Connecting to the UC Berkeley VPN service with GNU/Linux

This article is from my documentation pages on UC Berkeley network services that lack official GNU/Linux documentation:
Linux instructions for UC Berkeley network services

The campus VPN service can be used to gain access to the UC Berkeley network outside of campus using an encrypted connection. In particular, it can be used with the campus library to gain access to journal articles and databases that are restricted otherwise. While the UC Berkeley library website has instructions for connecting to the VPN service using the Cisco VPN client, instructions for GNU/Linux machines do not exist, although the GUI on the Cisco client for GNU/Linux is pretty much identical to the Mac and Windows versions.

It is not recommended to use the Cisco client, and these instructions will explain how to use openconnect to connect to the campus VPN service. The reasons to avoid the Cisco client include, but are not limited to the following:

  • The Cisco client is not packaged for any GNU/Linux distribution. While the client comes with an installation script, this is not a substitute for proper packaging, as the install script cannot be guaranteed to conform to the standards set by the various GNU/Linux distributions that one might use. Openconnect, however, is properly packaged and is supplied in the repositories for mainstream GNU/Linux distributions, which means that installing, updating, and possibly removing the software are both easy and standardized.
  • The Cisco client is closed-source, which means that the security of the software cannot be independently verified. This reason alone is important enough to reject the Cisco software, as security is highly important for networking, and it is always a bad idea to rely on security software programs that cannot be verified though any independent source (i.e. closed-source software). Openconnect is open source under the LGPL and the source code is freely available for independent researchers to verify the security and for the general public to view/modify.
  • The openconnect website lists several other deficiencies of the official Cisco client that openconnect fixes.

Openconnect is a command-line program, but for those who need/want a GUI, there is an openconnect plugin for NetworkManager (the network manager for most desktop environments). I have not attempted to test this, as I do not use NetworkManager. Alternatively, one is free to attempt to use the official Cisco client at their own risk (not recommended).

Basic Usage Instructions:

  1. Install the openconnect software from your package manager. On Debian/Ubuntu, the command to install openconnect is:
    $ sudo apt-get install openconnect
    and on Fedora, the command should be:
    $ sudo yum install openconnect
  2. Run the openconnect client as root to connect to the UC Berkeley VPN Service:
    $ sudo openconnect
  3. You should now see the following, or something similar:
    GROUP: [1-Campus_VPN|2-Campus_VPN_Full_Tunnel|3-Library_VPN|4-Campus_VPN_Split_Tunnel_v4_v6|5-Campus_VPN_Full_Tunnel_v4_v6|900-test]
    To select a network, type the group that you want (example: 3-Library_VPN) and hit Enter. Information on the various groups available can be found here.
  4. You will now be prompted for a username and password and you can now log in with your Calnet ID. Once you do that, you will be connected to the UC Berkeley VPN service until you close openconnect.
  5. To disconnect from the campus VPN, simply stop the openconnect process that you started to connect. This can be done by entering the key combination of Ctrl-C in the terminal window used to launchopenconnect.

Have fun!

Posted in Uncategorized | Leave a comment

Connecting to AirBears2 with Wicd in GNU/Linux

Update: I have made a webpage on the server I have access to on campus to host all instructions:
Linux instructions for UC Berkeley network services

AirBears2 is a good network available for UC Berkeley students. Unfortunately, there is no documentation on connecting to AirBears2 using GNU/Linux on the UC Berkeley website. I don’t like that lack of documentation, so I am going to fix that.

This tutorial uses the wicd network manager. Instructions (which I haven’t verified) for the KDE here, and a comment on that post gave me the info for using wicd with AirBears2.

Instructions for the Wicd network manager:

  1. Get an AirBears2 key. Instructions here
  2. Open wicd-client (wicd-gtk) or wicd-curses and find AirBears2 in the manager. In wicd, there will be several AirBears2 networks available. Choose the one with the best signal.
  3. Go into the Properties (Config on wicd-curses) for AirBears2 and for the encryption, select PEAP with GTC. Enter your Calnet ID for the identity and the key you generated earlier for the password.
  4. Save the settings. You should now be able to connect to AirBears2.

Have fun!

Posted in Linux, UC Berkeley | Tagged , , , | 2 Comments

Hello world!

This blog will probably be boring. I’m basically doing this thing for myself for fun. I don’t really intend for anyone to read this, but you still can if you like.

Posted in Uncategorized | Leave a comment