Difference between revisions of "VPN"

Using the VPN

If you need access to your computer at the university: in the past, it was possible to get a public VLAN address for university computers, but now that no longer seems to be an option.

The recommended way to do so is to use VPN access. There are two clients for the VPN hardware in use at the university: a client from Cisco, and a native client called 'vpnc'. The native vpnc client is standard available in Debian Sid (apt-get install vpnc), I cannot say for other distributions. The cisco client can be downloaded from the university

Mac Mavericks manual here

the Cisco vpnclient

Note: this currently does not work with kernel 2.6!

• download the Linux client and the Profile from http://www.wur.nl/wurnet/deelprojecten/coax_vervanging_netwerkactualisering/index_vpn.html
• unpack the zip
• unpack the tgz
• run ./vpn_install
• run /etc/init.d/vpnclient_init start
• copy WUR.pcf from Profile zip file to /etc/CiscoSystemsVPNClient/Profiles/
• start with 'vpnclient connect WUR user blabl001' (blabl001 is your wur account)

the native vpnc

Note: recently vpnc stopped working

• unpack the tarball
• run 'make && make install'
• make a config file /etc/vpnc.conf containing:

Please note that these details have been removed at the request of FB-IT as they are part of the security policy of the WUR. Please do not reinstate these secrets without prior permission of the chief security officer.

IPSec gateway <removed at the request of FB-IT>
IPSec ID <removed at the request of FB-IT>
IPSec secret <removed at the request of FB-IT>
Xauth username <removed at the request of FB-IT>
Xauth password <removed at the request of FB-IT>

• beware, vpnc is very picky, you cannot have two spaces, or a tab, or any appending spaces or something like that in the file
• create the tun device ('mknod c 10 200 /dev/tun')
• modprobe tun
• start vpnc
• route add -net 10.0.0.0/8 dev tun

Using Citrix (Windows on Linux or OSX)

See Citrix

Changing Your Password

You can change your WURNET password with samba's client:

 smbpasswd -r scomp0001.wurnet.nl -U annie0001

Passwords expire in 90 days - so make sure you reset it within that period. (Note: it is possible to keep your old password by running this command twice - setting it back the second run).

Example code:

echo -e "$preferred_password\n$temporary_password\n$temporary_password" | smbpasswd -s -r $server -U $user

echo -e "$temporary_password\n$preferred_password\n$preferred_password" | smbpasswd -s -r $server -U $user

If you have been locked out of the network, you can still change the password online

How to use VPN on OSX

Be aware that you need a VPN approval from IT first!

(for more information on WUR VPN, go here : [1] )

In your systems preferences panel go to network

Click on the + sign to add a new network type

Select VPN and Cisco IPSec

After that you fill in the server address and your account name:

In authentication settings:

Not everything is filled in due to security reasons, you have to go to the WUR intranet website and download the VPN information files ( VPN Profie WUR PCF )

When the file / folder is downloaded, open the WUR.pcf file and the host (url) can be found in here, the group name and the group password.

The shared secret ( enc_GroupPwd in the WUR.pcf file) needs to be decrypted via this website:

http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode

and then filled in.

Now if all settings are correct and you have permission from ICT you can now connect to the WUR network.

If you have any questions feel free to use the mailing list.