-unitn-ldap-ad
-VPN Password:
-</code>
-After few seconds the vpn connection is established, you have to leave this terminal window open and you can monitor the connection from another terminal window with the command:
-<code>
-user@host:~$ /usr/local/pulse/PulseClient.sh -S
-Connection Status :
-         connection status : Connected
-         bytes sent : 1722
-         bytes received : 2586
-         Connection Mode : ESP
-         Encryption Type : AES128/SHA1
-         Comp Type : None
-         Assigned IP : 10.31.0.80
-</code>
-To kill the connection:
-<code>
-user@host:~$ /usr/local/pulse/PulseClient.sh -K
-</code>
-References - official documentation:\\ https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40126/?q=linux&l=en_US&fs=Search&pn=1&atype=
-===== Mobile Devices =====
-**REQUISITI**
-  * iPhone, iPod Touch, iPad
-  * Android devices 4.0 or higher
-  * Windows Mobile 6.5
-**INSTRUCTIONS:** (screenshots related to Android version 5)
-  * Install the app "Pulse Secure" from ther App Store or Google Play
-  * Start the application "Pulse Secure"
-{{:pub:vpn:1_pulse_secure_mobile.png?200|}}
-  * Create a new connection by entering:
-    * "Connection Name" (your choice)
-    * "URL": https://vpn-ssl.unitn.it/
-    * "User Name" (in the form username@unitn.it)
-    * Touch on "Create Connection"
-{{:pub:vpn:2_pulse_secure_mobile_connessione.png?200|}}
-  * Tap on "Connect", enter your password and select "Sign In" (possibly accept the warning about security and trusted application)
-{{:pub:vpn:4_pulse_secure_mobile_connetti.png?200|}}
-{{:pub:vpn:3_pulse_secure_mobile_login.png?200|}}
-  * after a while, the connection is established, verify it by tapping on "Status"
-{{:pub:vpn:5_pulse_secure_mobile_connesso_ok.png?200|}}
-{{:pub:vpn:6_pulse_secure_mobile_status.png?200|}}
-  * to terminate the session, tap on "Disconnect"
-===== Features of vpn-ssl service =====
-==== IP addresses assigned to the clients ====
-To connected vpn clients is assigned an ip in the range from 10.31.0.10 to 10.31.0.254
-==== "split-tunnel" mode ====
-The VPN connection provides traffic directed to intranet IP using the VPN tunnel while traffic to other networks (eg Internet) is provided by standard client connection (eg ADSL at home).
-NB: the routing change doesn't affect the already "established" connections at the moment of the connection
-==== User-side Firewall rules ====
-VPN traffic is encrypted in SSL and uses TCP destination port 443. For the ESP mode (which increases performance) you must open the UDP destination port 4500 too.