Difference between revisions of "Palo Alto VPN for linux"
m (19 revisions imported) |
|||
| Line 53: | Line 53: | ||
And enter address '''vpn.tau.ac.il''' ("2" as in the picture on the right) | And enter address '''vpn.tau.ac.il''' ("2" as in the picture on the right) | ||
| + | |||
| + | ==Error== | ||
| + | ===SSL Error=== | ||
| + | On latest ubuntu version, ubuntu 22.04, after installing and configuring globalprotect VPN, you get this error: | ||
| + | |||
| + | [[File:Vpn ssl error.png|none|thumb]] | ||
| + | |||
| + | |||
| + | here is how to workaround it: | ||
| + | |||
| + | open <code>/usr/lib/ssl/openssl.cnf</code> | ||
| + | |||
| + | comment out this section:<syntaxhighlight lang="bash"> | ||
| + | # [openssl_init] | ||
| + | |||
| + | # providers = provider_sect | ||
| + | </syntaxhighlight>add this new section under the commented one from earlier:<syntaxhighlight lang="bash"> | ||
| + | [openssl_init] | ||
| + | ssl_conf = ssl_sect | ||
| + | |||
| + | [ssl_sect] | ||
| + | system_default = system_default_sect | ||
| + | |||
| + | [system_default_sect] | ||
| + | Options = UnsafeLegacyRenegotiation | ||
| + | |||
| + | </syntaxhighlight>reboot globalprotect app and the error should be fixed. | ||
| + | |||
| + | <blockquote>source:https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1960268</blockquote> | ||
| + | |||
==TAU credentials== | ==TAU credentials== | ||
Revision as of 11:30, 19 July 2022
For security reason TelAviv University starts a VPN with double authentication standard.
In order to do that users have to check/fill in their mobile phone at myTAU page (https://mytau.tau.ac.il/GetResource.php) and enroll to the service. Then you need install GoogleAuthenticator on you mobile device and register it at TAU.
After that you may download and install PaloAlto GlobalProtect VPN client on your device (all operation systems are supported: IOS, Android, Linux MAC and even Window)
The steps:
Enrollment
Go to https://mytau.tau.ac.il/GetResource.php
Choose the “1” then “2” :
Then you will receive SMS with 2-minute code and enter it immediately to the filed: Then you will be redirected to the QR code for GoogleAuthenticator account setup: Scan it using your mobile Google Authenticator app using “+” on bottom right corner of mobile device and enter the generated code from mobile GoogleAuthenticator to the field and press the green button.
Download
Download and install VPN client, from the browser, go to:
If within vpn tunnel, download one of the below versions:
http://hpc-tftp.tau.ac.il/public_files/PanGPLinux-5.3.1-c9.tgz http://hpc-tftp.tau.ac.il/public_files/PanGPLinux-6.0.0-c18.tgz
If without vpn tunnel, may download one of the below file
https://www.tau.ac.il/~danny/vpn/PanGPLinux-5.3.1-c9.tgz https://www.tau.ac.il/~danny/vpn/PanGPLinux-5.3.2-c3.tgz https://www.tau.ac.il/~danny/vpn/PanGPLinux-6.0.0-c18.tgz
Linux package should be extracted and installed appropriated version:
Debian/Ubuntu
dpkg -i GlobalProtect_UI_deb-5.3.1.0-36.deb
Redhat/Centos
yum localinstall GlobalProtect_UI_rpm-5.3.1.0-36.rpm
Configure
Execute and configure VPN client on Linux (another OS are similar) :
Open client by pressing on the relevant icon ("1" as in the picture on the right)
And enter address vpn.tau.ac.il ("2" as in the picture on the right)
Error
SSL Error
On latest ubuntu version, ubuntu 22.04, after installing and configuring globalprotect VPN, you get this error:
here is how to workaround it:
open /usr/lib/ssl/openssl.cnf
comment out this section:
# [openssl_init]
# providers = provider_sect
add this new section under the commented one from earlier:
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = UnsafeLegacyRenegotiation
reboot globalprotect app and the error should be fixed.
source:https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1960268
TAU credentials
Fill in pop-upped windows with your TAU credentials:
Open your mobile GoogleAuthenticator and enter code from there
Congratulations: you are done!