# Palo Alto VPN

TAU uses Palo Alto GlobalProtect VPN with two-factor authentication (Google Authenticator).

Required if connecting to the cluster from outside the TAU network.

## Enrollment

1. Go to [https://mytau.tau.ac.il/GetResource.php](https://mytau.tau.ac.il/GetResource.php) and register your mobile phone
2. Install **Google Authenticator** on your mobile device
3. Scan the QR code provided during enrollment

## Download

Download the appropriate version for your system:

- [PanGPLinux-6.2.9-c4.tgz](https://hpcguide.tau.ac.il/attachments/2)
- [PanGPLinux-6.3.3-c22.tgz](https://hpcguide.tau.ac.il/attachments/1)


## Install

**RHEL/Rocky/CentOS:**

```bash
tar -xzf PanGPLinux-6.x.x-cx.tgz
yum localinstall GlobalProtect_UI_rpm-*.rpm
```

**Debian/Ubuntu:**

```bash
tar -xzf PanGPLinux-6.x.x-cx.tgz
dpkg -i GlobalProtect_UI_deb-*.deb
```

## Configure

1. Open the GlobalProtect client
2. Enter gateway address: **vpn.tau.ac.il**
3. Log in with your TAU credentials
4. Enter the code from Google Authenticator when prompted

## Troubleshooting: SSL Error on Ubuntu 22.04+

If you see an SSL error after connecting, apply this fix:

Open `/usr/lib/ssl/openssl.cnf` and add:

```
[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation
```

Restart the GlobalProtect app.