CommunityData:Northwestern VPN: Difference between revisions

From CommunityData
No edit summary
Line 3: Line 3:
Northwestern IT has instructions for how to set up VPN on multiple operating systems using the GlobalConnect client. For most people, [https://kb.northwestern.edu/94726 their instructions] should work fine.
Northwestern IT has instructions for how to set up VPN on multiple operating systems using the GlobalConnect client. For most people, [https://kb.northwestern.edu/94726 their instructions] should work fine.


== Alternative Linux configuration options (may be deprecated after April 1, 2020) ==
== Alternative Linux options ==


'''The following used to work before NU migrated all VPN connections to GlobalConnect. It may or may not work anymore with GlobalConnect and should be tested/revised accordingly.'''  
[[User:Mako]] has built an alternative configuration (suitable for anybody running Debian or Ubuntu is) that doesn't require the GlobalConnect client. This has two main benefits: (1) it doesn't require installing the normal client which includes a proprietary sort of spyware tool that sends details on what packages are installed to NU every time you use it, and (2) it allows you to proxy only a single ssh connection and ''not'' your entire Internet connection. Folks who are not at NU may want to use this.


Depending on your setup, the Linux instructions may be a bit lacking. Here are step-by-step instructions for Ubuntu 18.04. It should be similar for other Debian-based systems and very similar if you are using Gnome 3.  Alternatively, you can connect to Kibo using the [[ CommunityData:Northwestern VPN#SSH Config | configuration]] that mako developed.
To install it you can download the software from the [[CommunityData:Git|CDSC Git repository]] like:


<code>
git clone git@code.communitydata.science:nu-vpn-proxy
sudo apt install network-manager-openconnect-gnome
</code>


Open Settings > Networks > Add VPN
Details on how to set use that code are up are in the <code>README-CDSC</code> file in that repostiroy.


[[File:Add-vpn.png|500px]]
There are two modes supported by the scripts:


Choose the openconnect option
# A mode that proxies '''only''' for SSH connections to kibo.
 
# A mode that proxies your entire connection.
[[File:Anyconnect-vpn.png|500px]]
 
Edit the settings:
 
Gateway: `vpn-nu.vpn.northwestern.edu`
Token mode: `TOTP -- manually entered`
 
[[File:Vpn-settings.png|500px]]
 
Click connect and log in using your NU netid and password
 
[[File:Vpn-connect.png|500px]]
 
=== SSH Config ===
 
To connect to kibo using ssh.
 
1. Install prerequisites. This will include:
 
  sudo apt install python3-gi gir1.2-gtk-3.0 gir1.2-webkit2-4.0 openconnect ocproxy
 
2. Install this directory into: <code> ~/bin/nu-vpn-proxy </code>
 
3. Change your System UUID in the script. You can get this with the command:
  sudo dmidecode|grep UUID
You should see a line like:
 
  UUID: deadbeef-dead-beef-dead-beefdeadbeef
 
Edit the file hipreport-modified.sh to change the variable HOSTID so that it is
equal to this number. Change the line that says
"deadbeef-dead-beef-dead-beefdeadbeaf" so that it lists your UUID.
 
4. [optional]
 
Change bmh1867 to your username and add the following stanza text to your
~/.ssh/config:
 
 
    Host kibo kibo.soc.northwestern.edu
        Hostname kibo.soc.northwestern.edu
        User bmh1867
        ProxyCommand ~/bin/nu-vpn-proxy/ssh-vpn-proxy %h %p
        ForwardAgent yes
        ServerAliveInterval 120
 
 
=== Usage ===
 
 
There are two ways to use this.
 
1. *Only* for SSH connections to kibo.
 
This should be just as simple as running:
 
  ssh kibo
 
You can run the command mulptiple time and it should work. When you close the
first connection though, it will disconnect all of your connections.
 
2. Your entire connection.
 
Run the following command:
 
  ~/bin/nu-vpn-proxy/openconnect_command-general.sh
 
While this command is running, you should be connected through the VPN. Run
Ctrl-C to disconnect.

Revision as of 15:49, 8 October 2020

NUIT instructions (works for most)

Northwestern IT has instructions for how to set up VPN on multiple operating systems using the GlobalConnect client. For most people, their instructions should work fine.

Alternative Linux options

User:Mako has built an alternative configuration (suitable for anybody running Debian or Ubuntu is) that doesn't require the GlobalConnect client. This has two main benefits: (1) it doesn't require installing the normal client which includes a proprietary sort of spyware tool that sends details on what packages are installed to NU every time you use it, and (2) it allows you to proxy only a single ssh connection and not your entire Internet connection. Folks who are not at NU may want to use this.

To install it you can download the software from the CDSC Git repository like:

git clone git@code.communitydata.science:nu-vpn-proxy

Details on how to set use that code are up are in the README-CDSC file in that repostiroy.

There are two modes supported by the scripts:

  1. A mode that proxies only for SSH connections to kibo.
  2. A mode that proxies your entire connection.