TalTech VPN: Difference between revisions
m →eduVPN |
m →eduVPN |
||
Line 7: | Line 7: | ||
=eduVPN= | =eduVPN= | ||
'''NB! Since July 2021 will replace old [[#OpenVPN|OpenVPN]] service for library.''' | |||
More information: | More information: | ||
* [https://confluence.ttu.ee/x/_paaAg how to configure (EST, ENG)] (redirects to [https://confluence.ttu.ee/it-info/kauguehendus-vpn/kaugtoeoeuehendus-eduvpn here]) | * [https://eduvpn.taltech.ee/ eduVPN portal in TalTech - settings generation and download] | ||
* [https://confluence.ttu.ee/x/_paaAg how to configure in MS Windows (EST, ENG)] (redirects to [https://confluence.ttu.ee/it-info/kauguehendus-vpn/kaugtoeoeuehendus-eduvpn here]) | |||
* [https://www.eduvpn.org/ about eduVPN] | * [https://www.eduvpn.org/ about eduVPN] | ||
* [https://python-eduvpn-client.readthedocs.io/en/master/installation.html#debian-and-ubuntu Ubuntu and Debian installation] | * [https://python-eduvpn-client.readthedocs.io/en/master/installation.html#debian-and-ubuntu Ubuntu and Debian client installation, configuration] | ||
sudo apt install apt-transport-https curl | sudo apt install apt-transport-https curl | ||
curl -L https://app.eduvpn.org/linux/deb/eduvpn.key | sudo apt-key add - | curl -L https://app.eduvpn.org/linux/deb/eduvpn.key | sudo apt-key add - | ||
Line 16: | Line 19: | ||
sudo apt update | sudo apt update | ||
sudo apt install eduvpn-client | sudo apt install eduvpn-client | ||
=Forticlient VPN= | =Forticlient VPN= |
Revision as of 02:00, 29 May 2021
Uni-ID
- EST https://confluence.ttu.ee/it-info/varia/uni-id-ehk-digitaalne-identiteet
- EST https://wiki.ttu.ee/et/juhendid/it/doc/uni-id
- ENG https://wiki.ttu.ee/en/manuals/it/doc/uni-id
Uni-ID is required to use TTU VPN.
eduVPN
NB! Since July 2021 will replace old OpenVPN service for library.
More information:
- eduVPN portal in TalTech - settings generation and download
- how to configure in MS Windows (EST, ENG) (redirects to here)
- about eduVPN
- Ubuntu and Debian client installation, configuration
sudo apt install apt-transport-https curl curl -L https://app.eduvpn.org/linux/deb/eduvpn.key | sudo apt-key add - echo "deb https://app.eduvpn.org/linux/deb/ stable main" | sudo tee -a /etc/apt/sources.list.d/eduvpn.list sudo apt update sudo apt install eduvpn-client
Forticlient VPN
FortiClient VPN is for employees only. Does not allow to access the TTU library outside university. You will get only a secure VPN connection.
- EST https://confluence.ttu.ee/it-info/kauguehendus-vpn/kauguehendus-forticlient-vpn
- EST https://wiki.ttu.ee/et/juhendid/it/doc/vpn
- ENG https://wiki.ttu.ee/en/manuals/it/doc/vpn
Packages
- clean client https://www.forticlient.com/downloads
- for MS Windows, TTU preconfigured http://www.ttu.ee/FortiClient.exe
- for MS Windows, IT College client (requires login beforehand, usually older version than original one from Fortinet)
- original FortiClient software packages (MS Windows, macOS, GNU/Linux, Android, iOS, Windows Phone, Chromebook)
- Debian packages
- FortiClient (deprecated -> use OpenFortiGUI)
- OpenFortiGUI - recommended
- repository https://apt.iteas.at (older: https://styrion.at/apt/)
- https://hadler.me/linux/openfortigui/
NB! About connecting using OpenFortiGUI:
- please use SUDO -E parameter in OpenfortiGUI settings! (File→Settings)
- on first connection attempt, the certificate must be accepted
- next connection attempt can be actually connect via VPN
Connecting
- use your Uni-ID credentials to login (without @ttu.ee)
- Web: https://vpn.ttu.ee:443/
- server: vpn.ttu.ee
- port: 443
... in IT College:
- use your Uni-ID credentials to login (without @ttu.ee)
- Web: https://portal.itcollege.ee:10443/
- server: portal.itcollege.ee
- port: 10443
In IT College there is an option to use SSH tunnel using http://enos.itcollege.ee/ server using your IT College credentials. For convenient usage there is a Sshuttle (article in Estonian) available. This SSH tunnel is available also for students. MS Windows users can use puTTY. Also macOS users can use SSH tunnel.
OpenVPN
NB! Since July 2021 will be replaced by eduVPN.
Allows to access the TTU library outside university. Additionally you will get a secure VPN connection. Uni-ID account is required.
- EST https://confluence.ttu.ee/it-info/kauguehendus-vpn/kauguehendus-toru
- EST https://wiki.ttu.ee/et/juhendid/it/doc/lib_toru
- ENG https://wiki.ttu.ee/en/manuals/it/doc/lib_toru
Client software
- for MS Windows and macOS clients, please login https://toru.ttu.ee/ and download university-customized version directly from there
- GNU/Linux https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-linux/
- Android https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-android/
- iOS https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-apple-ios/
Installation in Debian/Ubuntu
- open the terminal, e.g. CTRL+ALT+T and copy-paste the following line and press Enter
- copy-paste in terminal: SHIFT+CTRL+C, SHIFT+CTRL+V
- sudo apt-get update && sudo apt-get install openvpn openvpn-blacklist && sudo apt-get clean
- for GUI Network Manager:
- sudo apt-get update && sudo apt-get install network-manager-openvpn-gnome openvpn-systemd-resolved[1]
Configuration
- download the preconfigured client.ovpn from https://toru.ttu.ee/
- use your Uni-ID credentials to login and also later to authenticate in OpenVPN
- for GNU/Linux in file client.ovpn after setenv PUSH_PEER_INFO please add the following lines and then save the file:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Connecting in Debian/Ubuntu
- use your Uni-ID credentials
- open the terminal, e.g. using CTRL+ALT+T
- navigate to folder where the client.ovpn is saved or provide the full path
- sudo openvpn --config client.ovpn or use more convenient way - the alias created below
Usually there is possible to import *.ovpn files into graphical network manager[2]. In Ubuntu 16.04 LTS cannot be imported current but in Ubuntu 18.04 LTS already can.
Convenient login in GNU/Linux
- open the terminal, e.g. using CTRL+ALT+T
- create an alias:
- nano ~/.bash_aliases #open CLI text editor
- alias vpn-ttu='sudo openvpn --config /path/client.ovpn' #add appropriate alias and path to client.ovpn, then save the file
- source ~/.bash_aliases (or reopen terminal or relogin)
- add permissions to run OpenVPN without entering a password
- sudo nano /etc/sudoers.d/permissions #the file name permissions could be replaced whatever else you like
- username ALL=(ALL) NOPASSWD: /usr/sbin/openvpn #replace username with your real one and then save the file
- type your new alias vpn-ttu in terminal to start a VPN session
in nano text editor
- save the file:
- CTRL+O and Enter if you agree the proposed file name (or enter a new one if needed)
- or F3
- quit the file:
- CTRL+X
- or F2
More information about...
- sudoers at https://help.ubuntu.com/community/Sudoers
- alias
Benefits of TalTech VPN
- you have a secure tunnel over insecure network, e.g. public WiFi, mobile internet or similar
- OpenVPN can be used for TalTech library and its paid databases outside TalTech:
TalTech helpdesk
- in case of questions, issues - please contact TalTech helpdesk
- https://confluence.ttu.ee/it-info/
- https://it.taltech.ee/ (choose website language if needed)
- self-service: http://helpdesk.taltech.ee/ (to visit self-service you must own Uni-ID account)