Ask / Submit
7

Instructions for Setting up VPN?

asked 2015-04-11 08:13:22 +0200

Edgetastic gravatar image

Hello all,

I recently got (won) a Jolla phone and am using it abroad. However, I am having trouble figuring out how to set up a VPN network. I already have both a Cisco Anyconnect username through my university, as well as a separate VPN that goes through an IP address I select. I am not well versed in programming, so I had a bit of trouble following other guides (though I noticed that there really isn't any userface for users such as myself).

Any assistance would be greatly appreciated!

edit retag flag offensive close delete

1 Answer

Sort by » oldest newest most voted
9

answered 2015-04-11 13:16:32 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2015-04-11 13:39:00 +0200

cy8aer gravatar image

Building up a tunnel depends on the tunnel technology the server offers. You want to connect to your university via Annyconnect? This answer will explain how. You want to connect to other systems? Try to find out which system this is: IPSec, OpenVPN, l2tp... Then ask again (hopefully this will work with a jolla too).

Now for Anyconnect: Do you have certificates or did the admins of your university give you a password (so called pre-shared key - and yes: I read your question lousily: you have a username/password). Certificates are more complicated so there is no description for this here - but ask again for another answer.

You need the developer mode - this is standard linux stuff and there is no UI for this by now (OpenVPN is better here - sort of...)

For more information you may find the man page helpful (Jolla itself does not have manpages - but you can duckduckgo/searx/startpage for "openconnect man page"):

http://linux.die.net/man/8/openconnect

So then: from your university you should have:

  • an IP or host name of the tunnel endpoint
  • your username
  • the password or preshared key
  • (optional) a group name

sometimes hostname or group are offered via an URL https://tunnel.gw/group. This will do too.

For the installation open a terminal:

devel-su # you need to be root
pkcon install openconnect # install openconnect

Then you can try it out

openconnect https://tunnelserver.or.ip/group # simple start the openconnect(ion)

this needs root too. If this works you can

devel-su openconnect https://tunnelserver.or.ip/group # get root and openconnect in one line

on future connects out of a fresh terminal.

Openconnect will ask for your credentials (user/password) and tries to connect. After this you should reach all secured stuff. The program will not close (no prompt!). Maybe you want to try with another terminal to ping a server or reach any university's web page.

You can stop the tunnel by Ctrl-C on your openconnect terminal.

Problems:

  • no connection at all: Are you able to connect to the tunnel server anyways? Try to enter the https-URL into the browser. The ASA should show you a web page. If this does not work, you may be offline or - browser error page - you have a certificate problem (--no-cert-check...)
  • why should I let the terminal open after I openned the tunnel? Start openconnect with -b and close the terminal. You then can terminate the tunnel via devel-su killall openconnect. But be warned: Some ASA-Images (the other side of the tunnel) may react with still opened tunnels and it takes some time for reconnecting (300s is default). Crazy bug with openconnect 6.x and asa 9.1x or 9.2x. Then: take a cup of coffee and try again
  • Some server connection configuration may have problems with the simple call I showed. Then you see some "XML blah blah). Then try out --no-http-keepalive or play with the man page's parameters.
  • the tunnel uses a self signed ssl certificate and you do not have it offered by the university: Try --no-cert-check
  • of course --verbose will be helpful too.

Because this is standard linux you may try it on a standard linux machine before (or maybe some knoppix system: apt-get install openconnect installs the openconnect client there)

good luck

edit flag offensive delete publish link more

Comments

Thank you so much! I'm getting up until openconnect https://tunnelserver.or.ip/group # simple start the openconnect(ion) and then it fails to connect. This might be a matter of being in China (where many parts of the internet are blocked), but what else might I do to rectify the issue? I also can't connect to it on my computer (which has a working VPN)

Edgetastic ( 2015-04-11 14:00:19 +0200 )edit

Did you exchange tunnelserver.or.ip by the DNS name of the VPN gateway or its IP address? Perhaps it's because of the so-called "Great Firewall", but maybe it's just this small oversight.

Maus ( 2015-04-11 21:14:34 +0200 )edit

How do I do this? (Keep in mind, I'm pretty new to this)

Edgetastic ( 2015-04-12 05:54:33 +0200 )edit

tunnelserver.or.ip was an example. You have to use the (IP) address of your university's VPN gateway instead. It's unlikely that you find this information in TJC, it should be part of the things you got from your university (probably within a configuration file).

Maus ( 2015-04-12 16:38:42 +0200 )edit

Ah, apologies. I was able to connect, but whenever I try to navigate to an otherwise blocked site on my browser (even a site as simple as google), it doesn't load; back on the terminal, i get several new strings saying "DTLS Dead Peer Detection detected dead peer!" followed by a re-established DTLS connection. Thoughts?

Edgetastic ( 2015-04-12 19:52:26 +0200 )edit
Login/Signup to Answer

Question tools

Follow
1 follower

Stats

Asked: 2015-04-11 08:13:22 +0200

Seen: 2,384 times

Last updated: Apr 11 '15