VPN

From Linux User Group at WUR
Jump to: navigation, search

public VLAN

If you need access to your computer at the university. The simple way: get your computer into the public VLAN, you will get a fixed 137.224 IP address and you can connect to your computer from home using ssh. The system administrators from the departments can do this for you.

Once you are on the VLAN you can even use IMAP mail from home through ssh tunneling, using for example:

 ssh -L 1993:imap.wur.nl:993 -f -N 137.224.xx.xx
 mutt -f imaps://yourlogin@localhost:1993/INBOX

using the VPN

Another, more complicated way, is to use VPN access. There are two clients for the VPN hardware in use at the university: a client from Cisco, and a native client called 'vpnc'. The native vpnc client is standard available in Debian Sid (apt-get install vpnc), I cannot say for other distributions. The cisco client can be downloaded from the university

Mac Mavericks manual here

the Cisco vpnclient

Note: this currently does not work with kernel 2.6!

the native vpnc

Note: recently vpnc stopped working

  • unpack the tarball
  • run 'make && make install'
  • make a config file /etc/vpnc.conf containing:

Please note that these details have been removed at the request of FB-IT as they are part of the security policy of the WUR. Please do not reinstate these secrets without prior permission of the chief security officer.

IPSec gateway <removed at the request of FB-IT>
IPSec ID <removed at the request of FB-IT>
IPSec secret <removed at the request of FB-IT>
Xauth username <removed at the request of FB-IT>
Xauth password <removed at the request of FB-IT>

  • beware, vpnc is very picky, you cannot have two spaces, or a tab, or any appending spaces or something like that in the file
  • create the tun device ('mknod c 10 200 /dev/tun')
  • modprobe tun
  • start vpnc
  • route add -net 10.0.0.0/8 dev tun

Using Citrix (Windows on Linux or OSX)

See Citrix

Changing Your Password

You can change your WURNET password with samba's client:

 smbpasswd -r scomp0001.wurnet.nl -U annie0001

Passwords expire in 90 days - so make sure you reset it within that period. (Note: it is possible to keep your old password by running this command twice - setting it back the second run).

Example code:

echo -e "$preferred_password\n$temporary_password\n$temporary_password" | smbpasswd -s -r $server -U $user

echo -e "$temporary_password\n$preferred_password\n$preferred_password" | smbpasswd -s -r $server -U $user

If you have been locked out of the network, you can still change the password online

How to use VPN on OSX

Be aware that you need a VPN approval from IT first!

(for more information on WUR VPN, go here : [1] )

In your systems preferences panel go to network

Click on the + sign to add a new network type

Select VPN and Cisco IPSec

After that you fill in the server address and your account name:

VPN WUR STEP 1.png

In authentication settings:

VPN WUR STEP 2.png

Not everything is filled in due to security reasons, you have to go to the WUR intranet website and download the VPN information files ( VPN Profie WUR PCF )

When the file / folder is downloaded, open the WUR.pcf file and the host (url) can be found in here, the group name and the group password.

The shared secret ( enc_GroupPwd in the WUR.pcf file) needs to be decrypted via this website:

http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode

and then filled in.

Now if all settings are correct and you have permission from ICT you can now connect to the WUR network.

If you have any questions feel free to use the mailing list.