Difference between revisions of "EBC Exercise 07 Connecting to Rose VPN"

From eLinux.org
Jump to: navigation, search
(Initial info)
 
m (Typo)
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Category:ECE497]]
 
[[Category:ECE497]]
 
{{YoderHead}}
 
{{YoderHead}}
Here are  instructions for connecting to Rose-Hulman's VPN via Global Connect.
+
Here are  instructions for connecting to Rose-Hulman's VPN.
 +
Two methods are presented, one uses the open-source [https://www.infradead.org/openconnect/ openconnect],
 +
the other uses [https://www.globalconnect.net/ Global Connect].
 
([https://roseshare.rose-hulman.edu/storage/u.svc/download.dn/fid/816521741589750591_13592231390549000959 Rose Global Connect Instructions])
 
([https://roseshare.rose-hulman.edu/storage/u.svc/download.dn/fid/816521741589750591_13592231390549000959 Rose Global Connect Instructions])
  
On the bone, get the installation file.
+
== openconnect ==
  bone$ '''VERS=PanGPLinux-5.1.1-c17.tgz'''
+
To install openconnect, simply:
  bone$ '''wget -O $VERS https://roseshare.rose-hulman.edu/storage/u.svc/download.dn/fid/5504766564276453800_3845984564090334472'''
+
  bone$ '''sudo apt update'''
  bone$ '''tar -xvf $VERS'''
+
  bone$ '''sudo apt install openconnect'''
sudo apt install ./GlobalProtect_deb_arm-5.1.1.0-17.deb
+
Once installed make sure you have version 8 or newer.
 +
  bone$ '''openconnect --version'''
 +
OpenConnect version '''v8.02-1+deb10u1'''
 +
Using GnuTLS. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
 +
Supported protocols: anyconnect (default), nc, gp
  
globalprotect
+
Run it in the background with the following, using your name instead of mine.
 +
bone$ '''sudo openconnect --pid-file=/tmp/oc.pid --background --user=yoder@rose-hulman.edu --protocol gp gp.rose-hulman.edu'''
 +
POST https://gp.rose-hulman.edu/ssl-vpn/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows
 +
Connected to 137.112.9.46:443
 +
SSL negotiation with gp.rose-hulman.edu
 +
Connected to HTTPS on gp.rose-hulman.edu
 +
Enter login credentials
 +
'''PASSWORD:'''
 +
POST https://gp.rose-hulman.edu/ssl-vpn/login.esp
 +
GlobalProtect login returned authentication-source=RADIUS - GlobalProtect
 +
POST https://gp.rose-hulman.edu/ssl-vpn/getconfig.esp
 +
Tunnel timeout (rekey interval) is 720 minutes.
 +
Idle timeout is 600 minutes.
 +
No MTU received. Calculated 1431 for SSL tunnel. No ESP keys received
 +
POST https://gp.rose-hulman.edu/ssl-vpn/hipreportcheck.esp
 +
WARNING: Server asked us to submit HIP report with md5sum 648914735cb358e4739bb5f749ca1c8d.
 +
VPN connectivity may be disabled or limited without HIP report submission.
 +
You need to provide a --csd-wrapper argument with the HIP report submission script.
 +
Set up UDP failed; using SSL instead
 +
Connected as '''137.112.193.200''', using SSL, with ESP disabled
 +
Continuing in background; pid 24042
 +
This starts the VPN, runs it in the background, and saves the process id (pid) in /tmp/oc.pid.
 +
The Rose IP address in this case is 137.112.193.200.
 +
We can then later stop the VPN using the number in the file.
  
>> connect -p gp.rose-hulman.edu -u username@rose-hulman.edu
+
You can verify the IP address with
>> quit
+
bone$ '''ip a'''
 +
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
 +
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 +
    inet 127.0.0.1/8 scope host lo
 +
...
 +
5: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
 +
    link/ether c8:a0:30:a6:26:ea brd ff:ff:ff:ff:ff:ff
 +
    inet 192.168.7.2/24 brd 192.168.7.255 scope global usb0
 +
        valid_lft forever preferred_lft forever
 +
...
 +
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1431 qdisc pfifo_fast state UNKNOWN group default qlen 500
 +
    link/none
 +
    inet '''137.112.193.200'''/32 scope global tun0
 +
        valid_lft forever preferred_lft forever
 +
    inet6 fe80::3eba:b33c:a268:299d/64 scope link stable-privacy
 +
        valid_lft forever preferred_lft forever
  
ip a show gpd0
+
When you are done with the VPN:
3: gpd0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc pfifo_fast state UNKNOWN group default qlen 500
+
bone$ '''sudo kill `cat /tmp/oc.pid`'''
    link/none
+
POST https://gp.rose-hulman.edu/ssl-vpn/logout.esp
    inet 137.112.193.177/32 scope global gpd0
+
SSL negotiation with gp.rose-hulman.edu
      valid_lft forever preferred_lft forever
+
Connected to HTTPS on gp.rose-hulman.edu
 +
Invalid user name
 +
Logout failed.
 +
RTNETLINK answers: No such process
 +
RTNETLINK answers: No such process
 +
User cancelled (SIGINT/SIGTERM); exiting
  
globalprotect
+
== Global Connect ==
>> disconnect
+
The is the method used by Rose's VPN provider.
>> quit
 
  
 +
On the bone, get the installation file and untar it.
 +
bone$ '''cd /tmp'''
 +
bone$ '''VERS=PanGPLinux-5.1.1-c17.tgz'''
 +
bone$ '''wget -O $VERS https://roseshare.rose-hulman.edu/storage/u.svc/download.dn/fid/5504766564276453800_3845984564090334472'''
 +
bone$ '''tar -xvf $VERS'''
 +
Install.
 +
bone$ '''sudo apt install ./GlobalProtect_deb_arm-5.1.1.0-17.deb'''
 +
Run the VPN.  Substitute your Rose username for ''username''.
 +
bone$ '''globalprotect'''
 +
>> '''connect -p gp.rose-hulman.edu -u ''username''@rose-hulman.edu'''
 +
Retrieving configuration...                                           
 +
gp.rose-hulman.edu - Enter login credentials                         
 
   
 
   
 +
(e.g. username@rose-hulman.edu)
 +
username(yoder@rose-hulman.edu):
 +
Password:
 +
Discovering network...                                               
 +
Connecting...                                                         
 +
Connected                                                             
 +
>> '''quit'''
 +
You are now connected.  Find you Rose ip address.
 +
bone$ '''ip a show gpd0'''
 +
3: gpd0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc pfifo_fast state UNKNOWN group default qlen 500
 +
    link/none
 +
    inet 137.112.193.177/32 scope global gpd0
 +
        valid_lft forever preferred_lft forever
 +
 +
Disconnect when done.
 +
bone$ '''globalprotect'''
 +
>> '''disconnect'''
 +
>> '''quit'''
 +
 
{{YoderFoot}}
 
{{YoderFoot}}

Latest revision as of 13:45, 16 December 2020

thumb‎ Embedded Linux Class by Mark A. Yoder


Here are instructions for connecting to Rose-Hulman's VPN. Two methods are presented, one uses the open-source openconnect, the other uses Global Connect. (Rose Global Connect Instructions)

openconnect

To install openconnect, simply:

bone$ sudo apt update
bone$ sudo apt install openconnect

Once installed make sure you have version 8 or newer.

bone$ openconnect --version
OpenConnect version v8.02-1+deb10u1
Using GnuTLS. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp

Run it in the background with the following, using your name instead of mine.

bone$ sudo openconnect --pid-file=/tmp/oc.pid --background --user=yoder@rose-hulman.edu --protocol gp gp.rose-hulman.edu
POST https://gp.rose-hulman.edu/ssl-vpn/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows
Connected to 137.112.9.46:443
SSL negotiation with gp.rose-hulman.edu
Connected to HTTPS on gp.rose-hulman.edu
Enter login credentials
PASSWORD: 
POST https://gp.rose-hulman.edu/ssl-vpn/login.esp
GlobalProtect login returned authentication-source=RADIUS - GlobalProtect
POST https://gp.rose-hulman.edu/ssl-vpn/getconfig.esp
Tunnel timeout (rekey interval) is 720 minutes.
Idle timeout is 600 minutes.
No MTU received. Calculated 1431 for SSL tunnel. No ESP keys received
POST https://gp.rose-hulman.edu/ssl-vpn/hipreportcheck.esp
WARNING: Server asked us to submit HIP report with md5sum 648914735cb358e4739bb5f749ca1c8d.
VPN connectivity may be disabled or limited without HIP report submission.
You need to provide a --csd-wrapper argument with the HIP report submission script.
Set up UDP failed; using SSL instead
Connected as 137.112.193.200, using SSL, with ESP disabled
Continuing in background; pid 24042

This starts the VPN, runs it in the background, and saves the process id (pid) in /tmp/oc.pid. The Rose IP address in this case is 137.112.193.200. We can then later stop the VPN using the number in the file.

You can verify the IP address with

bone$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
...
5: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether c8:a0:30:a6:26:ea brd ff:ff:ff:ff:ff:ff
    inet 192.168.7.2/24 brd 192.168.7.255 scope global usb0
       valid_lft forever preferred_lft forever
...
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1431 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none 
    inet 137.112.193.200/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::3eba:b33c:a268:299d/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

When you are done with the VPN:

bone$ sudo kill `cat /tmp/oc.pid`
POST https://gp.rose-hulman.edu/ssl-vpn/logout.esp
SSL negotiation with gp.rose-hulman.edu
Connected to HTTPS on gp.rose-hulman.edu
Invalid user name
Logout failed.
RTNETLINK answers: No such process
RTNETLINK answers: No such process
User cancelled (SIGINT/SIGTERM); exiting

Global Connect

The is the method used by Rose's VPN provider.

On the bone, get the installation file and untar it.

bone$ cd /tmp
bone$ VERS=PanGPLinux-5.1.1-c17.tgz
bone$ wget -O $VERS https://roseshare.rose-hulman.edu/storage/u.svc/download.dn/fid/5504766564276453800_3845984564090334472
bone$ tar -xvf $VERS

Install.

bone$ sudo apt install ./GlobalProtect_deb_arm-5.1.1.0-17.deb

Run the VPN. Substitute your Rose username for username.

bone$ globalprotect
>> connect -p gp.rose-hulman.edu -u username@rose-hulman.edu
Retrieving configuration...                                            
gp.rose-hulman.edu - Enter login credentials                           

(e.g. username@rose-hulman.edu)
username(yoder@rose-hulman.edu):
Password:
Discovering network...                                                 
Connecting...                                                          
Connected                                                              
>> quit

You are now connected. Find you Rose ip address.

bone$ ip a show gpd0
3: gpd0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none 
    inet 137.112.193.177/32 scope global gpd0
       valid_lft forever preferred_lft forever

Disconnect when done.

bone$ globalprotect
>> disconnect
>> quit




thumb‎ Embedded Linux Class by Mark A. Yoder