Difference between revisions of "Vpn"

From Cncz
Jump to: navigation, search
(openvpn for linux)
m (VPNSec)
 
(39 intermediate revisions by 5 users not shown)
Line 2: Line 2:
  
 
[nl]
 
[nl]
C&CZ beschikt over een VPN server, waarmee alle gebruikers met hun [[studenten_login_|Science-login en wachtwoord]] een beveiligde toegang tot het netwerk kunnen krijgen. De werkplek thuis (of ergens anders op het Internet) wordt daarmee ook gezien als onderdeel van het campusnetwerk. Op deze manier kan men toegang krijgen tot faciliteiten die alleen vanaf het campusnetwerk toegankelijk zijn. Men kan hierbij denken aan [http://wiki.science.ru.nl/cncz/Diskruimte het aankoppelen van netwerkschijven] of toegang tot speciale servers.
+
C&CZ beschikt over een VPN server, waarmee alle gebruikers met hun [[studenten_login_|Science-login en wachtwoord]] een beveiligde toegang tot het netwerk kunnen krijgen. Er is ook een [https://www.ru.nl/ict/medewerkers/off-campus-werken/vpn/ RU-centrale VPN-service], waar men met [http://www.ru.nl/wachtwoord RU-account en RU-wachtwoord] gebruik van kan maken.
  
 +
De werkplek thuis (of ergens anders op het Internet) wordt daarmee gezien als onderdeel van het campusnetwerk. Op deze manier kan men toegang krijgen tot faciliteiten die alleen vanaf het campusnetwerk toegankelijk zijn. Men kan hierbij denken aan [http://wiki.science.ru.nl/cncz/Diskruimte het aankoppelen van netwerkschijven] of toegang tot speciale servers.
 +
Sinds november 2015 is er de VPN op basis van [https://nl.wikipedia.org/wiki/IPsec IPsec].
 +
<br>
 
Voor het gebruik van de [http://www.ru.nl/ub UB (bibliotheek)] is de VPN niet nodig, want de UB gebruikt een proxy website, die na inloggen met [http://www.ru.nl/wachtwoord RU-account en RU-wachtwoord] toegang vanuit het hele Internet mogelijk maakt.
 
Voor het gebruik van de [http://www.ru.nl/ub UB (bibliotheek)] is de VPN niet nodig, want de UB gebruikt een proxy website, die na inloggen met [http://www.ru.nl/wachtwoord RU-account en RU-wachtwoord] toegang vanuit het hele Internet mogelijk maakt.
 
Sinds november 2015 is er een nieuwe VPN op basis van [https://nl.wikipedia.org/wiki/IPsec IPsec]. De bedoeling is dat alle gebruikers voor 1 mei 2016 overgestapt zijn naar de nieuwe VPN en de oude VPN, op basis van [https://nl.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol PPTP], uitgezet kan worden.
 
  
 
De aanwijzingen hieronder, per type apparaat, om de nieuwe VPN te installeren, zullen nog aangevuld worden, door C&CZ en door medewerkers/studenten.
 
De aanwijzingen hieronder, per type apparaat, om de nieuwe VPN te installeren, zullen nog aangevuld worden, door C&CZ en door medewerkers/studenten.
 
[/nl]
 
[/nl]
 
[en]
 
[en]
C&amp;CZ manages a VPN server, which makes it possible for all users to gain secure access to the network with their [[studenten_login_|Science username and password]]. The computer at home (or anywhere on the Internet) becomes part of the campus network. In this way users can get access to services that are normally only accessible from computers on campus. The most common of such services are [http://wiki.science.ru.nl/cncz/Diskruimte connecting to disk shares] or to special servers.
+
C&amp;CZ manages a VPN server, which makes it possible for all users to gain secure access to the network with their [[studenten_login_|Science username and password]]. A [https://www.ru.nl/ict-uk/staff/working-off-campus/vpn/ RU-central VPN service] can also be used with [http://www.ru.nl/idmuk/ RU-account and RU-password].
  
 +
The computer at home (or anywhere on the Internet) becomes part of the campus network. In this way users can get access to services that are normally only accessible from computers on campus. The most common of such services are [http://wiki.science.ru.nl/cncz/Diskruimte connecting to disk shares] or to special servers.
 +
As of November 2015, the VPN is based on [https://en.wikipedia.org/wiki/IPsec IPsec].
 +
<br>
 
For the use of the [http://www.ru.nl/ub University library] one does not need VPN, because the library has a proxy website, that can be used from anywhere on the Internet after logging in with your [http://www.ru.nl/idmuk/ RU-account and RU-password].
 
For the use of the [http://www.ru.nl/ub University library] one does not need VPN, because the library has a proxy website, that can be used from anywhere on the Internet after logging in with your [http://www.ru.nl/idmuk/ RU-account and RU-password].
 
As of November 2015, there is a new VPN, based on [https://en.wikipedia.org/wiki/IPsec IPsec]. We intend to have all users moved over to the new VPN before May 1, 2016 and then terminate the old VPN based on [https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol PPTP].
 
  
 
The instructions below to install the VPN will be expanded by C&CZ and probably also by employees/students.
 
The instructions below to install the VPN will be expanded by C&CZ and probably also by employees/students.
 
[/en]
 
[/en]
  
* [Algemeen][General]: VPN-server/gateway: <b>vpnsec.science.ru.nl</b>
+
== VPNSec ==
 +
[Algemeen][General]:
 +
 
 +
*VPN-server/gateway: <b>vpnsec.science.ru.nl</b>
  
 
[Per apparaat of Operating systeem][Per device or Operating system]:
 
[Per apparaat of Operating systeem][Per device or Operating system]:
  
* <span style="color:#FF0000">'''Ubuntu 16.04'''</span>: [Indien je gebruik maakt van <b>vpnsec.science.ru.nl</b>, svp nog niet upgraden naar Ubuntu 16.04. Er is een bekende bug waaraan gewerkt wordt, zie: ][If you are currently using <b>vpnsec.science.ru.nl</b>, please do not upgrade to Ubuntu 16.04. There is a known bug people are trying to fix, see ] [https://bugs.launchpad.net/bugs/1570352 msg4923789].<br>[Inmiddels is er een 'work around'. deze vraagt echter wat handwerk. Zie: ][A work around currently exists, requiring some manual configuration. See: ][https://wiki.science.ru.nl/cncz/Vpnsec_Linux_install VPNsec Linux installation and configuration].
+
* '''Windows7/8/8.1/10''': [Maak een *nieuwe* VPN aan, met server vpnsec.science.ru.nl, dat is alles. Uitgebreide instructies staan verderop.][Just add a *new* VPN with server vpnsec.science.ru.nl, that's all. Detailed instructions are below.]
* '''Windows7/8/8.1/10''': [Maak een *nieuwe* VPN aan, met server vpnsec.science.ru.nl, dat is alles. Geen speciale configuratie nodig.][Just add a *new* VPN with server vpnsec.science.ru.nl, that's all. No special configuration needed.]
 
 
* '''Android''': [Installeer de][Install the] [https://play.google.com/store/apps/details?id=org.strongswan.android strongSwan] app [met][with] "IKEv2 EAP (Username/Password)". '''NB: [sommige tekens in een wachtwoord moeten worden ge-escaped met een][some special characters in the password should be escaped using a] "\"'''
 
* '''Android''': [Installeer de][Install the] [https://play.google.com/store/apps/details?id=org.strongswan.android strongSwan] app [met][with] "IKEv2 EAP (Username/Password)". '''NB: [sommige tekens in een wachtwoord moeten worden ge-escaped met een][some special characters in the password should be escaped using a] "\"'''
 
* '''iOS''' (iPhone/iPad): Download [en installeer][and install] [[Media:vpnsec.mobileconfig|vpnsec.mobileconfig]] [op je][to your] iPhone/iPad. [Getest op iPad met iOS 9, volgens documentatie werkt iOS 8 ook, maar ongetest][Tested on iPad with iOS 9, according to documentation iOS 8 should work too, but is yet untested].
 
* '''iOS''' (iPhone/iPad): Download [en installeer][and install] [[Media:vpnsec.mobileconfig|vpnsec.mobileconfig]] [op je][to your] iPhone/iPad. [Getest op iPad met iOS 9, volgens documentatie werkt iOS 8 ook, maar ongetest][Tested on iPad with iOS 9, according to documentation iOS 8 should work too, but is yet untested].
 
* '''OS X 10.11''' El Capitan [en hoger][and higher]: Download [en installeer][and install] [[Media:vpnsec-macosx.mobileconfig|vpnsec-macosx.mobileconfig]] [op je][to your] Apple computer.<br/>[Pas de <b>Authentication Settings...</b> in <b>System Preferences</b> &rarr; <b>Network</b> &rarr; <b>VpnSec</b> aan door je Science account en wachtwoord in te vullen][Adapt the <b>Authentication Settings...</b> in <b>System Preferences</b> &rarr; <b>Network</b> &rarr; <b>VpnSec</b> to match your Science account and password].
 
* '''OS X 10.11''' El Capitan [en hoger][and higher]: Download [en installeer][and install] [[Media:vpnsec-macosx.mobileconfig|vpnsec-macosx.mobileconfig]] [op je][to your] Apple computer.<br/>[Pas de <b>Authentication Settings...</b> in <b>System Preferences</b> &rarr; <b>Network</b> &rarr; <b>VpnSec</b> aan door je Science account en wachtwoord in te vullen][Adapt the <b>Authentication Settings...</b> in <b>System Preferences</b> &rarr; <b>Network</b> &rarr; <b>VpnSec</b> to match your Science account and password].
* '''OS X 10.7''' Lion [en hoger][and higher]: [installeer][install] [https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX strongSwan] [met][with] "IKEv2 EAP (Username/Password)". [De <strong>strongSwan App</strong> heeft een bekend probleem. De huidige [[VpnSec_MacOS_X_strongSwan_App|oplossing]] is echter niet erg gebruikersvriendelijk, wordt aan gewerkt.][The strongSwan App has a known problem. The current [[VpnSec_MacOS_X_strongSwan_App|solution]] is, however, not very easy. We are investigaing a doable solution.]
+
* '''OS X 10.7''' Lion [en hoger][and higher]: [installeer][install] [https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX strongSwan] [met][with] "IKEv2 EAP (Username/Password)". [De <strong>strongSwan App</strong> heeft een bekend probleem. De huidige [[VpnSec_MacOS_X_strongSwan_App|oplossing]] is echter niet erg gebruikersvriendelijk.][The strongSwan App has a known problem. The current [[VpnSec_MacOS_X_strongSwan_App|solution]] is, however, not very easy.]  [Of gebruik de][Or use the] [https://wiki.science.ru.nl/cncz/Vpn#OpenVPN_for_Linux_.26_MacOS OpenVPN] service.
 +
* '''Linux''': [nl][[vpnsec_Linux_install|VPNsec Linux installatie en configuratie]][/nl][en][[vpnsec_Linux_install|VPNsec Linux installation and configuration]][/en]
 +
* '''Ubuntu 16.04''': [Er is een bekende bug waaraan gewerkt wordt, zie: ][There is a known bug people are trying to fix, see ][https://bugs.launchpad.net/bugs/1570352 msg4923789]. [Inmiddels is er een 'work around'. deze vraagt echter wat handwerk. Zie: ][A work around currently exists, requiring some manual configuration. See: ][https://wiki.science.ru.nl/cncz/Vpnsec_Linux_install VPNsec Linux installation and configuration]. [Of gebruik de][Or use the] [https://wiki.science.ru.nl/cncz/Vpn#OpenVPN_for_Linux_.26_MacOS OpenVPN] service.
 +
 
 
<!--
 
<!--
[Deze installatie is soms weerbarstig. In dat geval zijn je opties beperkt. Vaak helpen de 4 Re's (Remove, Reboot, Reinstall, Retry).][Sometimes the installation is somewhat problematic. In that case your options are limited. Often the 4 Re's (Remove, Reboot, Reinstall, Retry) help.]
+
[Opmerking][Remark]:
 +
 
 +
* <span style="color:#FF0000">'''[Bekend probleem][Known Problem]'''</span>: [Onze Vpn dienst heeft een reconnect probleem dat optrad na vervanging van de campusbrede firewall. Na het verbreken van de verbinding moet u ca. 15 minuten wachten voordat het mogelijk is om opnieuw gebruik van de vpn te maken. Dit wordt momenteel onderzocht door de centrale ICT afdeling.][Our Vpn Service has a reconnect problem that appeared during the upgrade of the Campus firewall. After a disconnect you have to wait ca. 15 minutes before being able to reconnect. This is being investigated by the central ICT department.]
 
-->
 
-->
* '''Linux''': [nl][[vpnsec_Linux_install|VPNsec Linux installatie en configuratie]][/nl][en][[vpnsec_Linux_install|VPNsec Linux installation and configuration]][/en]
 
<br>
 
<br>
 
  
== OpenVPN for Linux & MacOS ==
 
For MacOS and Linux users that have trouble getting VPNsec working on their systems, C&CZ provides an OpenVPN service.
 
  
=== Setting up OpenVPN on linux ==
+
=== VPNsec setup Windows 10 ===
Make sure you have the openvpn package installed. For Debian based distributions (like Ubuntu), run:
+
[nl]
 +
Vanuit Windows Configuratiescherm, ga naar:
 +
* Netwerk en Internet
 +
* Netwerkcentrum
 +
* Een nieuwe verbinding of een nieuw netwerk instellen
 +
* Verbinding met een bedrijfsnetwerk maken -> Volgende
 +
* Ik wil een nieuwe verbinding maken
 +
* Mijn Internetverbinding (VPN) gebruiken
 +
* Geef het Internet-adres voor de verbinding op. Internet-adres: vpnsec.science.ru.nl
 +
* Naam van deze verbinding: Science VPNsec (of iets anders) en klik "Maken".
 +
 
 +
* Gebruiken: klik in de taakbalk op het vliegtuig/Internet-icoon en klik op "Science VPNsec" en "Verbinding maken".
 +
* Vul de Science loginnaam en het bijbehorende wachtwoord in. Daarna: "Verbonden".
 +
[/nl]
 +
[en]
 +
From Windows Settings, take the following route:
 +
* Networks and Internet
 +
* VPN
 +
* Add a VPN connection
 +
* Fill in
 +
*:
 +
{| class="wikitable" style="margin-left: 20px;"
 +
|VPN provider
 +
|Windows (built-in)
 +
|default choice
 +
|-
 +
|Connection name
 +
|Science-VPNsec
 +
|choose something
 +
|-
 +
|Server name or address
 +
|vpnsec.science.ru.nl
 +
|provide as stated
 +
|-
 +
|VPN type
 +
|Automatic
 +
|default choice
 +
|-
 +
|Type of sign-in info
 +
|User name and password
 +
|default choice
 +
|-
 +
|User name (optional)
 +
|Science account
 +
|optional
 +
|-
 +
|Password (optional)
 +
|Science password
 +
|optional
 +
|}
 +
* Save
 +
[/en]
 +
 
 +
=== VPNsec setup Windows 7/8 ===
 +
[nl]
 +
Vanaf het Windows Controle paneel:
 +
* Netwerk en Internet
 +
* Netwerk en Sharing Center
 +
* Een nieuwe verbinding of netwerk maken
 +
* Verbinding met een werkplek maken -> Volgende
 +
* Gebruik mijn Internet verbinding (VPN)
 +
* Vul het Internet adres in: vpnsec.science.ru.nl
 +
* en kies een naam voor de verbinding, bv.: Science VPNsec
 +
* Daarna wordt om de Science loginnaam en wachtwoord gevraagd.
 +
[/nl]
 +
[en]
 +
From the windows Control panel, take the following route:
 +
* Network and Internet
 +
* Network and Sharing Center
 +
* Setup a new connection or network
 +
* Connect to a workspace -> Next
 +
* Use my Internet connection (VPN)
 +
* Fill in the Internet address: vpnsec.science.ru.nl
 +
* and connection name, for example: Science VPNsec
 +
* You'll be prompted for your Science username and password.
 +
[/en]
 +
 
 +
== OpenVPN [voor][for] Linux & MacOS ==
 +
[Voor MacOS en Linux gebruikers die moeite hebben om de VPNsec service werkend te krijgen, biedt C&CZ een OpenVPN service aan.][For MacOS and Linux users that have trouble getting VPNsec working on their systems, C&CZ provides an OpenVPN service.]
 +
 
 +
=== [Opzetten van OpenVPN op Linux][Setting up OpenVPN on Linux] ===
 +
[Zorg dat je het package openvpn ge&iuml;nstalleerd hebt. Voor op Debian gebaseerde distributies zoals Ubuntu, gebruik:][Make sure you have the openvpn package installed. For Debian based distributions (like Ubuntu), run:]
 
   
 
   
 
  sudo apt-get install openvpn
 
  sudo apt-get install openvpn
  
Next, download the openvpn configuration file:
+
[Download daarna het openvpn configuratiebestand:][Next, download the openvpn configuration file:]
  
 
  wget https://gitlab.science.ru.nl/cncz/openvpn/raw/master/openvpn-science.ovpn
 
  wget https://gitlab.science.ru.nl/cncz/openvpn/raw/master/openvpn-science.ovpn
  
=== Starting OpenVPN on linux ===
+
=== [Start OpenVPN op Linux][Starting OpenVPN on Linux] ===
Startup the OpenVPN tunnel as follows:
+
[Start de OpenVPN tunnel als volgt:][Startup the OpenVPN tunnel as follows:]
  
 
  sudo openvpn openvpn-science.ovpn
 
  sudo openvpn openvpn-science.ovpn
  
You'll be asked for your science login name and password.
+
[Er zal gevraagd worden naar de Science loginnaam an wachtwoord.][You'll be asked for your science login name and password.]
Hit ctrl+c to terminate the OpenVPN connection
+
[De verbinding kan verbroken worden door Control+C te tikken.][Hit Control+C to terminate the OpenVPN connection.]
 +
 
 +
=== [Al het Internet verkeer door OpenVPN][All traffic through OpenVPN] ===
 +
 
 +
[Gebruik OpenVPN's '''--redirect-gateway autolocal''' optie (of zet het in het config bestand als '''redirect-gateway autolocal''')][Use OpenVPN's '''--redirect-gateway autolocal''' option (or put it in the config file as '''redirect-gateway autolocal''')]
  
 
== SSH SOCKS-Proxy to access journals (linux) ==
 
== SSH SOCKS-Proxy to access journals (linux) ==
Line 69: Line 158:
 
If your Science username (e.g. "peter") is different on your local username use:
 
If your Science username (e.g. "peter") is different on your local username use:
  
   ssh -D 8942 peter@lilo.science.ru.nl
+
   ssh -D 8942 peter&#64;lilo.science.ru.nl
  
 
The -D flag starts "dynamic" application-level portforwarding. The port number
 
The -D flag starts "dynamic" application-level portforwarding. The port number
Line 118: Line 207:
 
   tcp        0      0 localhost:smtp          *:*                    LISTEN       
 
   tcp        0      0 localhost:smtp          *:*                    LISTEN       
 
   tcp        0      0 localhost:8942          *:*                    LISTEN
 
   tcp        0      0 localhost:8942          *:*                    LISTEN
 
== [Oude VPN op basis van PPTP][Old VPN based on PPTP] ==
 
[nl]
 
'''NB: de oude VPN gaat uit op 1 december 2016. Dit vanwege onveiligheid van PPTP.'''
 
 
Voorbeelden van installatie en configuratie van de oude VPN voor:
 
[/nl]
 
[en]
 
'''NB: The old VPN service will be terminated on December 1st, 2016. This is due to insufficient security of PPTP'''
 
 
Examples of installation and configuration of the old VPN:
 
[/en]
 
 
* [[vpn_w10|Windows 10]]
 
* [[vpn_w7|Windows 7]]
 
* [[vpn_mac|MacOS X]]
 
* [http://wiki.science.ru.nl/cncz/IPad#Science_VPN iPad]
 
* [https://wiki.science.ru.nl/cncz/Android#VPN Android]
 
* [[vpn_linux_|Linux]]
 
* [[vpn_windows98_|Windows 98]], [[vpn_windows2k_|Windows 2000]], [[vpn_windowsxp_|Windows XP]]
 
 
[nl]
 
''<b>Let op</b>: gebruikers van F-Secure moeten de [[vpn_F-Secure|Firewall configuratie aanpassen]] om blokkeren van GRE op te heffen.''
 
 
''<b>Let op</b>: ALs de VPN-verbinding direct weer wegvalt, dan kan het zijn dat je de MTU-waarde van de ethernetkaart lager moet zetten. Zie bijvoorbeeld [http://portal.cyberpro.com.au/tips/Optimising_MTU.html optimizing MTU]''.
 
[/nl]
 
[en]
 
''<b>Note</b>: users of F-secure need to [[vpn_F-Secure|change the Firewall configuration]] to lift blocking of GRE.''
 
 
''<b>Note</b>: If the VPN connection drops immediately when you start to use it , it may be that the MTU value for the ethernet card is set too high, see for example [http://portal.cyberpro.com.au/tips/Optimising_MTU.html optimizing MTU]''.
 
[/en]
 
  
 
[[Category:Internet]]
 
[[Category:Internet]]

Latest revision as of 11:36, 26 June 2019

VPN (Virtual Private Network) connection

C&CZ manages a VPN server, which makes it possible for all users to gain secure access to the network with their Science username and password. A RU-central VPN service can also be used with RU-account and RU-password.

The computer at home (or anywhere on the Internet) becomes part of the campus network. In this way users can get access to services that are normally only accessible from computers on campus. The most common of such services are connecting to disk shares or to special servers. As of November 2015, the VPN is based on IPsec.
For the use of the University library one does not need VPN, because the library has a proxy website, that can be used from anywhere on the Internet after logging in with your RU-account and RU-password.

The instructions below to install the VPN will be expanded by C&CZ and probably also by employees/students.

VPNSec

General:

  • VPN-server/gateway: vpnsec.science.ru.nl

Per device or Operating system:

  • Windows7/8/8.1/10: Just add a *new* VPN with server vpnsec.science.ru.nl, that's all. Detailed instructions are below.
  • Android: Install the strongSwan app with "IKEv2 EAP (Username/Password)". NB: some special characters in the password should be escaped using a "\"
  • iOS (iPhone/iPad): Download and install vpnsec.mobileconfig to your iPhone/iPad. Tested on iPad with iOS 9, according to documentation iOS 8 should work too, but is yet untested.
  • OS X 10.11 El Capitan and higher: Download and install vpnsec-macosx.mobileconfig to your Apple computer.
    Adapt the Authentication Settings... in System PreferencesNetworkVpnSec to match your Science account and password.
  • OS X 10.7 Lion and higher: install strongSwan with "IKEv2 EAP (Username/Password)". The strongSwan App has a known problem. The current solution is, however, not very easy. Or use the OpenVPN service.
  • Linux: VPNsec Linux installation and configuration
  • Ubuntu 16.04: There is a known bug people are trying to fix, see msg4923789. A work around currently exists, requiring some manual configuration. See: VPNsec Linux installation and configuration. Or use the OpenVPN service.


VPNsec setup Windows 10

From Windows Settings, take the following route:

  • Networks and Internet
  • VPN
  • Add a VPN connection
  • Fill in
VPN provider Windows (built-in) default choice
Connection name Science-VPNsec choose something
Server name or address vpnsec.science.ru.nl provide as stated
VPN type Automatic default choice
Type of sign-in info User name and password default choice
User name (optional) Science account optional
Password (optional) Science password optional
  • Save

VPNsec setup Windows 7/8

From the windows Control panel, take the following route:

  • Network and Internet
  • Network and Sharing Center
  • Setup a new connection or network
  • Connect to a workspace -> Next
  • Use my Internet connection (VPN)
  • Fill in the Internet address: vpnsec.science.ru.nl
  • and connection name, for example: Science VPNsec
  • You'll be prompted for your Science username and password.

OpenVPN for Linux & MacOS

For MacOS and Linux users that have trouble getting VPNsec working on their systems, C&CZ provides an OpenVPN service.

Setting up OpenVPN on Linux

Make sure you have the openvpn package installed. For Debian based distributions (like Ubuntu), run:

sudo apt-get install openvpn

Next, download the openvpn configuration file:

wget https://gitlab.science.ru.nl/cncz/openvpn/raw/master/openvpn-science.ovpn

Starting OpenVPN on Linux

Startup the OpenVPN tunnel as follows:

sudo openvpn openvpn-science.ovpn

You'll be asked for your science login name and password. Hit Control+C to terminate the OpenVPN connection.

All traffic through OpenVPN

Use OpenVPN's --redirect-gateway autolocal option (or put it in the config file as redirect-gateway autolocal)

SSH SOCKS-Proxy to access journals (linux)

There is a convenient alternative to VPN or the UB proxy website described above to access online journals from anywhere. With SSH one can start a so called SOCKS Proxy-server, which can be used by web-browsers.

  • Login to your Science account with ssh:
 ssh -D 8942 lilo.science.ru.nl       # (or any other login-server)
 (Enter password if required)

If your Science username (e.g. "peter") is different on your local username use:

 ssh -D 8942 peter@lilo.science.ru.nl

The -D flag starts "dynamic" application-level portforwarding. The port number (here 8942) can be any number above 1024 and below 65536. If a port is already in use by another process try a different number.

  • Tell the web browser to use the server. In Firefox:
 * Edit - Preferences - Advanced - Settings
 * Select "Manual proxy configuration"
 * SOCKS Host: localhost      Port: 8942
 * Select SOCKS v5
 * OK

Chromium and Google Chrome can be called from the command line with the proxyserver option:

 chromium-browser --proxyserver="socks5://localhost:8942"

If you now go to a journal website i.e., J. Chem. Phys., you should see "Your access is provided by: Universiteitsbibliotheek" and you should have the same access as from within the Radboud University domain.

Run ssh in the background

With these flags:

 ssh -f -N -D port 

ssh will run in the background (-f) and only setup the proxy server but not actually logon (-N).

Troubleshooting

The "netstat" command may be used to troubleshoot problems:

 netstat -at

will show all active and non-active tcp sockets. In the above example you should see something like:

 MYPC:/home/peter $ netstat -at
 Active Internet connections (servers and established)
 Proto Recv-Q Send-Q Local Address           Foreign Address         State      
 tcp        0      0 localhost:smtp          *:*                     LISTEN      
 tcp        0      0 localhost:8942          *:*                     LISTEN      
 tcp        0      0 *:ssh                   *:*                     LISTEN      
 tcp        0      0 localhost:ipp           *:*                     LISTEN      
 tcp        0      0 peter.home:36953        postvak.science.r:imaps ESTABLISHED
 tcp        0      0 peter.home:36808        lilo3.science.ru.nl:ssh ESTABLISHED
 tcp        0      0 localhost:smtp          *:*                     LISTEN      
 tcp        0      0 localhost:8942          *:*                     LISTEN