Differenze

Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.

--- pub:conf-vpn-paloalto-en [2021/03/15 07:37] – marco.nesler@unitn.it
+++ pub:conf-vpn-paloalto-en [2023/07/13 11:47] (versione attuale) – eliminata andrea.avi@unitn.it
@@ Linea 1: / Linea 1: @@
-====== VPN PaloAlto GlobalProtect Configuration ======
-[[https://wiki.unitn.it/pub:conf-vpn-paloalto|versione italiana]]
-----
-The **GlobalProtect** client allows you to use the UniTN network resources in the same way you can do in your office but from a remote site (home network or any internet connection) and it supports Windows,MacOS and Linux clients.
-The **GlobalProtect Mobile** client is available on the app stores (Android/Apple) and can be used on mobile clients.
-For security reasons, some internal resources are not available if you connect with an **old and unsupported operating system**. Users connecting with **Microsoft Windows 7** or previous versions or Mac OSX **10.12 (Sierra)** or previous versions can use the VPN but they **will not be able to access all the University shares**. For the complete list of the resources unavailable click [[#Blocked resources|here]]
-The **OpenConnect** unofficial client can be used to connect with Linux machines.
-Internet traffic will still flow from the active connection (ADSL, etc) while only the Unitn traffic will be routed into the tunnel (**Spilt Tunnel Mode**)
-If you already have the GlobalProtect client installed on your PC, you can add another connection profile following these instructions: [[pub:conf-vpn-out-paloalto-newprofile-en|Adding a new VPN profile]]
-----
-===== GlobalProtect Download =====
-You can install the GlobalProtect client in two ways:
-- Navigate to URL [[https://vpn.icts.unitn.it]] and follow step 1)
-Otherwise you can download it from the links below and jump to step 4)
-^GlobalProtect Download^
-|{{:pub:vpn:globalprotect64-5.2.3.msi|Windows 7/8/10 (64bit) GlobalProtect}}|
-|{{:pub:vpn:globalprotect-5.2.3.msi|Windows 7/8/10 (32bit) GlobalProtect}}|
-|{{:pub:vpn:globalprotect-5.2.3.pkg|MACOSX GlobalProtect}} (*)|[[:pub:conf-vpn-paloalto#macos_catalina|Note for MacOS Catalina]]|
-|[[https://wiki.unitn.it/PanGPLinux-5.2.3-c10.tgz|Linux GlobalProtect]]|
-|[[:pub:conf-vpn-paloalto#openconnect|Linux OpenConnect]]|
-) login with your UniTN credentials on https://vpn.icts.unitn.it :
-{{:pub:vpn:1.png?400}}
-) download the correct version
-{{:pub:vpn:2.png?400}}
-) finish the download
-{{:pub:vpn:3.png?400}}
-) start the executable file and follow the default options in the installer
-{{:pub:vpn:4.png?400}}
-) After the installation, the GlobalProtect client will start automatically. Fill in the Portal field: vpn.icts.unitn.it
-{{:pub:vpn:1-gp-set-portal.jpg?400}}
-) Click on Connect, insert your UniTN credentials and confirm on Connect
-{{:pub:vpn:2-gp-sign-in.jpg?400}}
-) Wait until status "Connected", now it is possible to use internal UniTN Network resources
-) If you click on the upper right corner on the client you'll be able to navigate the settings page. On the Details tab you can see connection details
-{{:pub:vpn:3-gp-settings.jpg?400}}
-{{:pub:vpn:8.png?400}}
-===== GlobalProtect Mobile =====
-  * Download the client on Play/App Store, searching for "globalprotect".
-  * Launch the app, in the Portal section, insert //vpn.icts.unitn.it//:
-    {{:pub:vpn:GP-mobile-portal.png?300}}
-  * When asked, insert the University credentials in the //user.name@unitn.it// format and click on //Sign IN//:
-    {{:pub:vpn:GP-mobile-user.png?300}}
-===== GlobalProtect for Linux =====
-Decompress the package using the command:
-<code>
-tar xzfv PanGPLinux-5.2.3-c10.tgz
-</code>
-Install the package using the commands related to your Linux distribution:
-<code>
-Debian Based: dpkg -i GlobalProtect_deb-5.2.3.0-10.deb
-RedHat Based: rpm -ivh GlobalProtect_rpm-5.2.30-10.rpm
-</code>
-After the installation, you can use the //globalprotect// command line tool to manage the VPN connection:
-<code>
-Connect: globalprotect connect --portal vpn.icts.unitn.it --username user.name@unitn.it
-Disconnect: globalprotect disconnect
-</code>
-===== OpenConnect =====
-----
-OpenConnect is an **unofficial** client for Linux machines, to use it you need to be able to do some basic compilation and installation procedures on the machine.
-The software is available on: [[https://www.infradead.org/openconnect/download.html]]
-Installation instructions are dependent upon the specific Linux distribution, below you'll find the instruction for an Ubuntu 18.04 LTS. More installation instructions can be found on the README on the git repository.
-----
-Installation and download of OpenConnect client and libraries:
-<code>
-sudo apt-get install build-essential gettext autoconf automake libproxy-dev libxml2-dev libtool vpnc-scripts pkg-config zlib1g-dev libgnutls28-dev
-git clone git://git.infradead.org/users/dwmw2/openconnect.git
-cd openconnect
-./autogen.sh
-./configure
-make
-sudo make install && sudo ldconfig
-</code>
-After the installation, you can connect to the University network using this command:
-<code>
-sudo openconnect --protocol=gp --user=user.name@unitn.it vpn.icts.unitn.it
-</code>
-===== macOS Catalina =====
-NB: if you are using MacOS Catalina, before being able to establish the connection, you have to go to: Settings —> Security and Privacy —> General as you can see below e click on "Open Anyway"
-{{:pub:vpn:catalina.png?400}}
-===== Blocked resources =====
-Users connection with unsupported operating systems will not be able to access the following resources:
-alessandria1.unitn.it
-.168.206.42
-nx-trento.unitn.it
-.168.132.11
-nx-collina.unitn.it
-.168.123.6
-.168.123.5
-fluidfs-prod.unitn.it
-.168.123.11
-fluidfs-prod2.unitn.it
-.168.123.19
-.168.123.18
-f87.unitn.it 192.168.187.25
-f85.unitn.it 192.168.187.26