pub:conf-vpn-out-en
Differenze
Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.
Entrambe le parti precedenti la revisioneRevisione precedenteProssima revisione | Revisione precedente | ||
pub:conf-vpn-out-en [2015/10/08 10:32] – m.fiorazzo@unitn.it | pub:conf-vpn-out-en [2021/04/14 07:48] (versione attuale) – m.fiorazzo@unitn.it | ||
---|---|---|---|
Linea 1: | Linea 1: | ||
====== Instructions for the VPN-OUT UNITN service ====== | ====== Instructions for the VPN-OUT UNITN service ====== | ||
- | **NOTE:** for MacosX Yosemite only Junos Pulse is supported\\ | + | The VPN-OUT service allow you to access |
- | **NOTE2:** after the upgrade | + | |
- | The VPN-OUT | + | * **WARNING**: |
- | All the Internet traffic flows as it was generated by an UniTN internet address. | + | |
- | It is based on SSL encryption. | + | To use the VPN-OUT service you have to follow the general VPN instructions [[pub: |
- | For the usage and configuration, | + | < |
- | ^Operating System^Supported Client^Instructions^ | + | instead of < |
- | |Linux|Network Connect|[[pub:conf-vpn-out-en# | + | |
- | |Linux from command line (shell)|Network Connect|[[pub: | + | |
- | |Macosx, Windows|Junos Pulse|[[pub: | + | |
- | |Mobile Devices (Smartphone & Tablet)|Junos Pulse|[[pub: | + | |
- | ===== Windows / MAC / Linux PCs ===== | + | ===== VPN-OUT properties |
- | ==== Installing the Network Connect client | + | ==== traffic flow ==== |
- | Before being able to use the service, you need to install | + | All the traffic will flow in the SSL tunnel and the internet traffic is NATTED with a UniTN public ip address. |
- | ** NOTE: ** | ||
- | * ** Before starting, it is recommended the elimination of the old vpn connection (if any) ** | ||
- | * ** The PC must have a correct proxy configuration: | ||
- | |||
- | To install " | ||
- | |||
- | === 1) MANUAL MODE === | ||
- | |||
- | **REQUISITES: | ||
- | * Administrator rights (Windows), root privileges (Linux / Mac) | ||
- | |||
- | **INSTRUCTIONS: | ||
- | * Manually download, from the links below, the " | ||
- | |||
- | ^Operative System^Download link^ | ||
- | |Windows 32bit|[[https:// | ||
- | |Windows 64bit|[[https:// | ||
- | |Linux|[[https:// | ||
- | |||
- | For Mac and Safari: Warning !!! Be sure that your browser is saving the file with .dmg extension (and not .exe) as " | ||
- | |||
- | ^Operative System^Download link^ | ||
- | |Mac OS X|[[https:// | ||
- | |||
- | |||
- | * Run the downloaded installation package on your PC | ||
- | * NB: you will need Administrator rights (Windows), root privileges (Linux / Mac) | ||
- | |||
- | === 2) " | ||
- | |||
- | **REQUISITES: | ||
- | * Administrator rights (Windows), root privileges (Linux / Mac) | ||
- | * Browser with Java JRE 6 or higher installed and running | ||
- | * after Java 7u51 update, you need to add a security exception in the Java Control Panel under " | ||
- | * Verification and updating Java installation: | ||
- | * Java installation instructions: | ||
- | * For Ubuntu Linux + Firefox you have to install the IcedTea-Web Plugin (via Firefox Add-ons Manager) and OpenJDK 6 or 7 (via apt-get see below) | ||
- | |||
- | **NOTE FOR LINUX 64bit:** | ||
- | * Linux 64bit is currently only supported with 32bit client then you also need the 32bit Java version | ||
- | * On Ubuntu Linux 64bit (12.0.4) you have to install the openjdk 6 or 7 (32bit) with this command: "sudo apt-get install openjdk-6-jre: | ||
- | |||
- | **INSTRUCTIONS: | ||
- | * Connect with a browser at [[https:// | ||
- | * click on " | ||
- | |||
- | {{: | ||
- | |||
- | * " | ||
- | |||
- | **ONLY FOR WINDOWS:** | ||
- | * To confirm the connection, in the notification area at the bottom right (next to clock) you will see a icon like this: {{: | ||
- | |||
- | |||
- | ==== Using the Network Connect client ==== | ||
- | |||
- | Once the Network Connect client has been installed with one of the previous mode, for further connections, | ||
- | |||
- | ** NOTE: ** | ||
- | * ** Before starting, it is recommended the elimination of the old vpn connection (if any) ** | ||
- | * ** The PC must have a correct proxy configuration: | ||
- | |||
- | At this point, just perform these 3 simple steps: | ||
- | |||
- | - Insert the connection URL (Sign-in Page): **< | ||
- | - Enter username and password (University credentials) | ||
- | - Click " | ||
- | |||
- | {{: | ||
- | |||
- | In a few seconds you will be connected to the VPN session. | ||
- | |||
- | **ONLY FOR WINDOWS:** | ||
- | * To confirm the connection, in the notification area at the bottom right (next to clock) you will see a icon like this: {{: | ||
- | * By double clicking the icon, you can view the connection information: | ||
- | |||
- | {{: | ||
- | |||
- | **NB: ** you can always make the connection by accessing via browser by repeating the steps above in the section | ||
- | |||
- | ===== Using the Network Connect client from the command line (Linux) ===== | ||
- | |||
- | After the succesful installation of Network Connect, you can connect directly from the command line, the files are in the directory / | ||
- | |||
- | if you can't find this directory, you can download and extract this archive: {{: | ||
- | |||
- | Follow this procedure (tested on Ubuntu 64bit 12.0.4):\\ | ||
- | |||
- | * 1) move to the directory / | ||
- | |||
- | < | ||
- | user@linux: | ||
- | </ | ||
- | |||
- | * 2) Download the ssl vpn certificate (check if the file " | ||
- | |||
- | < | ||
- | user@linux: | ||
- | </ | ||
- | |||
- | * 3a) to establish the connection with the control applet (insert the password when required): | ||
- | |||
- | < | ||
- | user@linux: | ||
- | Searching for ncsvc in current working directory done | ||
- | Password: | ||
- | </ | ||
- | |||
- | * 3b) to establish the connection in " | ||
- | |||
- | < | ||
- | user@linux: | ||
- | Password: | ||
- | Connecting to vpn-ssl.unitn.it : 443 | ||
- | </ | ||
- | |||
- | * 4) Check and verify the connection status: | ||
- | |||
- | < | ||
- | user@linux: | ||
- | 8: tun0: < | ||
- | link/ | ||
- | inet 10.31.111.36/ | ||
- | </ | ||
- | |||
- | ===== MACOSX 10.9 Maverick, Windows (Junos Pulse) ===== | ||
- | |||
- | As an alternative to Network Connect, for MACOSX (>10.6) and Windows it is possible to download and use Junos Pulse following the instructions below (screenshots taken from MACOSX 10.9)\\ | ||
- | |||
- | **NB: for MacOSX 10.9 Maverick Junos Pulse is the ONLY supported client** \\ | ||
- | |||
- | ^Junos Pulse Download^ | ||
- | |{{: | ||
- | |{{: | ||
- | |{{: | ||
- | |||
- | For Mac and Safari: Warning !!! Be sure that your browser is saving the file with .dmg extension (and not .exe) as " | ||
- | |||
- | After the installation, | ||
- | |||
- | {{: | ||
- | |||
- | Create a new connection by clicking the ' | ||
- | |||
- | {{: | ||
- | |||
- | To start the connection, click on < | ||
- | |||
- | {{: | ||
- | |||
- | Fill the form with the username (@unitn.it) and password:\\ | ||
- | |||
- | {{: | ||
- | |||
- | The connection is etablished, you can stop the vpn clicking on < | ||
- | |||
- | {{: | ||
- | |||
- | On the top you can see the Junos Pulse menu bar with the status icon:\\ | ||
- | |||
- | {{: | ||
- | |||
- | You can show a status window from File-> | ||
- | |||
- | {{: | ||
- | |||
- | It is possible to verify the assigned vpn ip from a terminal window with the ' | ||
- | |||
- | < | ||
- | MAC user$ ifconfig | ||
- | lo0: flags=8049< | ||
- | .... | ||
- | .... | ||
- | utun0: flags=8051< | ||
- | inet 10.31.111.10 --> 10.31.111.10 netmask 0xffffffff | ||
- | |||
- | </ | ||
- | |||
- | ===== Mobile Devices ===== | ||
- | |||
- | **REQUISITES** | ||
- | * iPhone, iPod Touch, iPad (iOS 5.0, | ||
- | * Android devices 4.0 or higher | ||
- | * Windows Mobile 6.5 | ||
- | |||
- | **INSTRUCTIONS: | ||
- | * Install the app "Junos Pulse" from ther App Store or Google Play | ||
- | * Start the application "Junos Pulse" | ||
- | |||
- | {{: | ||
- | |||
- | * Create a new connection by entering: | ||
- | * " | ||
- | * " | ||
- | * "User Name" (in the form username@unitn.it) | ||
- | * Touch on " | ||
- | |||
- | {{: | ||
- | |||
- | * Tap on " | ||
- | |||
- | {{: | ||
- | {{: | ||
- | {{: | ||
- | |||
- | * At this point the connection is established, | ||
- | |||
- | {{: | ||
- | {{: | ||
- | |||
- | * At the end of the session, to end the connection, tap on " | ||
- | |||
- | ===== Features of vpn-ssl service ===== | ||
- | |||
- | ==== IP addresses assigned to the clients ==== | ||
- | |||
- | To connected vpn clients is assigned an ip in the range from 10.31.111.10 to 10.31.111.254 | ||
- | |||
- | ==== Traffic flow ==== | ||
- | |||
- | After the connection, all the traffic will use the VPN tunnel and Internet traffic will be natted with an UniTN peblic ip. | ||
- | |||
- | NB: the routing change doesn' | ||
- | ==== User-side Firewall rules ==== | ||
- | |||
- | VPN traffic is encrypted in SSL and uses TCP destination port 443. For the ESP mode (which increases performance) you must open the UDP destination port 4500 too. | ||
- | |||
- | ==== Supported clients ==== | ||
- | |||
- | ^Platform^SO^Browsers and Java Environment^ | ||
- | |Windows|- Windows 8 on 32-bit or 64-bit platforms.- Windows 8 Enterprise on 32-bit. \\ - Windows 7 on 32-bit or 64-bit platforms \\ - Windows 7 SP1 Enterprise on 32-bit \\ - Windows Vista on 32-bit or 64-bit platforms \\ - Windows XP with SP3 on 32 bit|- Internet Explorer 10 \\ - Internet Explorer 9.0 \\ - Internet Explorer 8.0 \\ - Internet Explorer 7.0 \\ - Firefox 3.0 and above including FF10 \\ - Oracle JRE 6 and above| | ||
- | |Mac|- Mac OS X 10.6.x, 32 bit and 64 bit \\ - Mac OS X 10.7.x, 32 bit \\ - Mac OS X 10.8.x, 32 bit|- Safari 6.0 Sun JRE 6 \\ - Safari 5.1 Sun JRE 6 \\ - Safari 5.0 Sun JRE 6| | ||
- | |Linux|- OpenSuse 10.x and 11.x \\ - Ubuntu 9.10, 10.x and 11.x \\ - Red Hat Enterprise Linux 5|- Firefox 3.0 and above \\ - Oracle JRE 6 and above| | ||
- | |Solaris|- Solaris 10, 32 bit only|- Mozilla 2.0 and above| | ||
- | **NOTE:**\\ \\ | ||
- | 1) IE 10 is supported in Windows 8 Desktop Mode on Windows 8\\ | ||
- | 2) 32 bit Network Connect is supported only on the following distributions: | ||
- | ^Platform^Operating System^Browsers and Java Environment^ | ||
- | |Linux|- Ubuntu 12.04 LTS \\ - OpenSUSe 12.1 \\ - Fedora 17|- FireFox 10-ESR \\ - Oracle JRE 6 and 7 \\ - IcedTea-Web 1.2 with OpenJDK 6 and 7| | ||
- | |||
- | Other operating systems, browsers and versions of Java, it may work by requiring, in some cases, possible interventions configuration on the client. | ||
pub/conf-vpn-out-en.1444300342.txt.gz · Ultima modifica: 2015/10/08 10:32 da m.fiorazzo@unitn.it