CommunityData:Northwestern VPN: Difference between revisions

From CommunityData
m (fix link)
Line 47: Line 47:
      
      
     # connects to SSH through openconnect and VPN
     # connects to SSH through openconnect and VPN
     # for use iwth ProxyCommand in SSH
     # for use with ProxyCommand in SSH
      
      
     # first run openconnect
     # first run openconnect

Revision as of 03:36, 9 February 2020

Northwestern IT has instructions for how to set up VPN on multiple operating systems. For most people, their instructions should work fine.

The Linux instructions are a bit lacking. Here are step-by-step instructions for Ubuntu 18.04. It should be similar for other Debian-based systems and very similar if you are using Gnome 3. Alternatively, you can connect to Kibo using the configuration that mako developed.

sudo apt install network-manager-openconnect-gnome

Open Settings > Networks > Add VPN

Add-vpn.png

Choose the openconnect option

Anyconnect-vpn.png

Edit the settings:

Gateway: `vpn-nu.vpn.northwestern.edu` Token mode: `TOTP -- manually entered`

Vpn-settings.png

Click connect and log in using your NU netid and password

Vpn-connect.png

SSH Config

To connect to kibo using ssh.

1. Install netcat-bsd and ocproxy

  sudo apt install ocproxy netcat-openbsd 

2. Add the following to your ~/.ssh/config. Replace <YOUR NU USERNAME>.

  Host kibo kibo.soc.northwestern.edu
    Hostname kibo.soc.northwestern.edu
    User <YOUR NU USERNAME>
    ProxyCommand ~/bin/nu-vpn-proxy %h %p

3. Create the file ~/bin/nu-vpn-proxy with the following. Replace <YOUR NU NETID> and <YOUR NU PASSWORD>.


   #!/bin/bash
   
   # connects to SSH through openconnect and VPN
   # for use with ProxyCommand in SSH
   
   # first run openconnect
   
   /sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid --make-pidfile -b -S --startas /bin/bash -- -c '/usr/sbin/openconnect --reconnect-timeout 60 --script-tun --script "ocproxy -D 9052" --user <YOUR NU NETID> vpn-nu.vpn.northwestern.edu < <(echo <YOUR NU PASSWORD>)' & 
   
   sleep 3 
   
   # kill connection on exit
   function cleanup {
     /sbin/start-stop-daemon --stop --pidfile /tmp/nu-vpn-openconnect.pid
   }
   trap cleanup EXIT
   
   # redirect traffic (standard input and output) through VPN
   /bin/nc.openbsd -X 5 -x 127.0.0.1:9052 $1 $2

Make the file executable using chmod +x ~/bin/nu-vpn-proxy

Now you should be able to login to kibo. ssh kibo .