CommunityData:Northwestern VPN: Difference between revisions
(→Alternative Linux option: adding instructions for downgrading openconnect) |
|||
| Line 19: | Line 19: | ||
Please commit any changes to the code and/or or the documentation in the git repository. | Please commit any changes to the code and/or or the documentation in the git repository. | ||
=== Troubleshooting === | |||
New versions of openconnect and openssl can cause a few issues. | |||
==== OpenSSL error ==== | |||
If you get an error saying "UNSAFE_RENEGOTIATION DISABLED", this is because Kibo is using an unsafe protocol. Until we get it fixed on the server, you need to disable checking on your local machine. | |||
Comment 7 on this bug report worked for me - https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1963834 | |||
==== Openconnect error ==== | |||
The other error that you may get is: <code>Failed to parse server response</code> | |||
If you get this error, it's likely because there's something that breaks when upgrading to openconnect version 8.20+. For now, downgrading to version 8.1x works. | |||
Instructions for Ubuntu: | |||
1. Uninstall <code>openconnect</code> and <code>libopenconnect5</code> | |||
sudo apt remove openconnect libopenconnect5 | |||
2. Download version 8.10 | |||
cd ~/Some/dir | |||
wget https://www.infradead.org/openconnect/download/openconnect-8.10.tar.gz | |||
tar -xvf ./openconnect-8.10.tar.gz | |||
cd ./openconnect-8.10 | |||
3. Install openconnect following [https://www.infradead.org/openconnect/building.html these instructions] | |||
./configure | |||
make | |||
make install | |||
4. Cross your fingers and try to connect to the VPN again (e.g., with <code>ssh kibo</code>). | |||
Revision as of 22:19, 9 May 2022
NUIT instructions (works for most)
Northwestern IT has instructions for how to set up VPN on multiple operating systems using the GlobalConnect client. For most people, their instructions should work fine.
Alternative Linux option
Mako has built an alternative configuration (suitable for anybody running Debian or Ubuntu is) that doesn't require the GlobalConnect client. This has two main benefits: (1) it doesn't require installing the normal client which includes a proprietary sort of spyware tool that sends details on what packages are installed to NU every time you use it, and (2) it allows you to proxy only a single ssh connection and not your entire Internet connection. Folks who are not at NU may want to use this.
To install it you can download the software from the CDSC Git repository like:
git clone git@code.communitydata.science:nu-vpn-proxy
Details on how to set use that code are up are in the README-CDSC file in that repostiroy.
There are two modes supported by the scripts:
- A mode that proxies only for SSH connections to kibo.
- A mode that proxies your entire connection.
Please commit any changes to the code and/or or the documentation in the git repository.
Troubleshooting
New versions of openconnect and openssl can cause a few issues.
OpenSSL error
If you get an error saying "UNSAFE_RENEGOTIATION DISABLED", this is because Kibo is using an unsafe protocol. Until we get it fixed on the server, you need to disable checking on your local machine.
Comment 7 on this bug report worked for me - https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1963834
Openconnect error
The other error that you may get is: Failed to parse server response
If you get this error, it's likely because there's something that breaks when upgrading to openconnect version 8.20+. For now, downgrading to version 8.1x works.
Instructions for Ubuntu:
1. Uninstall openconnect and libopenconnect5
sudo apt remove openconnect libopenconnect5
2. Download version 8.10
cd ~/Some/dir wget https://www.infradead.org/openconnect/download/openconnect-8.10.tar.gz tar -xvf ./openconnect-8.10.tar.gz cd ./openconnect-8.10
3. Install openconnect following these instructions
./configure make make install
4. Cross your fingers and try to connect to the VPN again (e.g., with ssh kibo).
