Downloading, Installing, and Connecting to Ivanti Remote Access VPN in Linux


NOTICE: Ivanti has rebranded the Pulse Secure client Ivanti Secure Access on Windows, MacOS, Android and IOS.  They have not yet rebranded the Linux client.  We will make references to both Ivanti and Pulse Secure in the below article as applicable.  In other 4Help articles we will use Ivanti.  Functionally the two clients are the same.

Introduction

Secure Sockets Layer (SSL) virtual private network (VPN) provides secure remote access from one machine to restricted/private resources across a public network. Virginia Tech's SSL VPN service referred to as Remote Access VPN is a subscription based service that allows you to access Virginia Tech resources remotely across the globe. This service does not provide any end-to-end encryption to other services that are being accessed over VPN but does encrypt the traffic between your machine and the VPN device.

Top of page

Contents

Top of page

Top of page

Eligibility Requirements

Top of page

Supported Platforms

See pages 9-12 of Ivanti Secure Desktop Client Supported Platforms Guide.

4Help does not support Linux installations. Due to the wide variety of Linux distributions, 4Help cannot provide any support beyond these basic instructions. We do not guarantee that they will work with your particular device or client.

For security reasons, we ask users to upgrade their machines to the latest version and update them periodically to receive any patches for vulnerabilities. Network Infrastructure and Services (NI&S) is unable to support operating systems that are no longer supported by the operating system manufacturer. 

Top of page

Network Password and 2-Factor Authentication

Your Network Password is different from your regular VT Username Passphrase. For instructions to get or reset it, see the View, Change, or Reset Network Password section of Changing or Resetting My Password.

The Virginia Tech Remote Access VPN service requires using 2-factor authentication. For more information, see Using 2-Factor Authentication.

Top of page

Connection Options

Generally, b) - VT Traffic over SSL VPN is the recommended connection profile, since it provides access to all Virginia Tech resources and doesn't slow down internet traffic to services outside of Virginia Tech. For more information, see the What is the difference between the two Ivanti Secure Access VPN Connection profiles? section of Remote Access VPN Frequently Asked Questions.

Top of page

Instructions

Download, Install, and Connect to VPN with the Pulse Secure client

Disclaimer: 4Help does not support Linux installations. Due to the wide variety of Linux distributions, 4Help cannot provide any support beyond these basic instructions. We do not guarantee that they will work with your particular device or client.

These instructions were created using Ubuntu. Instructions may differ for other distributions.

  1. Click one of the following links to download the Pulse installer appropriate for your version of Linux:
  2. Installation:
    • Note: The nss3-tools and net-tools are dependency packages required to successfully install the VPN client.  Use one of the following commands to install these dependency tools manually:
      • Ubuntu/Debian: sudo apt-get install libnss3-tools net-tools
      • RHEL/CentOS: yum install nss-tools net-tools

    • Install the VPN client using one of the following commands:
      • Ubuntu/Debian: Install the VPN client package using the command: sudo dpkg -i <package name>
      • RHEL/CentOS: Install the VPN client package using the command: sudo rpm -ivh <package-name>

    • The upgrade from the old VPN client to the new VPN client is not supported.  If you have an older version of the VPN client already installed use the following command to remove it prior to upgrading:
      • Ubuntu/Debian: sudo dpkg -r <package name>
      • RHEL/CentOS: sudo rpm -e <package name>

  3. Use the graphical Pulse Secure interface to create a connection.
    1. On the Dock, use the graphical search menu to search for: pulse
    2. To start Pulse, double-click Pulse Secure Client.
    3. Create the first connection.
      1. In the Pulse Secure window, click the plus sign (+).
      2. In the Name: text box, type: a) - All Traffic over SSL VPN
      3. In the URL: text box, type:  https://vpn.nis.vt.edu/alltraffic
      4. Click Add.
    4. Create the second connection. (Recommended connection profile)
      1. In the Pulse Secure window, click the plus sign (+).
      2. In the Name: text box, type: b) - VT Traffic over SSL VPN
      3. In the URL: text box, type: https://vpn.nis.vt.edu/vttraffic
      4. Click Add.



  4. Use the graphical Ivanti Secure Access interface to connect.
    1. Click Connect.
    2. Type your credentials.
      1. In the PID text box, type your VT Username, which is the first part of your @vt.edu email address.
      2. In the Network password: text box, type your network password.
      3. Click Sign In.
      4. When prompted, complete 2-factor authentication with your second factor. For instructions, see Authenticating with Your Second Factor.
    3. When the connection is complete, Connect will change to Disconnect.



  5. When you are finished using the remote access VPN, disconnect from it by clicking Disconnect.

Top of page

 

Alternate Client for Linux: OpenConnect

Disclaimer: 4Help does not support Linux installations. Due to the wide variety of Linux distributions, 4Help cannot provide any support beyond these basic instructions. We do not guarantee that they will work with your particular device or client.

 

OpenConnect CLI:

  1. From your terminal install openconnect (latest version). 
    • Ubuntu/Debian: sudo apt-get install openconnect
    • RHEL: sudo dnf install openconnect
  2. From your terminal connect to VPN by running the following command as root: sudo openconnect --protocol=pulse 'https://vpn.nis.vt.edu/vttraffic'
  3. When prompted, for username, enter your VT Username, which is the first part of your @vt.edu email address.
  4. When prompted, for password, enter your network password.
  5. When prompted for password#2, enter the method of 2-factor authentication you want to use:
    • push
      (This will send a push notification to the first push-capable device that is enrolled in your Duo account. To send the push notification to a different device, add a number to the end. For example, "push2" or "push3".)
    • phone
      (This will call the first voice-capable device that is enrolled in your Duo account. To have a different device called, add a number to the end. For example, "phone2" or "phone3".)
    • sms1
      (This will send an SMS to the first SMS-capable device that is enrolled in your Duo account. To send the SMS to a different device, add a number to the end. For example, "sms2" or "sms3".)
    • passcode
      You may use a passcode by entering the 6-digit passcode at the password#2 prompt.
  6. Please be aware that this terminal window will need to remain open for the tunnel to remain connected. Use Ctrl-C keystroke to close the OpenConnect session when you are done.

 

OpenConnect GUI using Ubuntu Network Manager:

  1. Open the terminal and enter the following command to install the OpenConnect network manager:
    1. sudo apt-get install openconnect network-manager-openconnect network-manager-openconnect-gnome

  2. Click on the Network icon and open the network settings. Then click on the "+" sign next to VPN.

  3. Select Multi-protocol VPN client (openconnect).

  4. Enter the following info:
    • Name: a) - All Traffic over SSL VPN
    • VPN Protocol: Pulse Connect Secure
    • Gateway: https://vpn.nis.vt.edu/alltraffic

  5. Click "Add" on the top right side.

  6. Repeat steps 2 through 5 to add "VT Traffic over SSL VPN".  Enter the following info for this second connection:
    • Name: b) - VT Traffic over SSL VPN
    • VPN Protocol: Pulse Connect Secure
    • Gateway: https://vpn.nis.vt.edu/vttraffic

  7. Your VPN profiles have been created.  Turn on your preferred VPN connection using the toggle switch button to connect.

  8. Enter your VT Username and Network Password. Click Save passwords if you do not want to re-enter this information every time you connect.  Then click on "Login"

  9. Complete 2-factor authentication with your second factor. (see the OpenConnect CLI section of this article for a description of these options)
  10. Once the VPN is connected successfully a VPN or lock icon will appear on the top menu bar.

  11. When you want to disconnect from the VPN, click on the Network or VPN icon and click on the toggle switch button next to the VPN connection that is active.

Top of page