================================================= Using the Algonquin VPN (Virtual Private Network) ================================================= -Ian! D. Allen - idallen@idallen.ca - www.idallen.com Using the VPN from Linux ------------------------ The Algonquin College ITS does not support any Linux machines. The information here is my own personal research into the using VPN from Linux. In the "Universe" repository on Ubuntu (7.04, 7.10) you will find the "vpnc" package. Download and install it (e.g. using the synaptic package manager GUI or "sudo apt-get install vpnc" in a terminal). Create (as root) an /etc/vpnc.conf file containing a template that includes your userid. A sample template is below; change abcd0001 to be your Algonquin network userid. Start vpnc (also as root). Try to ping the Course Linux server, and then you can log in using ssh. If you can't get to the Course Linux Server, see the section "Diagnostics for the VPN" below. Rememeber: This VPN is not a split-tunnel - all your machine traffic will go via the VPN through Algonquin College. You can mitigate this problem by using VMware to run a Linux virtual machine with a separate IP address (e.g. obtained via DHCP), and have that virtual machine run vpnc to the College. Using a separate machine to run vpnc (virtual or otherwise) will leave your main machine's network connection undamaged. You can copy files from your main machine to the other (virtual) machine (using scp or ftp) and then use "scp" (cp over ssh) to copy the files from the other machine over the VPN to the Course Linux Server: $ scp -p file.txt abcd0001@10.50.254.148:file.txt *** idallen-alinux *** Ubuntu 7.10 Password: Use vpnc-disconnect to disconnect the VPN and restore your networking to normal. If you run vpnc in a separate (virtual) machine, you can leave the VPN running; it won't affect your main machine. Algonquin times-out your VPN connection after an undisclosed amount of time - you may have to reconnect it repeatedly. Details on creating vpnc.conf and using vpnc: # cat /etc/vpnc.conf IPSec gateway vpn.algonquincollege.com IPSec ID VPNGroup1 IPSec secret VPNGroup1 Xauth username abcd0001 Domain woodroffe # vpnc Enter password for abcd0001@vpn.algonquincollege.com: Connect Banner: | Algonquin College VPN Service VPNC started in background (pid: 26033)... # ping 10.50.254.148 PING 10.50.254.148 (10.50.254.148) 56(84) bytes of data. 64 bytes from 10.50.254.148: icmp_seq=1 ttl=61 time=95.7 ms ^C # ssh abcd0001@10.50.254.148 *** idallen-alinux *** Ubuntu 7.10 ... log in to the Course Linux Server and work ... ... exit (logout from) the Course Linux Server ... # vpnc-disconnect Terminating vpnc daemon (pid: 26033) # ping 10.50.254.148 PING 10.50.254.148 (10.50.254.148) 56(84) bytes of data. From 10.12.39.39 icmp_seq=1 Destination Host Unreachable ^C Using the VPN from Mac OSX -------------------------- The Algonquin College ITS does not support any Mac machines. Using the VPN from Windows -------------------------- You can call the ITS department for help with Windows: 613-727-4723 ext.5555 http://www.algonquincollege.com/its/support/connecthome/ Diagnostics for the VPN ----------------------- If you have the VPN up and running but you can't get to the Course Linux Server at 10.50.254.148 using either ping or ssh, read this: First, try to get to some other local machines at Algonquin: Can you ping any of the machines in the Linux Lab? Try machines between 10.50.15.101 - 10.50.15.131 This may not work; sometimes Algonquin blocks ping traffic. Can you use telnet or ssh to connect to any of the machines in the Linux Lab? Try telnet and ssh to machines between 10.50.15.101 - 10.50.15.131 You won't be able to log in (you don't have an account); but, if you get a response from the machine it means the VPN is working. Can you ping or use FTP or HTTP to 10.50.14.200? (located in T108) If you can't get to the Linux Lab or to the T108 FTP server, chances are your VPN isn't working. If the VPN is working (you can get to the Linux Lab or to the T108 server) but you still can't get to the Course Linux Server via ssh, please send your instructor the following information (in text form only, please): - Time of day - Your Internet connection method - Your Internet provider (e.g. Rogers, NCF, etc.) - Your local IP address - The VPN tunnel address, as set up by the VPN - A traceroute from you to 10.50.254.148 - A traceroute from you to 10.50.14.200 - A traceroute from you to any working Linux Lab address Some sample traceroutes follow: $ traceroute 10.50.254.148 traceroute to 10.50.254.148 (10.50.254.148), 30 hops max, 40 byte packets 1 vpn.algonquincollege.com (205.211.40.3) 123.108 ms 46.365 ms 45.238 ms 2 205.211.66.1 (205.211.66.1) 46.411 ms 45.501 ms 45.871 ms 3 10.29.100.8 (10.29.100.8) 45.687 ms 47.349 ms 45.820 ms 4 10.50.254.148 (10.50.254.148) 46.758 ms 46.307 ms 45.972 ms $ traceroute 10.50.14.200 traceroute to 10.50.14.200 (10.50.14.200), 30 hops max, 40 byte packets 1 vpn.algonquincollege.com (205.211.40.3) 47.948 ms 45.009 ms 45.963 ms 2 205.211.66.1 (205.211.66.1) 45.315 ms 46.565 ms 46.120 ms 3 10.29.101.8 (10.29.101.8) 46.245 ms 46.426 ms 46.270 ms 4 10.50.14.200 (10.50.14.200) 45.700 ms 46.601 ms 45.336 ms $ traceroute 10.50.15.101 traceroute to 10.50.15.101 (10.50.15.101), 30 hops max, 40 byte packets 1 vpn.algonquincollege.com (205.211.40.3) 47.287 ms 46.106 ms 45.595 ms 2 205.211.66.1 (205.211.66.1) 45.375 ms 52.954 ms 45.645 ms 3 10.29.101.8 (10.29.101.8) 45.992 ms 46.885 ms 46.079 ms 4 * * * 5 * * * ^C (interrupt the trace)