OpenConnect-VPN-Script/README-VPN.txt at main · gordoncheong/OpenConnect-VPN-Script · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
--------------------------------------------------------------------------------
README FOR LINUX OPENCONNECT INSTALL & SETUP

Date: May 5, 2024
--------------------------------------------------------------------------------

This is a guide on getting OpenConnect working with the VT VPN service using
the SAML authentication method.

OpenConnect (via the SAML login method) to the Pulse Secure/Ivanti VPN server
requires the use of a web browser cookie. This means that a web browser is
required to perform the login and authentication, after which the provided
script can capture the web cookie from the browser session to pass to
OpenConnect to complete the VPN connection.  Both Firefox and Chrome have been
tested on Ubuntu (23.10) and Linux Mint (21.3) to verify they work, but the
initial setup is slightly different depending on the browser used.

-------------
Requirements:
-------------

BASH is the shell that was used for creating and testing these scripts.  But
ZSH, FISH, CSH, TCSH shells should also be supported (but are untested). A
supported shell is required so that it can call the appropriate Python
Virtual Machine activation script which will perform the bulk of the VPN
authentication.

--------------
Prerequisites:
--------------

ALL:
	- Install OpenConnect:

		# sudo apt-get install openconnect

	- Install the Python virtual environment:

		# sudo apt-get install python3-venv

CHROME USERS:
	- Chrome is not included by default in Ubuntu or Linux Mint, so if we
	  wish to use it to connect to the VPN we can install it with the
	  following command:

		# sudo apt install chromium-browser

-----------------------
Installation and Setup:
-----------------------

1) Download and Copy the "OC-VPN.tar.gz" file to the home directory of your
   Linux computer. Then extract the contents:

	# cp OC-VPN.tar.gz $HOME
	# cd $HOME
        # tar -xzf OC-VPN.tar.gz

2) After extracting the contents there will be a new directory named
   "OpenConnect-VPN".  Within this directory run the script "create-vpn.sh" to
   create the required Python Virtual Machine and install the required Python
   modules into it.

        # ~/OpenConnect-VPN/create-vpn.sh

3) FIREFOX USERS ONLY, if you use Chrome skip to Step 4.  Firefox has an issue
   that if you already have a browser window open it prevents your existing
   profile from being used to open another instance for the VPN authentication.
   To get around this we create a new profile directory that the VPN script is
   able to utilize:

        a) In Ubuntu (or "snap" installed firefox):

            # mkdir -p ~/snap/firefox/common/.mozilla/firefox/oc-vpn

        b) In other flavors on Linux (with "apt" installed firefox):

            # mkdir -p ~/.mozilla/firefox/oc-vpn

	c) If your installation has a different location for the profiles you
	   will need to find that location and create a directory named
	   "oc-vpn".

4) Edit the "vpn-connect.py" file in the "OpenConnect-VPN" directory and
   change the items in the "user defined variables" section to match your
   setup:

        a) browser - uncomment the line that matches your chosen browser.

        b) FProfile - Only applicable for Firefox users.  Set the path to the
	   the profile directory you created in Step 3 above.

        c) host - use either "vpn.nis.vt.edu/vttraffic" (preferred) or
	   "vpn.nis.vt.edu/alltraffic" depending on if you only want VT
	   traffic or All traffic to go over the VPN link.

        d) user - set this to your VT PID (minus the @vt.edu portion)

5) Connect to the VT VPN by running the following script:

		# ~/OpenConnect-VPN/start-vpn.sh

The start-vpn.sh script activates the Python VM and then run the python
VPN connection script. This python script will open a new browser window
for logging into the VPN.

    - The first screen with ask you for your VT PID (which is the first part of
      your @vt.edu email address) and PID password.
    - The second screen will ask for your preferred 2-factor authentication.
    - There may be a third screen asking "Is this your device?" You have two
      options:
        a) "Yes, this is my device".  Select this if you are the only one who uses
           this computer.
        b) "No, other people use this device".  Select this if the computer is
           shared with others.  This option with not save any of your VPN
           login credentials.

The browser window should then close shortly.  You may be prompted from the
terminal for you Linux password as OpenConnect requires sudo permissions.

You should now be connected to the VPN.  The terminal window needs to remain
open for the VPN connection.  When you are done with the VPN session use the
CTRL-C keystroke in this terminal window.  The VPN connection will close and
the script will then automatically deactivate the virtual environment and
return you to a normal terminal prompt.

Now that everything is setup, in the future only the "start-vpn.sh" script needs
to be run to connect to the VPN.