VPN unter Linux/en: Unterschied zwischen den Versionen

ZIM HilfeWiki - das Wiki
 
(17 dazwischenliegende Versionen von 4 Benutzern werden nicht angezeigt)
Zeile 4: Zeile 4:
 
|translated title=VPN on Linux
 
|translated title=VPN on Linux
 
}}
 
}}
VPN (Virtual Private Network) is needed if you want to use your computer from outside the university to access services that are only accessible within the university network. VPN guarantees secure access to the university network from other networks (dial-up via other providers, external company or university networks).
 
  
==  What needs to be done? ==
+
{{ambox
* To use OpenVPN, you must first download a [[Netzwerkzertifikate|etwork certificate]].
+
|type=notice
* Use your package manager to install OpenVPN version >2.4 and the OpenVPN support for the network manager.
+
|text=Linux is only rudimentarily supported by the ZIM. Info is addressed to "professionals". Use at your own risk.
* Download the configuration file:
+
}}
<center><iframe key="infoboard" width="600" height="320" path="vpn-config/index.php?group=uni&os=lin" /></center>
 
* Import the configuration file '''"OpenVPN-UPB-NG_*.ovpn"''' and the user certificate into the network manager.
 
* Connect to the university via OpenVPN.
 
  
* Configuring VPN on Linux
+
 
 +
VPN (Virtual Private Network) is needed if you want to use your computer from outside the university to access services that are only accessible within the university network. VPN guarantees secure access to the university network through other networks (dial-up via other providers, external company or university networks).
 +
<br><br>
 +
 
 +
This guide is based on Ubuntu 22.04.2 LTS. Other distributions may work similarly. We cannot provide a guide for every distribution.
 +
 
 +
== What needs to be done? ==
 +
* Download personal network certificate.
 +
* Download configuration file:
 +
<iframe key="infoboard" width="600" height="330" path="vpn-config/index.php?group=uni&os=lin&redirect_gateway=1" />
 +
* Store network certificate and configuration file in a folder. Don't change the path later.
 +
* Rename the certificate.
 +
* Setup VPN
  
 
== Step-by-step instructions ==
 
== Step-by-step instructions ==
=== Create network certificate  ===
 
To use OpenVPN, you must first install a [https://hilfe.uni-paderborn.de/Netzwerkzertifikate personal network] certificate.
 
  
If you use the WLAN "eduroam", the certificate is already installed on your computer.
+
===Create certificate ===
 +
You need a network certificate for the VPN connection. If you already have a certificate for Eduroam, you can use that too and skip this step.
 +
<br>
 +
Open the service portal and log in with your university account.
 +
* http://sp.upb.de
 +
<br>
  
=== Configuring VPN on Linux  ===
+
* Go to '''User Management''' and then '''Network Settings'''.
Download the configuration file, select the VPN you want to connect to and click on Download.
+
<br clear=all>
  
 +
[[File:Eduroam-unter-android-4.png|links|mini|ohne|350px]]
 +
<br>
 +
* Click '''Create New Certificate'''.
 +
<br clear=all>
 +
 +
[[File:Netzwerkzertifikat-container-v2.png|links|mini|ohne|350px]]
 +
<br>
 +
* Give the certificate a unique name (Ex: Laptop VPN)
 +
* Select '''Version 2''' as the file format.
 +
* Then click on '''Send new certificate'''.
 +
<br clear=all>
 +
 +
[[File:Netzwerkzertifikat-download.png|links|mini|ohne|350px]]
 +
<br>
 +
* A new network certificate has been created for you.
 +
* First copy the '''Import Password''' to the clipboard.
 +
* Now click on '''Download Network Certificate'''.
 +
<br clear=all>
 +
 +
=== Configure VPN on Linux ===
 +
Download the configuration file, select the VPN you want to connect to and click Download.
 
Normally "Uni-VPN (Standard)" should be the right choice, but if you have problems with the connection, try "Uni-VPN-TCP" again.
 
Normally "Uni-VPN (Standard)" should be the right choice, but if you have problems with the connection, try "Uni-VPN-TCP" again.
<center>
+
<iframe key="infoboard" width="600" height="330" path="vpn-config/index.php?group=uni&os=lin&redirect_gateway=1" />
<iframe key="infoboard" width="600" height="320" path="vpn-config/index.php?group=uni&os=lin" />
+
<br clear=all>
</center>
+
<span style="color:green"> Note:</span> You can click on '''"Download"''' here and download your configuration file. This is not a screenshot ;-)
 +
<br clear=all>
 +
 
 +
<bootstrap_accordion>
 +
<bootstrap_panel heading="Direct all internet traffic through the tunnel?">
 +
*Accessing online resources may require that you route all network traffic through the tunnel.
 +
* You do not need this option for pure access to network drives.
 +
</bootstrap_panel>
 +
</bootstrap_accordion>
 +
 
 +
===Create folder===
 +
* Create a folder and put the network certificate and configuration file there.
 +
* Choose the storage location carefully - you must not move or rename the folder later.
 +
* Rename the network certificate to <code>Network_Certificate.p12</code>
  
At least version '''OpenVPN 2.4''' is required.
 
  
== Connection via the network manager of Ubuntu ==
+
[[File:Vpn-unter-linux-01.png|links|mini|ohne|350px|Folder for VPN]]
There is also the possibility to set up the connection via the network manager of Ubuntu.
+
<br>
 +
* This is what the contents of the folder should look like.
 +
<br clear=all>
  
To use the network manager, the previously created network certificate must be unpacked:
+
===Set up VPN===
: <code>$ openssl pkcs12 -in Network_Certificate.p12 -out Network_Certificate_OPVPN.crt.pem -clcerts -nokeys </code>
+
[[File:Vpn-unter-linux-02.png|links|mini|ohne|350px|Network]]
: <code>$ openssl pkcs12 -in Network_Certificate.p12 -out Network_Certificate_OPVPN.key.pem -nocerts -nodes </code>
+
<br>
 +
* Click on the ''"network icon"''.
 +
* Then click on '''Settings'''.
 +
<br clear=all>
  
The two new files are copied to a secure location in the user directory with the network certificate.  
+
[[File:VPN-unter-linux-03.png|links|mini|ohne|350px|Add VPN]]
 +
<br>
 +
* In the VPN section, click the <code>+</code> to add.
 +
<br clear=all>
  
 +
[[File:Vpn-unter-linux-04.png|links|mini|ohne|350px|Import from file]]
 +
<br>
 +
* Select '''"Import from file..."'''.
 +
<br clear=all>
  
To do this, the necessary packages must first be installed via terminal:
+
[[File:Vpn-unter-linux-05.png|links|mini|ohne|350px|configuration file]]
: <code># sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome</code>
+
<br>
 +
* Open the folder we just created.
 +
* Select the '''configuration file'''.
 +
* Then click '''"Open"'''.
 +
<br clear=all>
  
With the help of the Network Managers (network connections) a new VPN connection can be create. To do this, click on "Add".
+
[[File:VPN-unter-linux-06.png|links|mini|ohne|350px|VPN settings]]
 +
<br>
 +
* The VPN settings were taken from the configuration file.
 +
* Enter the ''"import password"''' for the network certificate. (1)
 +
* Then click '''Add'''. (2)
 +
<br clear=all>
  
[[Datei:VPN_Unter_Linux_01.png]]
+
[[File:VPN-unter-linux-07.png|links|mini|ohne|350px|Connect VPN]]
 +
<br>
 +
* With one click on the switch you can connect to the VPN.
 +
<br clear=all>
  
 +
===Connect VPN===
 +
[[File:VPN-unter-linux-08.png|links|mini|ohne|350px|Connect VPN]]
 +
<br>
 +
* Or connect via the network menu.
 
<br clear=all>
 
<br clear=all>
  
 +
===Disconnect VPN===
 +
[[File:VPN-unter-linux-09.png|links|mini|ohne|350px|Disconnect VPN]]
 +
<br>
 +
* You can disconnect the VPN connection from the network menu.
 +
<br clear=all>
  
[[Datei:Konfiguration importieren.png|links|300px]]
+
==Check VPN==
 +
You can check the functionality of the VPN by calling:
 +
: [https://go.upb.de/ip https://go.upb.de/ip]
 +
Your IP will be displayed there and whether you are on the university network.
  
<br><br>
+
[[File:OpenVPN verbunden - go_ip.png|mitte|400px|mini|ohne|Example: Existing connection to the university network.]]
In the next window the connection type OpenVPN must be selected.
 
 
<br clear=all>
 
<br clear=all>
  
[[Datei:Zertikate einstellen.png|links|300px]]
+
==For advanced users==
 +
* At least version '''OpenVPN 2.4''' is required.
 +
There is also the option to set up the connection via Ubuntu's network manager.
  
Afterwards the just unpacked certificates must be selected. The CA certificate field should be filled automatically.
+
To use the network manager, the previously created network certificate must be unpacked:
  
If the CA certificate field is not filled in automatically, the configuration file '''"openvpn-upb-ng-lin.ovpn"''' should be renamed to '''"openvpn-upb-ng-lin.pem"''' and additionally placed in the folder with the certificates. Then you can select the file as a CA certificate.
+
: <code>$ openssl pkcs12 -in Network_Certificate.p12 -out Network_Certificate_OPVPN.crt.pem -clcerts -nokeys </code>
 +
: <code>$ openssl pkcs12 -in Network_Certificate.p12 -out Network_Certificate_OPVPN.key.pem -nocerts -nodes </code>
  
<br clear=all>
+
The two new files are copied to a safe location in the user directory with the network certificate.
+
: According to user reports, an additional parameter <code>-legacy</code> may be necessary under OpenSSL 3.0.2.
 +
: If this doesn't work, it may be necessary (e.g. with Arch) to install the package "openssl-1.1" and call the top two commands with "openssl-1.1" instead of "openssl".
  
 +
To do this, you must first install the necessary packages using the terminal:
 +
: <code># sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome</code>
  
[[Datei:VPN_Unter_Linux_05.png|links|400px|mini|Abgeschlossene Einrichtung]] <br><br>
 
After saving, the VPN connection can be activated via the upper system bar.
 
  
<br clear=all>
+
==See also==
 +
* [[Netzwerk]]
 +
* [[VPN Problembehandlung]]

Aktuelle Version vom 14. Juni 2024, 11:19 Uhr

Die deutsche Version finden Sie auf der Seite VPN unter Linux


VPN (Virtual Private Network) is needed if you want to use your computer from outside the university to access services that are only accessible within the university network. VPN guarantees secure access to the university network through other networks (dial-up via other providers, external company or university networks).

This guide is based on Ubuntu 22.04.2 LTS. Other distributions may work similarly. We cannot provide a guide for every distribution.

What needs to be done?[Bearbeiten | Quelltext bearbeiten]

  • Download personal network certificate.
  • Download configuration file:

  • Store network certificate and configuration file in a folder. Don't change the path later.
  • Rename the certificate.
  • Setup VPN

Step-by-step instructions[Bearbeiten | Quelltext bearbeiten]

Create certificate[Bearbeiten | Quelltext bearbeiten]

You need a network certificate for the VPN connection. If you already have a certificate for Eduroam, you can use that too and skip this step.
Open the service portal and log in with your university account.


  • Go to User Management and then Network Settings.


Eduroam-unter-android-4.png


  • Click Create New Certificate.


Netzwerkzertifikat-container-v2.png


  • Give the certificate a unique name (Ex: Laptop VPN)
  • Select Version 2 as the file format.
  • Then click on Send new certificate.


Netzwerkzertifikat-download.png


  • A new network certificate has been created for you.
  • First copy the Import Password to the clipboard.
  • Now click on Download Network Certificate.


Configure VPN on Linux[Bearbeiten | Quelltext bearbeiten]

Download the configuration file, select the VPN you want to connect to and click Download. Normally "Uni-VPN (Standard)" should be the right choice, but if you have problems with the connection, try "Uni-VPN-TCP" again.
Note: You can click on "Download" here and download your configuration file. This is not a screenshot ;-)

  • Accessing online resources may require that you route all network traffic through the tunnel.
  • You do not need this option for pure access to network drives.

Create folder[Bearbeiten | Quelltext bearbeiten]

  • Create a folder and put the network certificate and configuration file there.
  • Choose the storage location carefully - you must not move or rename the folder later.
  • Rename the network certificate to Network_Certificate.p12


Folder for VPN


  • This is what the contents of the folder should look like.


Set up VPN[Bearbeiten | Quelltext bearbeiten]

Network


  • Click on the "network icon".
  • Then click on Settings.


Datei:VPN-unter-linux-03.png
Add VPN


  • In the VPN section, click the + to add.


Import from file


  • Select "Import from file...".


configuration file


  • Open the folder we just created.
  • Select the configuration file.
  • Then click "Open".


Datei:VPN-unter-linux-06.png
VPN settings


  • The VPN settings were taken from the configuration file.
  • Enter the "import password"' for the network certificate. (1)
  • Then click Add. (2)


Datei:VPN-unter-linux-07.png
Connect VPN


  • With one click on the switch you can connect to the VPN.


Connect VPN[Bearbeiten | Quelltext bearbeiten]

Datei:VPN-unter-linux-08.png
Connect VPN


  • Or connect via the network menu.


Disconnect VPN[Bearbeiten | Quelltext bearbeiten]

Datei:VPN-unter-linux-09.png
Disconnect VPN


  • You can disconnect the VPN connection from the network menu.


Check VPN[Bearbeiten | Quelltext bearbeiten]

You can check the functionality of the VPN by calling:

https://go.upb.de/ip

Your IP will be displayed there and whether you are on the university network.

Example: Existing connection to the university network.


For advanced users[Bearbeiten | Quelltext bearbeiten]

  • At least version OpenVPN 2.4 is required.

There is also the option to set up the connection via Ubuntu's network manager.

To use the network manager, the previously created network certificate must be unpacked:

$ openssl pkcs12 -in Network_Certificate.p12 -out Network_Certificate_OPVPN.crt.pem -clcerts -nokeys
$ openssl pkcs12 -in Network_Certificate.p12 -out Network_Certificate_OPVPN.key.pem -nocerts -nodes

The two new files are copied to a safe location in the user directory with the network certificate.

According to user reports, an additional parameter -legacy may be necessary under OpenSSL 3.0.2.
If this doesn't work, it may be necessary (e.g. with Arch) to install the package "openssl-1.1" and call the top two commands with "openssl-1.1" instead of "openssl".

To do this, you must first install the necessary packages using the terminal:

# sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome


See also[Bearbeiten | Quelltext bearbeiten]

Zentrum für Informations- und Medientechnische Dienste der Universität Paderborn (ZIM) - Ehemals IMT

Virtuelle privates Netzwerk; über eine bestehende Internetverbindung wird der Rechner virtuell an einen anderen Ort gesetzt und bekommt alle Zugriffsmöglichkeiten, als ob er vor Ort wäre. Nifty!

Education Roaming - WLAN-Netzwerk, das an der Universität Paderborn und an vielen weiteren Institutionen weltweit genutzt werden kann. Zugang zu einem Eduroam-Netzwerk, gewährt Zugang zu allen Eduroam-Netzwerken (WLAN).

Virtuelle privates Netzwerk; über eine bestehende Internetverbindung wird der Rechner virtuell an einen anderen Ort gesetzt und bekommt alle Zugriffsmöglichkeiten, als ob er vor Ort wäre. Nifty!

Bei Fragen oder Problemen wenden Sie sich bitte telefonisch oder per E-Mail an uns:

Tel. IT: +49 (5251) 60-5544 Tel. Medien: +49 (5251) 60-2821 E-Mail: zim@uni-paderborn.de

Das Notebook-Café ist die Benutzerberatung des ZIM - Sie finden uns in Raum I0.401

Wir sind zu folgenden Zeiten erreichbar:

Mo Di-Do Fr
Vor-Ort-Support 08:30-16 Uhr 08:30-14 Uhr
Telefonsupport 08:30-16 Uhr 08:30-14 Uhr

Das ZIM:Servicecenter Medien auf H1 hat aktuell von Montag bis Donnerstag von 08:00-16:00 Uhr und Freitags von 08:00 bis 14:30 Uhr geöffnet.

Abgerufen von „https://hilfe.uni-paderborn.de/index.php?title=VPN_unter_Linux/en&oldid=35204
Cookies helfen uns bei der Bereitstellung des ZIM HilfeWikis. Bei der Nutzung vom ZIM HilfeWiki werden die in der Datenschutzerklärung beschriebenen Cookies gespeichert.
Weitere Informationen