Editing
Accessing the Off-Campus VPN
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= Connecting to GlobalProtect = Due to 2-factor authentication, you will need to use some special steps to use openconnect. It will require you to use a GUI (for the time being). In case you prefer the command line, we don't yet have a working tutorial. You may be able to write an app around GlobalProtect-openconnect to perform the same functionality (enter URL, open a browser with the login page in Lynx, get relevant tokens, etc.) if you feel inclined. The other approach is to use the GlobalProtect GUI, which is officially supported by Rose-Hulman and will work in case things break. = Using openconnect with a GUI = == Installing == Install <code>GlobalProtect-openconnect</code> using the following commands in a terminal: '''Ubuntu/Debian/Debian-based Linux Distros''': follow the instructions in this section: https://github.com/yuezk/GlobalProtect-openconnect#debian-package '''Arch Linux''':<code>sudo pacman -S yay && yay -S globalprotect-openconnect</code> (This will install yay, which installs packages from the AUR, and GlobalProtect-openconnect, which allows you to use 2-factor authentication to connect to the VPN.) == Opening == Then, if you use KDE, press the Windows (aka. Super) key to go to your Application Launcher (in KDE) and search for "GlobalProtect". Or, if you use Ubuntu (which uses GNOME), do something similar by either pressing the Windows (aka. Super) key or clicking on the Ubuntu logo at the top-left (looks like a circle with three dots). If you don't use Ubuntu but you use GNOME, either press Windows (aka. Super) or click the foot icon at the top-left. In KDE, it will look something like this: https://github.com/RHLUG-Org/RHLUG-Wiki-Temp/raw/master/screenshot_1.png Alternatively, in a terminal, type in <code>gpclient</code> and press ENTER. == Connecting == Type in <code>gp.rose-hulman.edu</code> in the text box and click "Connect" below the text box. A window should pop up with the Rose-Hulman login screen. Go through the Microsoft login and input your 2-factor authentication token like usual. Another window will pop up. You can ignore that window. The VPN app should say "Connected". And you're done! As Apple would say, it has never been this easy to connect to the VPN. It's just like this on Windows. You can disconnect by clicking "Disconnect". = Using the GlobalProtect GUI = In a web browser, go to https://rose-hulman.microsoftcrmportals.com/knowledgebase/article/KA-01278/en-us. Press Ctrl+F and type in "Setting up the client on Linux". Read and follow the instructions below "Setting up the client on Linux". You can follow these instructions in a VM if you want to isolate the GUI client from your host system. You will need to download the Word document which opens fine in LibreOffice Writer or the OnlyOffice Desktop Editors. = Using openconnect on the command line (WIP) = Due to 2-factor authentication on the VPN, this tutorial will not work with the current configuration, but it is currently being experimented with. Install <code>openconnect-sso</code> using the following commands in a terminal: '''Ubuntu/Debian/Debian-based Linux Distros''': follow the instructions in this section: https://github.com/vlaci/openconnect-sso#using-pippipx '''Arch Linux''':<code>sudo pacman -S yay && yay -S openconnect-sso</code> (This will install yay, which installs packages from the AUR, and openconnect-sso, which allows you to use 2-factor authentication to connect to the VPN.) Then, connect to the VPN using the following command, replacing yournetworkusername with your Rose-Hulman network username (for security reasons, '''do NOT run this command as root, e.g. using sudo'''): openconnect-sso --server gp.rose-hulman.edu --user yournetworkusername@rose-hulman.edu Then type in your password and press ENTER. '''NOTE: As of 6/26/21, this is when the VPN won't connect.''' If you want more information to try to help us out, see the "openconnect debugging" section at the bottom of this page. You should see a message if it connects successfully. Sources: https://github.com/dlenski/openconnect/issues/143, https://github.com/vlaci/openconnect-sso Active issues: https://github.com/dlenski/openconnect/issues/143, https://gitlab.com/openconnect/openconnect/-/issues/84 = Historical information on using openconnect for GlobalProtect = Open a terminal, and type: <code>sudo openconnect --protocol=gp gp.rose-hulman.edu</code> When the following appears: RHIT EMAIL ADDRESS: type in your Rose-Hulman email address and press ENTER. Right after this, type in your network password, then press ENTER. Now, try going to [https://mirror.csse.rose-hulman.edu mirror.csse.rose-hulman.edu] in a web browser. If you see something there, you are connected. If you get a server error or something similar, you are not. Alternatively, if you prefer the command line, type <code>ping mirror.csse.rose-hulman.edu</code> and see if there is a response from the server - if you are connected, it should say <code>PING from (ip address): 20ms or similar</code>. To disconnect, press the Control and C keys at the same time in the terminal. Wait until you see your normal shell prompt such as:<blockquote><code>username@hostname:directory$</code> (source: https://www.howtogeek.com/307701/how-to-customize-and-colorize-your-bash-prompt/).</blockquote>'''EDIT 6/26/21''': This currently errors out with this message, and logging in via that URL will not work (it redirects to a success page that doesn't do anything):<blockquote>SSL negotiation with gp.rose-hulman.edu Connected to HTTPS on gp.rose-hulman.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-256-GCM) SAML REDIRECT authentication is required via (long url) When SAML authentication is complete, specify destination form field by appending :field_name to login URL. Failed to parse server response Failed to obtain WebVPN cookie</blockquote> = Historical information on Juniper/PulseSecure = Adapted from EIT's documentation: https://servicedesk.rose-hulman.edu/knowledgebase/article/KA-01093/en-us Open a terminal, and type: <code>sudo openconnect --juniper sslvpn.rose-hulman.edu</code> When the following appears: frmLogin realm [Users|DeltaV|Vendors]: type in Users and press ENTER. Then, when this appears: frmLogin username: Type in your Rose-Hulman network username, press ENTER. Right after this, type in your network password, then press ENTER. Now, when <code>ESP session established with server</code> appears in the terminal, you are connected. To disconnect, press the Control and C keys at the same time in the terminal. Wait until you see your normal shell prompt such as: <code>username@hostname:directory$</code> (source: https://www.howtogeek.com/307701/how-to-customize-and-colorize-your-bash-prompt/). = openconnect debugging = [info ] Authenticating to VPN endpoint [openconnect_sso.app] address=gp.rose-hulman.edu name= Traceback (most recent call last): File "/usr/bin/openconnect-sso", line 33, in <module> sys.exit(load_entry_point('openconnect-sso==0.7.3', 'console_scripts', 'openconnect-sso')()) File "/usr/lib/python3.9/site-packages/openconnect_sso/cli.py", line 169, in main return app.run(args) File "/usr/lib/python3.9/site-packages/openconnect_sso/app.py", line 34, in run auth_response, selected_profile = asyncio.get_event_loop().run_until_complete( File "/usr/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete return future.result() File "/usr/lib/python3.9/site-packages/openconnect_sso/app.py", line 139, in _run auth_response = await authenticate_to( File "/usr/lib/python3.9/site-packages/openconnect_sso/authenticator.py", line 22, in authenticate response = self._start_authentication() File "/usr/lib/python3.9/site-packages/openconnect_sso/authenticator.py", line 67, in _start_authentication return parse_response(response) File "/usr/lib/python3.9/site-packages/openconnect_sso/authenticator.py", line 137, in parse_response xml = objectify.fromstring(resp.content) File "src/lxml/objectify.pyx", line 1808, in lxml.objectify.fromstring File "src/lxml/etree.pyx", line 3237, in lxml.etree.fromstring File "src/lxml/parser.pxi", line 1896, in lxml.etree._parseMemoryDocument File "src/lxml/parser.pxi", line 1784, in lxml.etree._parseDoc File "src/lxml/parser.pxi", line 1141, in lxml.etree._BaseParser._parseDoc File "src/lxml/parser.pxi", line 615, in lxml.etree._ParserContext._handleParseResultDoc File "src/lxml/parser.pxi", line 725, in lxml.etree._handleParseResult File "src/lxml/parser.pxi", line 654, in lxml.etree._raiseParseError File "<string>", line 1 lxml.etree.XMLSyntaxError: Start tag expected, '<' not found, line 1, column 1
Summary:
Please note that all contributions to RHLUG Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
RHLUG Wiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
Edit source
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information