answered
2015-04-11 13:16:32 +0200
This post is a wiki.
Anyone with karma >75 is welcome to improve it.
Building up a tunnel depends on the tunnel technology the server offers. You want to connect to your university via Annyconnect? This answer will explain how. You want to connect to other systems? Try to find out which system this is: IPSec, OpenVPN, l2tp... Then ask again (hopefully this will work with a jolla too).
Now for Anyconnect: Do you have certificates or did the admins of your university give you a password (so called pre-shared key - and yes: I read your question lousily: you have a username/password). Certificates are more complicated so there is no description for this here - but ask again for another answer.
You need the developer mode - this is standard linux stuff and there is no UI for this by now (OpenVPN is better here - sort of...)
For more information you may find the man page helpful (Jolla itself does not have manpages - but you can duckduckgo/searx/startpage for "openconnect man page"):
http://linux.die.net/man/8/openconnect
So then: from your university you should have:
- an IP or host name of the tunnel endpoint
- your username
- the password or preshared key
- (optional) a group name
sometimes hostname or group are offered via an URL https://tunnel.gw/group. This will do too.
For the installation open a terminal:
devel-su # you need to be root
pkcon install openconnect # install openconnect
Then you can try it out
openconnect https://tunnelserver.or.ip/group # simple start the openconnect(ion)
this needs root too. If this works you can
devel-su openconnect https://tunnelserver.or.ip/group # get root and openconnect in one line
on future connects out of a fresh terminal.
Openconnect will ask for your credentials (user/password) and tries to connect. After this you should reach all secured stuff. The program will not close (no prompt!). Maybe you want to try with another terminal to ping a server or reach any university's web page.
You can stop the tunnel by Ctrl-C on your openconnect terminal.
Problems:
- no connection at all: Are you able to connect to the tunnel server anyways? Try to enter the https-URL into the browser. The ASA should show you a web page. If this does not work, you may be offline or - browser error page - you have a certificate problem (
--no-cert-check...) - why should I let the terminal open after I openned the tunnel? Start openconnect with -b and close the terminal. You then can terminate the tunnel via
devel-su killall openconnect. But be warned: Some ASA-Images (the other side of the tunnel) may react with still opened tunnels and it takes some time for reconnecting (300s is default). Crazy bug with openconnect 6.x and asa 9.1x or 9.2x. Then: take a cup of coffee and try again - Some server connection configuration may have problems with the simple call I showed. Then you see some "XML blah blah). Then try out
--no-http-keepalive or play with the man page's parameters. - the tunnel uses a self signed ssl certificate and you do not have it offered by the university: Try
--no-cert-check - of course --verbose will be helpful too.
Because this is standard linux you may try it on a standard linux machine before (or maybe some knoppix system: apt-get install openconnect installs the openconnect client there)
good luck
