Difference between revisions of "VPN client"

From IND Wiki
Jump to: navigation, search
m (1 revision)
 
Line 1: Line 1:
The FH JOANNEUM intranet is being managed and protected against abuse by  the [[Central IT services|central IT  services]]. Internet  access is being routed through a proxy as well. There are 3 options for  gaining access to the intra- and internet:
+
For connecting to the FH network from home, a VPN ("Virtual Private Network") connection is neccessary. A VPN creates an encrypted "tunnel" to the target network. As a result, your own computer thinks that it is part of the target network.
  
* with a [[Wikipedia:Virtual  Private Network|VPN tunnel]]  (discussed in this article),
+
Operating systems like Windows, OS X, Linux, Android and iOS support their own VPN protocols. However, these cannot be used to connect to the FH JOANNEUM network - you will need a VPN client that is compatible to the "Cisco IP-Sec" protocol. On Windows and OS X, you can use the '''Cisco AnyConnect Client'''. For Linux, there is a plugin for the Network Manager, see below.
* with a [[Dynamic  ethernet port|dynamic ethernet port]] or
 
* via [[WLAN access|wireless LAN]]  (WPA-TKIP  Enterprise).
 
  
== General information ==
+
== Cisco AnyConnect Client ==
 +
To install the Cisco AnyConnect Client, just visit this address in your web browser:
  
For  VPN hardware, the FH JOANNEUM uses [http://www.cisco.com/go/vpn3000/ VPN 3000 concentrators] by [http://www.cisco.com/  Cisco Systems, Inc.].
+
*[http://vpn.fh-joanneum.at vpn.fh-joanneum.at]
  
In order to establish a VPN tunnel connection, the client computer needs software that is compatible with the VPN concentrators. Cisco produces their own, proprietary software for connecting to VPN 3000 concentrators. At this  time, there are the '''Cisco  AnyConnect VPN Client''' and the (outdated) '''Cisco  VPN Client'''.
+
# This page offers the correct version of the Cisco AnyConnect VPN client for Windows and OS X. To continue, just download and install the client. For Android, the AnyConnect Client is available on the Play Store.
 +
# After installing the Client, launch it.
 +
# Connect to '''vpn.fh-joanneum.at''', enter your FH username and password, then wait until the connection was established. (The client might update itself when trying to connect. Just try to connect after it's done.)
  
Additionally, Mac OS X 10.6 ("Snow Leopard") can connect to the FH JOANNEUM VPN  without any third-party  software.
+
== Linux ==
 +
For a successful FH VPN connection, an additional plugin for the Network Manager (for Debian-based distros, e.g. Ubuntu or Mint) is needed. This is how you install it:
 +
# Open a terminal
 +
# '''sudo apt-get install network-manager-openconnect network-manager-openconnect-gnome'''
 +
# Click your network tray icon, VPN Connections -> Configure VPN...
 +
# Create a new "Cisco AnyConnect compatible (openconnect)" connection.
 +
# Gateway: '''vpn.fh-joanneum.at'''
  
==  Mac OS X 10.6 built-in VPN connection ==
+
Now you can establish the VPN connection via the network tray icon. FH username and password will be asked upon connecting. Access to servers like Mars now works like always via the SMB protocol.
 
 
Philipp  Rappold of IND09 wrote an instruction manual for creating a Cisco-compatible VPN  connection with OS X Snow Leopard. Thanks a lot!
 
 
 
'''Important notice:''' The VPN server address has changed - use '''vpn.fh-joanneum.at''' instead of the IP address shown in the PDF.
 
 
 
[http://almaty.fh-joanneum.at/indwiki/images/6/63/Cisco_VPN_Client_unter_Snow_Leopard.pdf  Cisco_VPN_Client_unter_Snow_Leopard.pdf  (German)]
 
 
 
== Cisco AnyConnect  VPN Client ==
 
 
 
The '''Cisco AnyConnect VPN  Client''' is a modern alternative  to the older '''Cisco  VPN Client''', which has been the  source of many past problems under both Windows and OS X. The new  client is smaller, faster, more stable and efficient, does not need  access profiles and, in fact, no other configuration whatsoever.  Download it here:
 
 
 
[http://fh-joanneum.at/aw/home/Die_FH/Zentrale_Services/ZIT/Downloads/~wps/vpn_client/?lan=en  Cisco AnyConnect VPN Client (English)]
 
 
 
'''Please note that the Cisco AnyConnect VPN  Client <u>cannot</u> be used when you are  already connected to the FH JOANNEUM intranet (via "wpa4fh",  "wireless4fh" or a dynamic ethernet port).'''
 
 
 
=== Setup ===
 
 
 
Just install the program.  After starting the application, use this server to connect:
 
*'''vpn.fh-joanneum.at'''
 
After the connection is  established, the client asks for your username and password:
 
*Username: ''(Your Windows  username)''
 
*Password: ''(Your Windows  password)''
 
 
 
When  done, you should be able to connect to the inter- and intranet as  usual.
 
 
 
==  Cisco VPN Client (outdated) ==
 
 
 
=== Setup ===
 
 
 
The following steps have to  be taken to establish a VPN connection with the FH JOANNEUM network:
 
 
 
* Install VPN  client software
 
* Download and install suitable VPN  profile(s)
 
** When at home: connect to the internt
 
** When on  location at the FH JOANNEUM: connect to the wireless LAN - see below!
 
*Start the VPN  client and connect with a suitable profile
 
 
 
If everything  went fine, you will be asked for a password:
 
 
 
* Username: '''technikum\'''''(your  username)''
 
* Password: ''(your Windows  password)''
 
 
 
Afterwards,  access to the intra- and internet should be possible. It is recommended to  manually disconnect the VPN connection before putting your computer into  standby, because connection difficulties might result after wakeup.
 
 
 
=== Alternative  WLAN access point for the old Cisco VPN Client ===
 
 
 
Besides  the known (and visible) access point "wpa4fh", there is another wifi  network with hidden SSID broadcast, that can be used with the old Cisco  VPN Client to connect to the intra- and internet. On older computers which  do not support WPA-Enterprise  or 802.1X authentification, this is the only way to get wireless  access.
 
 
 
The SSID of the wireless VPN access points is hidden - you have to add the network manually with the following data:
 
 
 
* SSID: '''wireless4fh'''
 
* Protection:  none
 
 
 
This wireless network is not directly connected to  the intra-  or internet -  it only serves as VPN access point. All other routing is disabled until  your VPN tunnel is established.
 
 
 
=== VPN client software ===
 
 
 
VPN client software is needed  to establish an encrypted VPN tunnel. This software also needs to be  compatible with VPN 3000 Concentrators - Cisco provides their own proprietary  client for this purpose.
 
 
 
==== Windows ====
 
This  is the original proprietary Cisco VPN Client software.
 
 
 
* [http://fh-joanneum.at/global/show_document.asp?id=aaaaaaaaaacbxas&download=1  vpnclient-win-msi-5.0.02.0090-k9]  ([http://fh-joanneum.at/global/show_document.asp?id=aaaaaaaaaacbxar&download=1  Readme])  - Windows  XP und Vista
 
 
 
==== Max OS X ====
 
The  original Cisco VPN Client is also available for multiple versions of  Mac OS X. The user interface is the same as on Windows and the profile  import also works identically.
 
 
 
* [http://fh-joanneum.at/global/show_document.asp?id=aaaaaaaaaacbwqg&download=1  vpnclient-darwin-4.9.01.0090-universal-k9-BETA]  ([http://fh-joanneum.at/global/show_document.asp?id=aaaaaaaaaacbwqf&download=1  Readme])  - From OS X  10.5
 
*  [http://fh-joanneum.at/global/show_document.asp?id=aaaaaaaaaabqpum&download=1  vpnclient-darwin-4.9.01.0030-universal-k9]  ([http://fh-joanneum.at/global/show_document.asp?id=aaaaaaaaaaarfix&download=1  Readme])  - OS X  10.4, Universal Binary
 
* [http://fh-joanneum.at/global/show_document.asp?id=aaaaaaaaaaarfhs&download=1  vpnclient-darwin-4.8.00.0490-GUI-k9]  ([http://fh-joanneum.at/global/show_document.asp?id=aaaaaaaaaaarfih&download=1  Readme])  - Old  version, until OS X 10.4, PPC
 
 
 
==== Linux ====
 
 
 
* [http://fh-joanneum.at/global/show_document.asp?id=aaaaaaaaaacbnkg&download=1  Cisco VPN-Client für Linux 32/64-bit] ([http://fh-joanneum.at/global/show_document.asp?id=aaaaaaaaaacbnkf&download=1  Readme])
 
 
 
[http://www.unix-ag.uni-kl.de/~massar/vpnc/  VPNC]  has been reported to work with Cisco VPN 3000 concentrators.  Instructions as well as needed tools can be found on their website.
 
 
 
=== Profiles ===
 
 
 
The VPN client needs  connection details, which are contained in profile files. Depending on  your location (at home or at one of the FH JOANNEUM locations), you need  different profiles:
 
 
 
* [http://fh-joanneum.at/go/id/berf/ Profiles for acces from a remote location]
 
* [http://fh-joanneum.at/go/id/berg/  Profiles for access via WLAN in Graz]
 
* [http://fh-joanneum.at/go/id/berh/  Profiles for access via WLAN in Kapfenberg]
 
* [http://fh-joanneum.at/go/id/blvt/  Profiles for access via WLAN in Bad  Gleichenberg]
 
 
 
=== Installation ===
 
 
 
* Unpack the profile(s)
 
* Start the VPN  client
 
*  Press the '''Import''' button and select one profile at a  time.
 
 
 
Right-clicking any profile entry after import gives you the  option to set this entry as default. Doubleclicking a profile tries to  connect.
 
  
 
[[de:VPN-Client]]
 
[[de:VPN-Client]]

Latest revision as of 20:05, 1 October 2016

For connecting to the FH network from home, a VPN ("Virtual Private Network") connection is neccessary. A VPN creates an encrypted "tunnel" to the target network. As a result, your own computer thinks that it is part of the target network.

Operating systems like Windows, OS X, Linux, Android and iOS support their own VPN protocols. However, these cannot be used to connect to the FH JOANNEUM network - you will need a VPN client that is compatible to the "Cisco IP-Sec" protocol. On Windows and OS X, you can use the Cisco AnyConnect Client. For Linux, there is a plugin for the Network Manager, see below.

Cisco AnyConnect Client

To install the Cisco AnyConnect Client, just visit this address in your web browser:

  1. This page offers the correct version of the Cisco AnyConnect VPN client for Windows and OS X. To continue, just download and install the client. For Android, the AnyConnect Client is available on the Play Store.
  2. After installing the Client, launch it.
  3. Connect to vpn.fh-joanneum.at, enter your FH username and password, then wait until the connection was established. (The client might update itself when trying to connect. Just try to connect after it's done.)

Linux

For a successful FH VPN connection, an additional plugin for the Network Manager (for Debian-based distros, e.g. Ubuntu or Mint) is needed. This is how you install it:

  1. Open a terminal
  2. sudo apt-get install network-manager-openconnect network-manager-openconnect-gnome
  3. Click your network tray icon, VPN Connections -> Configure VPN...
  4. Create a new "Cisco AnyConnect compatible (openconnect)" connection.
  5. Gateway: vpn.fh-joanneum.at

Now you can establish the VPN connection via the network tray icon. FH username and password will be asked upon connecting. Access to servers like Mars now works like always via the SMB protocol.