CommunityData:Northwestern VPN: Difference between revisions

Revision as of 06:02, 8 October 2020

NUIT instructions (works for most)

Northwestern IT has instructions for how to set up VPN on multiple operating systems using the GlobalConnect client. For most people, their instructions should work fine.

Alternative Linux configuration options (may be deprecated after April 1, 2020)

The following used to work before NU migrated all VPN connections to GlobalConnect. It may or may not work anymore with GlobalConnect and should be tested/revised accordingly.

Depending on your setup, the Linux instructions may be a bit lacking. Here are step-by-step instructions for Ubuntu 18.04. It should be similar for other Debian-based systems and very similar if you are using Gnome 3. Alternatively, you can connect to Kibo using the configuration that mako developed.

sudo apt install network-manager-openconnect-gnome

Open Settings > Networks > Add VPN

Choose the openconnect option

Edit the settings:

Gateway: `vpn-nu.vpn.northwestern.edu` Token mode: `TOTP -- manually entered`

Click connect and log in using your NU netid and password

SSH Config

To connect to kibo using ssh.

1. Install prerequisites. This will include:

  sudo apt install python3-gi gir1.2-gtk-3.0 gir1.2-webkit2-4.0 openconnect ocproxy

2. Install this directory into: ~/bin/nu-vpn-proxy

3. Change your System UUID in the script. You can get this with the command:

  sudo dmidecode|grep UUID

You should see a line like:

 UUID: deadbeef-dead-beef-dead-beefdeadbeef

Edit the file hipreport-modified.sh to change the variable HOSTID so that it is equal to this number. Change the line that says "deadbeef-dead-beef-dead-beefdeadbeaf" so that it lists your UUID.

4. [optional]

Change bmh1867 to your username and add the following stanza text to your ~/.ssh/config:

   Host kibo kibo.soc.northwestern.edu
       Hostname kibo.soc.northwestern.edu
       User bmh1867
       ProxyCommand ~/bin/nu-vpn-proxy/ssh-vpn-proxy %h %p
       ForwardAgent yes
       ServerAliveInterval 120

Usage

There are two ways to use this.

1. *Only* for SSH connections to kibo.

This should be just as simple as running:

 ssh kibo

You can run the command mulptiple time and it should work. When you close the first connection though, it will disconnect all of your connections.

2. Your entire connection.

Run the following command:

 ~/bin/nu-vpn-proxy/openconnect_command-general.sh

While this command is running, you should be connected through the VPN. Run Ctrl-C to disconnect.

@@ Line 36: / Line 36: @@
 To connect to kibo using ssh.
-. Install netcat-bsd and ocproxy
+. Install prerequisites. This will include:
-    sudo apt install ocproxy netcat-openbsd
+    sudo apt install python3-gi gir1.2-gtk-3.0 gir1.2-webkit2-4.0 openconnect ocproxy
-. Add the following to your ~/.ssh/config. Replace <YOUR NU USERNAME>.
+. Install this directory into: <code> ~/bin/nu-vpn-proxy </code>
-   Host kibo kibo.soc.northwestern.edu
+. Change your System UUID in the script. You can get this with the command:
-     Hostname kibo.soc.northwestern.edu
+   sudo dmidecode|grep UUID
-     User <YOUR NU USERNAME>
+You should see a line like:
-     ProxyCommand ~/bin/nu-vpn-proxy %h %p
-. Create the file ~/bin/nu-vpn-proxy with the following. Replace <YOUR NU NETID> and <YOUR NU PASSWORD>.
+  UUID: deadbeef-dead-beef-dead-beefdeadbeef
+Edit the file hipreport-modified.sh to change the variable HOSTID so that it is
+equal to this number. Change the line that says
+"deadbeef-dead-beef-dead-beefdeadbeaf" so that it lists your UUID.
-    #!/bin/bash
+. [optional]
-    # connects to SSH through openconnect and VPN
-    # for use with ProxyCommand in SSH
-    # first run openconnect
-    /sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid --make-pidfile -b -S --startas /bin/bash -- -c '/usr/sbin/openconnect --reconnect-timeout 60 --script-tun --script "ocproxy -D 9052" --user <YOUR NU NETID> vpn-nu.vpn.northwestern.edu < <(echo <YOUR NU PASSWORD>)' &
-    sleep 3
-    # kill connection on exit
-    function cleanup {
-      /sbin/start-stop-daemon --stop --pidfile /tmp/nu-vpn-openconnect.pid
-    }
-    trap cleanup EXIT
-    # redirect traffic (standard input and output) through VPN
-    /bin/nc.openbsd -X 5 -x 127.0.0.1:9052 $1 $2
-Make the file executable using <code> chmod +x ~/bin/nu-vpn-proxy </code>
+Change bmh1867 to your username and add the following stanza text to your
+~/.ssh/config:
-Now you should be able to login to kibo. <code> ssh kibo </code>.
+    Host kibo kibo.soc.northwestern.edu
+        Hostname kibo.soc.northwestern.edu
+        User bmh1867
+        ProxyCommand ~/bin/nu-vpn-proxy/ssh-vpn-proxy %h %p
+        ForwardAgent yes
+        ServerAliveInterval 120
+=== Usage ===
+There are two ways to use this.
+. *Only* for SSH connections to kibo.
+This should be just as simple as running:
+  ssh kibo
+You can run the command mulptiple time and it should work. When you close the
+first connection though, it will disconnect all of your connections.
+. Your entire connection.
+Run the following command:
+  ~/bin/nu-vpn-proxy/openconnect_command-general.sh
+While this command is running, you should be connected through the VPN. Run
+Ctrl-C to disconnect.