Difference between revisions of "Accessing the Off-Campus VPN"
AlphaCubed (talk | contribs) |
AlphaCubed (talk | contribs) |
||
Line 1: | Line 1: | ||
= Connecting to GlobalProtect = | = Connecting to GlobalProtect = | ||
== Using openconnect == | Due to 2-factor authentication, you may need to use some special steps to use openconnect. This is currently being tested. | ||
The other approach is to use the GlobalProtect GUI, which is officially supported by Rose-Hulman and will work for the time being. | |||
== Using the GlobalProtect GUI == | |||
In a web browser, go to https://rose-hulman.microsoftcrmportals.com/knowledgebase/article/KA-01278/en-us. | |||
Press Ctrl+F and type in "Setting up the client on Linux". | |||
Read and follow the instructions below "Setting up the client on Linux". You can follow these instructions in a VM if you want to isolate the GUI client from your host system. | |||
You will need to download the Word document which opens fine in LibreOffice Writer or the OnlyOffice Desktop Editors. | |||
== Using openconnect (WIP) == | |||
Due to 2-factor authentication on the VPN, this tutorial will not work with the current configuration, but it is currently being experimented with. | |||
Install <code>openconnect-sso</code> using the following commands in a terminal: | |||
'''Ubuntu/Debian/Other Linux Distros''': follow the instructions in this section: https://github.com/vlaci/openconnect-sso#using-pippipx | |||
'''Arch Linux''':<code>sudo pacman -S yay && yay -S openconnect-sso</code> (This will install yay, which installs packages from the AUR, and openconnect-sso, which allows you to use 2-factor authentication to connect to the VPN.) | |||
Then, connect to the VPN using the following command, replacing yournetworkusername with your Rose-Hulman network username (for security reasons, '''do NOT run this command as root, e.g. using sudo'''): | |||
openconnect-sso --server gp.rose-hulman.edu --user [email protected] | |||
Then type in your password and press ENTER. | |||
'''NOTE: As of 6/26/21, this is when the VPN won't connect.''' If you want more information to try to help us out, see the "openconnect debugging" section at the bottom of this page. | |||
You should see a message if it connects successfully. | |||
Sources: https://github.com/dlenski/openconnect/issues/143, https://github.com/vlaci/openconnect-sso | |||
Active issues: https://github.com/dlenski/openconnect/issues/143, https://gitlab.com/openconnect/openconnect/-/issues/84 | |||
= Historical information on using openconnect for GlobalProtect = | |||
Open a terminal, and type: | Open a terminal, and type: | ||
Line 16: | Line 51: | ||
Alternatively, if you prefer the command line, type <code>ping mirror.csse.rose-hulman.edu</code> and see if there is a response from the server - if you are connected, it should say <code>PING from (ip address): 20ms or similar</code>. | Alternatively, if you prefer the command line, type <code>ping mirror.csse.rose-hulman.edu</code> and see if there is a response from the server - if you are connected, it should say <code>PING from (ip address): 20ms or similar</code>. | ||
To disconnect, press the Control and C keys at the same time in the terminal. Wait until you see your normal shell prompt such as: | To disconnect, press the Control and C keys at the same time in the terminal. | ||
<code>username@hostname:directory$</code> (source: https://www.howtogeek.com/307701/how-to-customize-and-colorize-your-bash-prompt/). | |||
Wait until you see your normal shell prompt such as:<blockquote><code>username@hostname:directory$</code> | |||
(source: https://www.howtogeek.com/307701/how-to-customize-and-colorize-your-bash-prompt/).</blockquote>'''EDIT 6/26/21''': This currently errors out with this message, and logging in via that URL will not work (it redirects to a success page that doesn't do anything):<blockquote>SSL negotiation with gp.rose-hulman.edu | |||
Connected to HTTPS on gp.rose-hulman.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-256-GCM) | |||
SAML REDIRECT authentication is required via (long url) | |||
When SAML authentication is complete, specify destination form field by appending :field_name to login URL. | |||
Failed to parse server response | |||
Failed to obtain WebVPN cookie</blockquote> | |||
= Historical information on Juniper/PulseSecure = | = Historical information on Juniper/PulseSecure = | ||
Line 52: | Line 92: | ||
To disconnect, press the Control and C keys at the same time in the terminal. Wait until you see your normal shell prompt such as: | To disconnect, press the Control and C keys at the same time in the terminal. Wait until you see your normal shell prompt such as: | ||
<code>username@hostname:directory$</code> (source: https://www.howtogeek.com/307701/how-to-customize-and-colorize-your-bash-prompt/). | <code>username@hostname:directory$</code> (source: https://www.howtogeek.com/307701/how-to-customize-and-colorize-your-bash-prompt/). | ||
= openconnect debugging = | |||
[info ] Authenticating to VPN endpoint [openconnect_sso.app] address=gp.rose-hulman.edu name= | |||
Traceback (most recent call last): | |||
File "/usr/bin/openconnect-sso", line 33, in <module> | |||
sys.exit(load_entry_point('openconnect-sso==0.7.3', 'console_scripts', 'openconnect-sso')()) | |||
File "/usr/lib/python3.9/site-packages/openconnect_sso/cli.py", line 169, in main | |||
return app.run(args) | |||
File "/usr/lib/python3.9/site-packages/openconnect_sso/app.py", line 34, in run | |||
auth_response, selected_profile = asyncio.get_event_loop().run_until_complete( | |||
File "/usr/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete | |||
return future.result() | |||
File "/usr/lib/python3.9/site-packages/openconnect_sso/app.py", line 139, in _run | |||
auth_response = await authenticate_to( | |||
File "/usr/lib/python3.9/site-packages/openconnect_sso/authenticator.py", line 22, in authenticate | |||
response = self._start_authentication() | |||
File "/usr/lib/python3.9/site-packages/openconnect_sso/authenticator.py", line 67, in _start_authentication | |||
return parse_response(response) | |||
File "/usr/lib/python3.9/site-packages/openconnect_sso/authenticator.py", line 137, in parse_response | |||
xml = objectify.fromstring(resp.content) | |||
File "src/lxml/objectify.pyx", line 1808, in lxml.objectify.fromstring | |||
File "src/lxml/etree.pyx", line 3237, in lxml.etree.fromstring | |||
File "src/lxml/parser.pxi", line 1896, in lxml.etree._parseMemoryDocument | |||
File "src/lxml/parser.pxi", line 1784, in lxml.etree._parseDoc | |||
File "src/lxml/parser.pxi", line 1141, in lxml.etree._BaseParser._parseDoc | |||
File "src/lxml/parser.pxi", line 615, in lxml.etree._ParserContext._handleParseResultDoc | |||
File "src/lxml/parser.pxi", line 725, in lxml.etree._handleParseResult | |||
File "src/lxml/parser.pxi", line 654, in lxml.etree._raiseParseError | |||
File "<string>", line 1 | |||
lxml.etree.XMLSyntaxError: Start tag expected, '<' not found, line 1, column 1 |
Revision as of 19:49, 26 June 2021
Connecting to GlobalProtect
Due to 2-factor authentication, you may need to use some special steps to use openconnect. This is currently being tested.
The other approach is to use the GlobalProtect GUI, which is officially supported by Rose-Hulman and will work for the time being.
Using the GlobalProtect GUI
In a web browser, go to https://rose-hulman.microsoftcrmportals.com/knowledgebase/article/KA-01278/en-us.
Press Ctrl+F and type in "Setting up the client on Linux".
Read and follow the instructions below "Setting up the client on Linux". You can follow these instructions in a VM if you want to isolate the GUI client from your host system.
You will need to download the Word document which opens fine in LibreOffice Writer or the OnlyOffice Desktop Editors.
Using openconnect (WIP)
Due to 2-factor authentication on the VPN, this tutorial will not work with the current configuration, but it is currently being experimented with.
Install openconnect-sso
using the following commands in a terminal:
Ubuntu/Debian/Other Linux Distros: follow the instructions in this section: https://github.com/vlaci/openconnect-sso#using-pippipx
Arch Linux:sudo pacman -S yay && yay -S openconnect-sso
(This will install yay, which installs packages from the AUR, and openconnect-sso, which allows you to use 2-factor authentication to connect to the VPN.)
Then, connect to the VPN using the following command, replacing yournetworkusername with your Rose-Hulman network username (for security reasons, do NOT run this command as root, e.g. using sudo):
openconnect-sso --server gp.rose-hulman.edu --user [email protected]
Then type in your password and press ENTER.
NOTE: As of 6/26/21, this is when the VPN won't connect. If you want more information to try to help us out, see the "openconnect debugging" section at the bottom of this page.
You should see a message if it connects successfully.
Sources: https://github.com/dlenski/openconnect/issues/143, https://github.com/vlaci/openconnect-sso
Active issues: https://github.com/dlenski/openconnect/issues/143, https://gitlab.com/openconnect/openconnect/-/issues/84
Historical information on using openconnect for GlobalProtect
Open a terminal, and type:
sudo openconnect --protocol=gp gp.rose-hulman.edu
When the following appears:
RHIT EMAIL ADDRESS:
type in your Rose-Hulman email address and press ENTER.
Right after this, type in your network password, then press ENTER.
Now, try going to mirror.csse.rose-hulman.edu in a web browser. If you see something there, you are connected. If you get a server error or something similar, you are not.
Alternatively, if you prefer the command line, type ping mirror.csse.rose-hulman.edu
and see if there is a response from the server - if you are connected, it should say PING from (ip address): 20ms or similar
.
To disconnect, press the Control and C keys at the same time in the terminal.
Wait until you see your normal shell prompt such as:
username@hostname:directory$
(source: https://www.howtogeek.com/307701/how-to-customize-and-colorize-your-bash-prompt/).
EDIT 6/26/21: This currently errors out with this message, and logging in via that URL will not work (it redirects to a success page that doesn't do anything):
SSL negotiation with gp.rose-hulman.edu
Connected to HTTPS on gp.rose-hulman.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-256-GCM)
SAML REDIRECT authentication is required via (long url)
When SAML authentication is complete, specify destination form field by appending :field_name to login URL.
Failed to parse server response
Failed to obtain WebVPN cookie
Historical information on Juniper/PulseSecure
Adapted from EIT's documentation: https://servicedesk.rose-hulman.edu/knowledgebase/article/KA-01093/en-us
Open a terminal, and type:
sudo openconnect --juniper sslvpn.rose-hulman.edu
When the following appears:
frmLogin realm [Users|DeltaV|Vendors]:
type in Users and press ENTER.
Then, when this appears:
frmLogin username:
Type in your Rose-Hulman network username, press ENTER.
Right after this, type in your network password, then press ENTER.
Now, when ESP session established with server
appears in the terminal, you are connected.
To disconnect, press the Control and C keys at the same time in the terminal. Wait until you see your normal shell prompt such as:
username@hostname:directory$
(source: https://www.howtogeek.com/307701/how-to-customize-and-colorize-your-bash-prompt/).
openconnect debugging
[info ] Authenticating to VPN endpoint [openconnect_sso.app] address=gp.rose-hulman.edu name=
Traceback (most recent call last):
File "/usr/bin/openconnect-sso", line 33, in <module>
sys.exit(load_entry_point('openconnect-sso==0.7.3', 'console_scripts', 'openconnect-sso')())
File "/usr/lib/python3.9/site-packages/openconnect_sso/cli.py", line 169, in main
return app.run(args)
File "/usr/lib/python3.9/site-packages/openconnect_sso/app.py", line 34, in run
auth_response, selected_profile = asyncio.get_event_loop().run_until_complete(
File "/usr/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete
return future.result()
File "/usr/lib/python3.9/site-packages/openconnect_sso/app.py", line 139, in _run
auth_response = await authenticate_to(
File "/usr/lib/python3.9/site-packages/openconnect_sso/authenticator.py", line 22, in authenticate
response = self._start_authentication()
File "/usr/lib/python3.9/site-packages/openconnect_sso/authenticator.py", line 67, in _start_authentication
return parse_response(response)
File "/usr/lib/python3.9/site-packages/openconnect_sso/authenticator.py", line 137, in parse_response
xml = objectify.fromstring(resp.content)
File "src/lxml/objectify.pyx", line 1808, in lxml.objectify.fromstring
File "src/lxml/etree.pyx", line 3237, in lxml.etree.fromstring
File "src/lxml/parser.pxi", line 1896, in lxml.etree._parseMemoryDocument
File "src/lxml/parser.pxi", line 1784, in lxml.etree._parseDoc
File "src/lxml/parser.pxi", line 1141, in lxml.etree._BaseParser._parseDoc
File "src/lxml/parser.pxi", line 615, in lxml.etree._ParserContext._handleParseResultDoc
File "src/lxml/parser.pxi", line 725, in lxml.etree._handleParseResult
File "src/lxml/parser.pxi", line 654, in lxml.etree._raiseParseError
File "<string>", line 1
lxml.etree.XMLSyntaxError: Start tag expected, '<' not found, line 1, column 1