Configuring the UIS VPN on Ubuntu 14.04 LTS Desktop
Caution! Due to the wide variations in Linux these instructions are likely to be incompatible, or require adaptation to work, with other versions of Ubuntu. These instructions are known not to work on other versions of Ubuntu (both 12.04 and 16.04 LTS), nor the current Debian releases.
The UIS welcomes feedback on the compatibility issues with Ubuntu versions and usage with other releases.
Generic instructions for configuring the VPN service are provided, which may be helpful when setting up alternative systems.
Before you begin, please ensure:
- You know your Network Access Username - typically your CRSid (username) followed by "@cam.ac.uk". For example, "email@example.com".
- You have your Network Access Token - either written down, or displayed on the screen of an adjacent device. This is a 16 character long password and is NOT the same as your University (Raven) password. You can find out your token by visiting the Network Access Token site.
- If you have been advised to use a Managed VPN, rather than the general University VPN service, you will need the VPN server hostname. Available VPNs and their server hostnames are listed on the Managed VPN page.
To set up the VPN on Ubuntu Desktop, login as an administrative user (one who can reconfigure the sytem) and go to the desktop, then:
- Click on the Ubuntu logo in the top left corner of the screen, type "software" (without the quotes) into the search box and launch the Ubuntu Software Centre application, which should be displayed underneath, by clicking on it:
- Once the Ubuntu Software Centre window has opened, select the search box in the top right hand corner and enter "strongswan network manager" (without quotes). Select the Network management framework (strongSwan plugin) / network-manager-strongswan package from the list that appears and and then select Install:
- Enter your password, if prompted, and wait while the package is installed; the install button will be replaced by a progress bar during the installation and a Remove button once complete.
- Without closing the window, select the search box in the top right hand corner again and replace the previous search text with "strongswan mschapv2". The StrongSwan plugin for EAP-MSCHAPv2 protocol handler / strongswan-plugin-eap-mschapv2 package should be displayed. Select Install and wait whilst the package is installed:
- You have now finished with the Ubuntu Software Centre and can close the window.
- Now click on the Ubuntu logo in the top left corner of the screen, type "terminal" (without the quotes) into the search box and launch the Terminal application:
- The Terminal window will open with a shell prompt. Enter the command "sudo nano /etc/NetworkManager/NetworkManager.conf" (without quotes) and press RETURN, then enter your password when prompted and press RETURN again:
- The GNU nano text editor should open, displaying the contents of a small text file. Move the cursor down and edit the line which reads "dns=dnsmasq" so that is has a hash symbol ("#") in front of it, as shown:
- Press Ctrl+X to exit and save; confirm that you wish to write the changes with the Y key; then press RETURN to confirm the same filename, thus overwriting the existing file. You should then be returned to the shell - enter "exit" and press RETURN to close the window.
- You must now restart your computer in order to activate the new software (logging out and back in again is not sufficient). To do this, select the System menu in the top right hand corner of the screen (the icon of the cog/power symbol) and select Shut Down... from the pull-down menu, then pick the Restart button in the box which appears:
- After your computer has restarted, log back in and return to the desktop.
- Open the Network menu (the icon of arrows pointing up and down for a wired connection, or a series of arcs indicating the strength of a wireless connection). Open the VPN Connections submenu and select Configure VPN...:
- The Network Connections dialog box will open; select the Add button:
- Open the connection type drop-down list by clicking on it and select IPsec/IKEv2 (strongswan) from the VPN section of the list, then click the Create... button:
- In the Edit VPN connection dialog box which opens, enter the following information in the VPN tab
- Connection name: Cambridge VPN
- Address: vpn.uis.cam.ac.uk or, if you are using a Managed VPN, use the VPN server hostname
- Certificate: (None) (this is the default - do not select anything from this option as it is impossible to clear it again, without deleting the connection and starting again)
- Authentication: EAP
- Username: CRSid@cam.ac.uk (as displayed on the Network Access Token website - note the "@cam.ac.uk" suffix)
- Request an inner IP address: Check
- Enforce UDP encapsulation: Check
Click the Save... button when complete:
- You will be returned to the Network Connections dialog box with the new VPN connection displayed; click the Close button:
- Open the Network menu and VPN Connections submenu again and select the new Cambridge VPN connection:
- You will be prompted for your VPN password. Enter your Network Access Token, tick the Remember forever option and then click the Connect button:
- A status message should be displayed for a few seconds in the top right hand corner of the screen, confirming the connection was successful:
- You should now be connected. The normal network menu icon (the arrows or wireless symbol) should now be augmented with a small padlock in the bottom right corner to indicate that you are connected.
To disconnect from the VPN:
- Open the Network menu and VPN Connections submenu and select the Disconnect VPN option:
- The padlock icon on the network menu should disappear once the connection has been closed.
To reconnect to the VPN, open the Network menu and VPN Connections submenu and select the Cambridge VPN option.
Changing your token
If you mistype your token into the connect password dialog box, or you reset it on the Network Access Tokens web page, your Ubuntu system will not give you the chance to re-enter it when you connect again, but will just report that the VPN failed to connect.
To change the token, you must use the Passwords and Keys application:
- Click on the Ubuntu logo in the top left corner of the screen, type "passwords" (without the quotes) into the search box and launch the Passwords and Keys application by clicking on it:
- The Passwords and Keys program window will open. Select Login from the list on the left, then double-click on the CRSid@Cambridge VPN/password entry on the right. A new dialog box should open. Click the small triangle next to the word Password, select the Show password checkbox and edit password that is displayed in the box below it:
- When you have finished editing, select the Close button to save the new password and close the window, then close the Passwords and Keys program window.