Difference between revisions of "Vpn"

From Cncz
Jump to: navigation, search
m ([Nieuwe VPN: vpnsec][New VPN: vpnsec])
Line 1: Line 1:
== VPN (Virtual Private Network) connection ==
+
== VPN (Virtual Private Network) [verbinding][connection] ==
  
 
[nl]
 
[nl]
 +
* C&CZ beschikt over een VPN server, waarmee alle gebruikers met hun [[studenten_login_|Science-login]]/wachtwoord een beveiligde/versleutelde toegang tot het netwerk kunnen krijgen. De werkplek thuis (of ergens anders op het Internet) wordt daarmee ook gezien als onderdeel van het campusnetwerk. Op deze manier kan men toegang krijgen tot faciliteiten die alleen vanaf het campusnetwerk toegankelijk zijn.
 +
Men kan hierbij denken aan [http://wiki.science.ru.nl/cncz/Diskruimte het aankoppelen van netwerkschijven] of toegang tot speciale servers. Voor het gebruik van de [http://www.ru.nl/ub UB bibliotheek] is de VPN niet nodig, want de UB gebruikt een proxy website, die na inloggen met [http://www.ru.nl/wachtwoord RU-wachtwoord] toegang vanuit het hele Internet mogelijk maakt.
  
* C&CZ beschikt over een VPN server, waarmee alle gebruikers met hun loginnaam/wachtwoord een beveiligde/versleutelde toegang tot het netwerk kunnen krijgen. De werkplek thuis (of ergens anders op het Internet) wordt daarmee ook gezien als onderdeel van het campusnetwerk. Op deze manier kan men toegang krijgen tot faciliteiten die normaal alleen vanaf de campus toegankelijk zijn.
+
Sinds november 2015 is er een nieuwe VPN op basis van IPsec. De bedoeling is dat alle gebruikers voor 1 maart 2016 overgestapt zijn naar de nieuwe VPN en de oude VPN, op basis van PPTP, uitgezet kan worden.
Men kan hierbij denken aan het aankoppelen van netwerk-schijven of toegang tot speciale servers. Om bijvoorbeeld de eigen bestanden op je home directory (U: schijf) te benaderen kan men nu [http://wiki.science.ru.nl/cncz/Diskruimte deze procedure ]volgen.
 
  
Voor het gebruik van de [http://www.ru.nl/ub UB bibliotheek] is de VPN niet nodig, want de UB heeft een proxy website, die na inloggen met [http://www.ru.nl/wachtwoord RU-wachtwoord] toegang vanuit het hele Internet mogelijk maakt.
+
De aanwijzingen hieronder, per type apparaat, om de nieuwe VPN te installeren, zullen nog aangevuld worden, door C&CZ en door medewerkers/studenten.
 +
[/nl]
 +
[en]
 +
* C&CZ manages a VPN server, which makes it possible for all users to gain secure/encrypted access to the network with their [[studenten_login_|Science username]]/password. The computer at home (or anywhere on the Internet) becomes part of the campus network. In this way users can get access to services that are normally only accessible from computers on campus. The most common of such services are [http://wiki.science.ru.nl/cncz/Diskruimte connecting to disk shares] or to special servers. For the use of the [http://www.ru.nl/ub University library] one does not need VPN, because the library has a proxy website, that can be used from anywhere on the Internet after logging in with your [http://www.ru.nl/wachtwoord RU password].
  
Voorbeelden van installatie en configuratie van de VPN voor:
+
As of November 2015, there is a new VPN, based on IPsec. We intend to have all users moved over to the new VPN before March 1, 2016.
  
* [[vpn_w10|Windows 10]]
+
The instructions below to install the VPN will be expanded by C&CZ and by employees/students.
* [[vpn_w7|Windows 7]]
+
[/en]
* [[vpn_mac|MacOS X]]
+
 
* [http://wiki.science.ru.nl/cncz/IPad#Science_VPN iPad]
+
* [Algemeen][General]: VPN-server/gateway: vpnsec.science.ru.nl
* [https://wiki.science.ru.nl/cncz/Android#VPN Android]
+
 
* [[vpn_linux_|Linux]]
+
* Windows7/8/10: [Geen speciale configuratie nodig.][No special configuration needed.]
* Oud: [[vpn_windows98_|Windows 98]], [[vpn_windows2k_|Windows 2000]], [[vpn_windowsxp_|Windows XP]]
+
* Iphone/iPad: Download [[Media:vpnsec.mobileconfig|vpnsec.mobileconfig]] [op je][to your] iPhone/iPad.
 +
* Android: [installeer de][install the] app strongSwan [met][with] "IKEv2 EAP (Username/Password)"
 +
* MacOS X:
 +
* Linux:
  
 +
[nl]
 
''<b>Let op</b>: gebruikers van F-Secure moeten de [[vpn_F-Secure|Firewall configuratie aanpassen]] om blokkeren van GRE op te heffen.''
 
''<b>Let op</b>: gebruikers van F-Secure moeten de [[vpn_F-Secure|Firewall configuratie aanpassen]] om blokkeren van GRE op te heffen.''
  
 
''<b>Let op</b>: ALs de VPN-verbinding direct weer wegvalt, dan kan het zijn dat je de MTU-waarde van de ethernetkaart lager moet zetten. Zie bijvoorbeeld [http://portal.cyberpro.com.au/tips/Optimising_MTU.html optimizing MTU]''.
 
''<b>Let op</b>: ALs de VPN-verbinding direct weer wegvalt, dan kan het zijn dat je de MTU-waarde van de ethernetkaart lager moet zetten. Zie bijvoorbeeld [http://portal.cyberpro.com.au/tips/Optimising_MTU.html optimizing MTU]''.
 
Om gebruik te kunnen maken van de VPN-server heeft men een Science-[[studenten_login_|login]] met bijbehorend wachtwoord nodig. Bezoek eventueel [http://dhz.science.ru.nl/ DHZ] (Doe Het Zelf).
 
 
 
[/nl]  
 
[/nl]  
 
 
[en]
 
[en]
 
* C&amp;CZ manages a VPN server, which makes it possible for all users to gain secure/encrypted access to the network with their username/password. The computer at home (or anywhere on the Internet) becomes a part of the campus network. In this way users can get access to services that are normally only accessible from computers on campus.
 
 
The most common of such services are connecting to disk shares or special servers. To access your files on your home directory (U: Drive) you can follow [http://wiki.science.ru.nl/cncz/Diskruimte this procedure].
 
 
For the use of the [http://www.ru.nl/ub University library] one does not need VPN, because the library has a proxy website, which can be used from anywhere on the Internet after logging in with your [http://www.ru.nl/wachtwoord RU-password].
 
 
Examples of installation and configuration of the VPN:
 
 
* [[vpn_w10|Windows 10]]
 
* [[vpn_w7|Windows 7]]
 
* [[vpn_mac|MacOS X]]
 
* [http://wiki.science.ru.nl/cncz/IPad#Science_VPN iPad]
 
* [https://wiki.science.ru.nl/cncz/Android#VPN Android]
 
* [[vpn_linux_|Linux]]
 
* Old: [[vpn_windows98_|Windows 98]], [[vpn_windows2k_|Windows 2000]], [[vpn_windowsxp_|Windows XP]]
 
 
 
''<b>Note</b>: users of F-secure need to [[vpn_F-Secure|change the Firewall configuration]] to lift blocking of GRE.''
 
''<b>Note</b>: users of F-secure need to [[vpn_F-Secure|change the Firewall configuration]] to lift blocking of GRE.''
  
 
''<b>Note</b>: If the VPN connection drops immediately when you start to use it , it may be that the MTU value for the ethernet card is set too high, see for example [http://portal.cyberpro.com.au/tips/Optimising_MTU.html optimizing MTU]''.
 
''<b>Note</b>: If the VPN connection drops immediately when you start to use it , it may be that the MTU value for the ethernet card is set too high, see for example [http://portal.cyberpro.com.au/tips/Optimising_MTU.html optimizing MTU]''.
 
To use this VPN server you will need a Science-[[studenten_login_|account]] with corresponding password. Visit the [http://diy.science.ru.nl/ DIY] (Do It Yourself) website.
 
 
[/en]
 
[/en]
  
Line 109: Line 94:
 
   tcp        0      0 localhost:8942          *:*                    LISTEN       
 
   tcp        0      0 localhost:8942          *:*                    LISTEN       
  
=== [Nieuwe VPN: vpnsec][New VPN: vpnsec] ===
+
== [Oude VPN op basis van PPTP][Old VPN based on PPTP] ==
  
 
[nl]
 
[nl]
Er is een nieuwe VPN op basis van IPsec. De bedoeling is dat alle gebruikers voor 1 maart 2016 overgestapt zijn naar de nieuwe VPN.
+
Voorbeelden van installatie en configuratie van de oude VPN voor:
 
 
De aanwijzingen hieronder, per type apparaat, om de VPN te installeren, zullen nog aangevuld worden, door C&CZ en door medewerkers/studenten.
 
 
[/nl]
 
[/nl]
 
[en]
 
[en]
There is a new VPN, based on IPsec. We intend to have all users switched to the new VPN before March 1, 2016.
+
Examples of installation and configuration of the old VPN:
 
 
The instructions below to install the VPN will be expanded by C&CZ and by employees/students.
 
 
[/en]
 
[/en]
  
* [Algemeen][General]: VPN-server/gateway: vpnsec.science.ru.nl
+
* [[vpn_w10|Windows 10]]
 
+
* [[vpn_w7|Windows 7]]
* Windows7/8/10: [Geen speciale configuratie nodig.][No special configuration needed.]
+
* [[vpn_mac|MacOS X]]
* Iphone/iPad: Download [[Media:vpnsec.mobileconfig|vpnsec.mobileconfig]] [op je][to your] iPhone/iPad.
+
* [http://wiki.science.ru.nl/cncz/IPad#Science_VPN iPad]
* Android: [installeer de][install the] app strongSwan [met][with] "IKEv2 EAP (Username/Password)"
+
* [https://wiki.science.ru.nl/cncz/Android#VPN Android]
* MacOS X:
+
* [[vpn_linux_|Linux]]
* Linux:
+
* [[vpn_windows98_|Windows 98]], [[vpn_windows2k_|Windows 2000]], [[vpn_windowsxp_|Windows XP]]
  
 
[[Category:Internet]]
 
[[Category:Internet]]

Revision as of 18:11, 23 November 2015

VPN (Virtual Private Network) connection

  • C&CZ manages a VPN server, which makes it possible for all users to gain secure/encrypted access to the network with their Science username/password. The computer at home (or anywhere on the Internet) becomes part of the campus network. In this way users can get access to services that are normally only accessible from computers on campus. The most common of such services are connecting to disk shares or to special servers. For the use of the University library one does not need VPN, because the library has a proxy website, that can be used from anywhere on the Internet after logging in with your RU password.

As of November 2015, there is a new VPN, based on IPsec. We intend to have all users moved over to the new VPN before March 1, 2016.

The instructions below to install the VPN will be expanded by C&CZ and by employees/students.

  • General: VPN-server/gateway: vpnsec.science.ru.nl
  • Windows7/8/10: No special configuration needed.
  • Iphone/iPad: Download vpnsec.mobileconfig to your iPhone/iPad.
  • Android: install the app strongSwan with "IKEv2 EAP (Username/Password)"
  • MacOS X:
  • Linux:

Note: users of F-secure need to change the Firewall configuration to lift blocking of GRE.

Note: If the VPN connection drops immediately when you start to use it , it may be that the MTU value for the ethernet card is set too high, see for example optimizing MTU.

SSH SOCKS-Proxy to access journals (linux)

There is a convenient alternative to VPN or the UB proxy website described above to access online journals from anywhere. With SSH one can start a so called SOCKS Proxy-server, which can be used by web-browsers.

  • Login to your Science account with ssh:
 ssh -D 8942 lilo.science.ru.nl       # (or any other login-server)
 (Enter password if required)

If your Science username (e.g. "peter") is different on your local username use:

 ssh -D 8942 -l peter lilo.science.ru.nl

The -D flag starts "dynamic" application-level portforwarding. The port number (here 8942) can be any number above 1024 and below 65536. If a port is already in use by another process try a different number.

  • Tell the web browser to use the server. In Firefox:
 * Edit - Preferences - Advanced - Settings
 * Select "Manual proxy configuration"
 * SOCKS Host: localhost      Port: 8942
 * Select SOCKS v5
 * OK

If you now go to a journal website i.e., J. Chem. Phys., you should see "Your access is provided by: Universiteitsbibliotheek" and you should have the same access as from within the Radboud University domain.

Run ssh in the background

With these flags:

 ssh -f -N -D port 

ssh will run in the background (-f) and only setup the proxy server but not actually logon (-N).

Troubleshooting

The "netstat" command may be used to troubleshoot problems:

 netstat -at

will show all active and non-active tcp sockets. In the above example you should see something like:

 MYPC:/home/peter $ netstat -at
 Active Internet connections (servers and established)
 Proto Recv-Q Send-Q Local Address           Foreign Address         State      
 tcp        0      0 localhost:smtp          *:*                     LISTEN      
 tcp        0      0 localhost:8942          *:*                     LISTEN      
 tcp        0      0 *:ssh                   *:*                     LISTEN      
 tcp        0      0 localhost:ipp           *:*                     LISTEN      
 tcp        0      0 peter.home:36953        postvak.science.r:imaps ESTABLISHED
 tcp        0      0 peter.home:36808        lilo3.science.ru.nl:ssh ESTABLISHED
 tcp        0      0 localhost:smtp          *:*                     LISTEN      
 tcp        0      0 localhost:8942          *:*                     LISTEN      

Old VPN based on PPTP

Examples of installation and configuration of the old VPN: