User Tools

Site Tools


it_tips:luvpn

This is an old revision of the document!


Connecting to the LU VPN

The Lund University VPN is a system to secure connect from outside the LU network to services and machines inside the LU network. It should be used when travelling or when connecting from non secure places.

Instructions on how to configure it for windows and macOS are available at the official documentation website:

For other systems only generic instructions are given:

But below I will detail how to configure and install in commonly used distributions.

LUVPN on Ubuntu 18.04

The VPN connection is based on a networkmanager plugin for gnome. If you're not running network manager and/or gnome, there might be other solutions, please contact me.

  1. Install the needed packages
    apt-get install network-manager-l2tp network-manager-l2tp-gnome
  2. Open the settings dialog
  3. Select Network (1) and click on the + symbol next to the VPN
  4. Choose “Layer 2 Tunnelling Protocol (L2TP)”
  5. Insert the following information for the Generic VPN config:
    1. Save by pressing the Add button on top of the window.
  6. Activate the VPN by pressing the switch. You will be asked for the LUCAT password.
  7. If the connection worked, you should see a small lock connected to the network in the notification icons on the upper right, like the one in the picture below:

Disconnecting from the VPN

Once configured, one can easily connect and reconnect to the VPN using the upper right menu:

However, in some cases the browser and other applications will fail to detect the non-vpn network again, so one way to make it happen faster is to restart the network manager AFTER disconnecting from the VPN:

systemctl restart network-manager

This is currently a bit sad to setup in Linux due to a bug. But it's good to have as it will encrypt your connection. If you are in a hurry you can avoid, but make sure you are not transferring sensitive information.

  1. In the VPN configuration dialog, click on “IPsec settings”
  2. Enter the information below:
  3. :!: BUG :!: : The button “enforce UDP encapsulation” does not work, so it must be set manually in the config file. This workaround below will set ALL the IPsec connections to enable this feature, so use with care if you have IPsec for some other purpose.
    1. Edit /etc/ipsec.conf so that the top part looks like this:
      # ipsec.conf - strongSwan IPsec configuration file
       
      # basic configuration
       
      config setup
              # strictcrlpolicy=yes
              # uniqueids = no
              enforceencaps = yes
  4. restart the l2tp and ipsec services with this command:
    systemctl restart xl2tpd strongswan

LUVPN on OpenSuSE 15.1

it_tips/luvpn.1584030713.txt.gz · Last modified: 2020/03/12 16:31 by florido