skip to primary navigationskip to content
 

Ubuntu 14.04 Desktop

Configuring the UIS VPN on Ubuntu 14.04 LTS Desktop

Caution! Due to the wide variations in Linux these instructions are likely to be incompatible, or require adaptation to work, with other versions of Ubuntu.  These instructions are known not to work on other versions of Ubuntu (both 12.04 and 16.04 LTS), nor the current Debian releases.

The UIS welcomes feedback on the compatibility issues with Ubuntu versions and usage with other releases.

Generic instructions for configuring the VPN service are provided, which may be helpful when setting up alternative systems.

Before you begin, please ensure:

  • You know your Network Access Username - typically your CRSid (username) followed by "@cam.ac.uk".  For example, "xyz789@cam.ac.uk".
  • You have your Network Access Token - either written down, or displayed on the screen of an adjacent device.  This is a 16 character long password and is NOT the same as your University (Raven) password. You can find out your token by visiting the Network Access Token site.
  • If you have been advised to use a Managed VPN, rather than the general University VPN service, you will need the VPN server hostname.  Available VPNs and their server hostnames are listed on the Managed VPN page.

To set up the VPN on Ubuntu Desktop, login as an administrative user (one who can reconfigure the sytem) and go to the desktop, then:

  1. Click on the Ubuntu logo in the top left corner of the screen, type "software" (without the quotes) into the search box and launch the Ubuntu Software Centre application, which should be displayed underneath, by clicking on it:
    "finding
  2. Once the Ubuntu Software Centre window has opened, select the search box in the top right hand corner and enter "strongswan network manager" (without quotes). Select the Network management framework (strongSwan plugin) / network-manager-strongswan package from the list that appears and and then select Install:
    ubuntu software
centre window
  3. Enter your password, if prompted, and wait while the package is installed; the install button will be replaced by a progress bar during the installation and a Remove button once complete.
  4. Without closing the window, select the search box in the top right hand corner again and replace the previous search text with "strongswan mschapv2". The StrongSwan plugin for EAP-MSCHAPv2 protocol handler / strongswan-plugin-eap-mschapv2 package should be displayed. Select Install and wait whilst the package is installed:
    strongSwan plugin for EAP/MSCHAPv2
  5. You have now finished with the Ubuntu Software Centre and can close the window.
  6. Now click on the Ubuntu logo in the top left corner of the screen, type "terminal" (without the quotes) into the search box and launch the Terminal application:
    Terminal icon
  7. The Terminal window will open with a shell prompt. Enter the command "sudo nano /etc/NetworkManager/NetworkManager.conf" (without quotes) and press RETURN, then enter your password when prompted and press RETURN again:
    terminal shell window
  8. The GNU nano text editor should open, displaying the contents of a small text file. Move the cursor down and edit the line which reads "dns=dnsmasq" so that is has a hash symbol ("#") in front of it, as shown:
    file open in nano editor
  9. Press Ctrl+X to exit and save; confirm that you wish to write the changes with the Y key; then press RETURN to confirm the same filename, thus overwriting the existing file. You should then be returned to the shell - enter "exit" and press RETURN to close the window.
  10. You must now restart your computer in order to activate the new software (logging out and back in again is not sufficient). To do this, select the System menu in the top right hand corner of the screen (the icon of the cog/power symbol) and select Shut Down... from the pull-down menu, then pick the Restart button in the box which appears:
    system menu
    restart  button
  11. After your computer has restarted, log back in and return to the desktop.
  12. Open the Network menu (the icon of arrows pointing up and down for a wired connection, or a series of arcs indicating the strength of a wireless connection). Open the VPN Connections submenu and select Configure VPN...:
    configure vpn setting menu
  13. The Network Connections dialog box will open; select the Add button:
    network connections dialog
  14. Open the connection type drop-down list by clicking on it and select IPsec/IKEv2 (strongswan) from the VPN section of the list, then click the Create... button:
    connection type
drop-down completed
  15. In the Edit VPN connection dialog box which opens, enter the following information in the VPN tab
    • Connection name: Cambridge VPN
    • Address: vpn.uis.cam.ac.uk or, if you are using a Managed VPN, use the VPN server hostname
    • Certificate: (None) (this is the default - do not select anything from this option as it is impossible to clear it again, without deleting the connection and starting again)
    • Authentication: EAP
    • Username: CRSid@cam.ac.uk (as displayed on the Network Access Token website - note the "@cam.ac.uk" suffix)
    • Request an inner IP address: Check
    • Enforce UDP encapsulation: Check 
    network edit
    Click the Save... button when complete:
  16. You will be returned to the Network Connections dialog box with the new VPN connection displayed; click the Close button:
    network close dialogue
  17. Open the Network menu and VPN Connections submenu again and select the new Cambridge VPN connection:
    Cambridge VPN
menu option
  18. You will be prompted for your VPN password. Enter your Network Access Token, tick the Remember forever option and then click the Connect button:
    password required dialogue
  19. A status message should be displayed for a few seconds in the top right hand corner of the screen, confirming the connection was successful:
    VPN login message
  20. You should now be connected. The normal network menu icon (the arrows or wireless symbol) should now be augmented with a small padlock in the bottom right corner to indicate that you are connected.

Disconnecting

To disconnect from the VPN:

  1. Open the Network menu and VPN Connections submenu and select the Disconnect VPN option:
    disconnect
VPN dialogue
  2. The padlock icon on the network menu should disappear once the connection has been closed.

Reconnecting

To reconnect to the VPN, open the Network menu and VPN Connections submenu and select the Cambridge VPN option.

Changing your token

If you mistype your token into the connect password dialog box, or you reset it on the Network Access Tokens web page, your Ubuntu system will not give you the chance to re-enter it when you connect again, but will just report that the VPN failed to connect.

To change the token, you must use the Passwords and Keys application:

  1. Click on the Ubuntu logo in the top left corner of the screen, type "passwords" (without the quotes) into the search box and launch the Passwords and Keys application by clicking on it:
    passwords and keys app
  2. The Passwords and Keys program window will open. Select Login from the list on the left, then double-click on the CRSid@Cambridge VPN/password entry on the right. A new dialog box should open. Click the small triangle next to the word Password, select the Show password checkbox and edit password that is displayed in the box below it:
    passwords and keys app
  3. When you have finished editing, select the Close button to save the new password and close the window, then close the Passwords and Keys program window.