Difference between revisions of "EBC Exercise 07 Connecting to Rose VPN"
m |
m (Typo) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[Category:ECE497]] | [[Category:ECE497]] | ||
{{YoderHead}} | {{YoderHead}} | ||
| − | Here are instructions for connecting to Rose-Hulman's VPN | + | Here are instructions for connecting to Rose-Hulman's VPN. |
| + | Two methods are presented, one uses the open-source [https://www.infradead.org/openconnect/ openconnect], | ||
| + | the other uses [https://www.globalconnect.net/ Global Connect]. | ||
([https://roseshare.rose-hulman.edu/storage/u.svc/download.dn/fid/816521741589750591_13592231390549000959 Rose Global Connect Instructions]) | ([https://roseshare.rose-hulman.edu/storage/u.svc/download.dn/fid/816521741589750591_13592231390549000959 Rose Global Connect Instructions]) | ||
| + | |||
| + | == openconnect == | ||
| + | To install openconnect, simply: | ||
| + | bone$ '''sudo apt update''' | ||
| + | bone$ '''sudo apt install openconnect''' | ||
| + | Once installed make sure you have version 8 or newer. | ||
| + | bone$ '''openconnect --version''' | ||
| + | OpenConnect version '''v8.02-1+deb10u1''' | ||
| + | Using GnuTLS. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP | ||
| + | Supported protocols: anyconnect (default), nc, gp | ||
| + | |||
| + | Run it in the background with the following, using your name instead of mine. | ||
| + | bone$ '''sudo openconnect --pid-file=/tmp/oc.pid --background --user=yoder@rose-hulman.edu --protocol gp gp.rose-hulman.edu''' | ||
| + | POST https://gp.rose-hulman.edu/ssl-vpn/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows | ||
| + | Connected to 137.112.9.46:443 | ||
| + | SSL negotiation with gp.rose-hulman.edu | ||
| + | Connected to HTTPS on gp.rose-hulman.edu | ||
| + | Enter login credentials | ||
| + | '''PASSWORD:''' | ||
| + | POST https://gp.rose-hulman.edu/ssl-vpn/login.esp | ||
| + | GlobalProtect login returned authentication-source=RADIUS - GlobalProtect | ||
| + | POST https://gp.rose-hulman.edu/ssl-vpn/getconfig.esp | ||
| + | Tunnel timeout (rekey interval) is 720 minutes. | ||
| + | Idle timeout is 600 minutes. | ||
| + | No MTU received. Calculated 1431 for SSL tunnel. No ESP keys received | ||
| + | POST https://gp.rose-hulman.edu/ssl-vpn/hipreportcheck.esp | ||
| + | WARNING: Server asked us to submit HIP report with md5sum 648914735cb358e4739bb5f749ca1c8d. | ||
| + | VPN connectivity may be disabled or limited without HIP report submission. | ||
| + | You need to provide a --csd-wrapper argument with the HIP report submission script. | ||
| + | Set up UDP failed; using SSL instead | ||
| + | Connected as '''137.112.193.200''', using SSL, with ESP disabled | ||
| + | Continuing in background; pid 24042 | ||
| + | This starts the VPN, runs it in the background, and saves the process id (pid) in /tmp/oc.pid. | ||
| + | The Rose IP address in this case is 137.112.193.200. | ||
| + | We can then later stop the VPN using the number in the file. | ||
| + | |||
| + | You can verify the IP address with | ||
| + | bone$ '''ip a''' | ||
| + | 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 | ||
| + | link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | ||
| + | inet 127.0.0.1/8 scope host lo | ||
| + | ... | ||
| + | 5: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 | ||
| + | link/ether c8:a0:30:a6:26:ea brd ff:ff:ff:ff:ff:ff | ||
| + | inet 192.168.7.2/24 brd 192.168.7.255 scope global usb0 | ||
| + | valid_lft forever preferred_lft forever | ||
| + | ... | ||
| + | 12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1431 qdisc pfifo_fast state UNKNOWN group default qlen 500 | ||
| + | link/none | ||
| + | inet '''137.112.193.200'''/32 scope global tun0 | ||
| + | valid_lft forever preferred_lft forever | ||
| + | inet6 fe80::3eba:b33c:a268:299d/64 scope link stable-privacy | ||
| + | valid_lft forever preferred_lft forever | ||
| + | |||
| + | When you are done with the VPN: | ||
| + | bone$ '''sudo kill `cat /tmp/oc.pid`''' | ||
| + | POST https://gp.rose-hulman.edu/ssl-vpn/logout.esp | ||
| + | SSL negotiation with gp.rose-hulman.edu | ||
| + | Connected to HTTPS on gp.rose-hulman.edu | ||
| + | Invalid user name | ||
| + | Logout failed. | ||
| + | RTNETLINK answers: No such process | ||
| + | RTNETLINK answers: No such process | ||
| + | User cancelled (SIGINT/SIGTERM); exiting | ||
| + | |||
| + | == Global Connect == | ||
| + | The is the method used by Rose's VPN provider. | ||
On the bone, get the installation file and untar it. | On the bone, get the installation file and untar it. | ||
Latest revision as of 12:45, 16 December 2020
Embedded Linux Class by Mark A. Yoder
Here are instructions for connecting to Rose-Hulman's VPN.
Two methods are presented, one uses the open-source openconnect,
the other uses Global Connect.
(Rose Global Connect Instructions)
openconnect
To install openconnect, simply:
bone$ sudo apt update bone$ sudo apt install openconnect
Once installed make sure you have version 8 or newer.
bone$ openconnect --version OpenConnect version v8.02-1+deb10u1 Using GnuTLS. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP Supported protocols: anyconnect (default), nc, gp
Run it in the background with the following, using your name instead of mine.
bone$ sudo openconnect --pid-file=/tmp/oc.pid --background --user=yoder@rose-hulman.edu --protocol gp gp.rose-hulman.edu POST https://gp.rose-hulman.edu/ssl-vpn/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows Connected to 137.112.9.46:443 SSL negotiation with gp.rose-hulman.edu Connected to HTTPS on gp.rose-hulman.edu Enter login credentials PASSWORD: POST https://gp.rose-hulman.edu/ssl-vpn/login.esp GlobalProtect login returned authentication-source=RADIUS - GlobalProtect POST https://gp.rose-hulman.edu/ssl-vpn/getconfig.esp Tunnel timeout (rekey interval) is 720 minutes. Idle timeout is 600 minutes. No MTU received. Calculated 1431 for SSL tunnel. No ESP keys received POST https://gp.rose-hulman.edu/ssl-vpn/hipreportcheck.esp WARNING: Server asked us to submit HIP report with md5sum 648914735cb358e4739bb5f749ca1c8d. VPN connectivity may be disabled or limited without HIP report submission. You need to provide a --csd-wrapper argument with the HIP report submission script. Set up UDP failed; using SSL instead Connected as 137.112.193.200, using SSL, with ESP disabled Continuing in background; pid 24042
This starts the VPN, runs it in the background, and saves the process id (pid) in /tmp/oc.pid. The Rose IP address in this case is 137.112.193.200. We can then later stop the VPN using the number in the file.
You can verify the IP address with
bone$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
...
5: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether c8:a0:30:a6:26:ea brd ff:ff:ff:ff:ff:ff
inet 192.168.7.2/24 brd 192.168.7.255 scope global usb0
valid_lft forever preferred_lft forever
...
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1431 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 137.112.193.200/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::3eba:b33c:a268:299d/64 scope link stable-privacy
valid_lft forever preferred_lft forever
When you are done with the VPN:
bone$ sudo kill `cat /tmp/oc.pid` POST https://gp.rose-hulman.edu/ssl-vpn/logout.esp SSL negotiation with gp.rose-hulman.edu Connected to HTTPS on gp.rose-hulman.edu Invalid user name Logout failed. RTNETLINK answers: No such process RTNETLINK answers: No such process User cancelled (SIGINT/SIGTERM); exiting
Global Connect
The is the method used by Rose's VPN provider.
On the bone, get the installation file and untar it.
bone$ cd /tmp bone$ VERS=PanGPLinux-5.1.1-c17.tgz bone$ wget -O $VERS https://roseshare.rose-hulman.edu/storage/u.svc/download.dn/fid/5504766564276453800_3845984564090334472 bone$ tar -xvf $VERS
Install.
bone$ sudo apt install ./GlobalProtect_deb_arm-5.1.1.0-17.deb
Run the VPN. Substitute your Rose username for username.
bone$ globalprotect >> connect -p gp.rose-hulman.edu -u username@rose-hulman.edu Retrieving configuration... gp.rose-hulman.edu - Enter login credentials (e.g. username@rose-hulman.edu) username(yoder@rose-hulman.edu): Password: Discovering network... Connecting... Connected >> quit
You are now connected. Find you Rose ip address.
bone$ ip a show gpd0
3: gpd0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 137.112.193.177/32 scope global gpd0
valid_lft forever preferred_lft forever
Disconnect when done.
bone$ globalprotect >> disconnect >> quit
Embedded Linux Class by Mark A. Yoder
