Cisco VPN

From GoBlueMich Wiki
Jump to navigation Jump to search

Template:Warning

Introduction

This document is maintained to assist employees with configuring remote devices with the ability to access Liquid Web Inc. resources remotely. If you are working from home you must connect to our VPN before accessing any resources at Liquid Web Inc.

Connecting to the Liquid Web Network via VPN

The Cisco AnyConnect client will allow you to connect to the Liquid Web Network utilizing a SSL VPN via the following clients, Windows, OS X, Linux (Ubuntu, Fedora, etc.), iOS and Android.

In order to download the client for your desktop you'll need to visit the WebVPN via https://vpngateway.liquidweb.com. Once you are logged into the WebVPN service using your LDAP Username // LDAP Password + OTP Token, please click on the AnyConnect link and follow the install instructions.

Windows

If you are connecting from a Windows OS, please ensure that you meet all of the following criteria:


1. You are running one of the following Windows versions, 7, 8, 8.1 or 10.
2. You have up-to-date Anti-Virus installed and your device is currently clean of Malware and Viruses.
 VPN Endpoint: vpngateway.liquidweb.com
 Username: LDAP Username
 Password: LDAP Password + OTP Token

OS X

After install please double click on the Cisco AnyConnect Client under 'Applications > Cisco > Cisco AnyConnect Secure Mobility Client.app':

 VPN Endpoint: vpngateway.liquidweb.com
 Username: LDAP Username
 Password: LDAP Password + OTP Token

Linux

Template:Warning

For Ubuntu / Debian you'll need to install the following packages:

sudo apt-get update && sudo apt-get install lib32z1 lib32ncurses5 network-manager-openconnect network-manager-openconnect-gnome

For Fedora / CentOS you'll need to install the following packages:

sudo yum -y install pangox-compat.x86_64

or

sudo dnf install pangox-compat

Install the Cisco AnyConnect client via:

cd ~/Downloads
chmod +x vpnsetup.sh
sudo ./vpnsetup.sh

Try the open source solution below if you run into the following error,

Failed to start vpnagentd.service: Unit vpnagentd.service failed to load: No such file or directory.

Connection Details:

 VPN Endpoint: vpngateway.liquidweb.com
 Username: LDAP Username
 Password: LDAP Password + OTP Token

Open Source Alternative: OpenConnect

For Ubuntu' / Debian install the following packages:

sudo apt-get update && sudo apt-get install openconnect network-manager-openconnect network-manager-openconnect-gnome

For Fedora' / CentOS install the following packages:

sudo yum -y install openconnect vpnc

or

sudo dnf install openconnect vpnc

From your terminal:

sudo openconnect https://vpngateway.liquidweb.com
[sudo] password for username:
POST https://vpngateway.liquidweb.com/
Attempting to connect to server 50.28.76.133:443
SSL negotiation with vpngateway.liquidweb.com
Connected to HTTPS on vpngateway.liquidweb.com
XML POST enabled
Please enter your username and password.
Username:
Password:
POST https://vpngateway.liquidweb.com/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 3600, Keepalive 15
Connected tun0 as 10.20.7.169, using SSL
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(RSA)-(AES-128-CBC)-(SHA1).
ifconfig
tun0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
     inet addr:10.20.7.169  P-t-P:10.20.7.169  Mask:255.255.255.255
     UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1406  Metric:1
     RX packets:144 errors:0 dropped:0 overruns:0 frame:0
     TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:500 
     RX bytes:81602 (81.6 KB)  TX bytes:30456 (30.4 KB)

Android

The Cisco AnyConnect software provides an easy solution for connecting to the Liquid Web Inc. network. Please be aware this only for non-rooted devices.

https://play.google.com/store/apps/details?id=com.cisco.anyconnect.vpn.android.avf

The Settings you should use with the Cisco AnyConnect client are as follows:

  • Description: Liquidweb
  • Server Address: vpngateway.liquidweb.com

Apple iOS

https://itunes.apple.com/us/app/cisco-anyconnect/id392790924?mt=8

The Settings you should use with the Cisco AnyConnect client are as follows:

  • Description: Liquidweb
  • Server Address: vpngateway.liquidweb.com

New IPSec VPN Information 3-09-2016

As of 03/09/2016, employees should be migrating away from the old lwremote VPN group to the new liquidwebremote group.

 VPN Type: Cisco IPSec
 VPN Endpoint: vpngateway.liquidweb.com
 VPN Group: liquidwebremote
 Group Password: py6HA6O18Lyp3uhz89RAn
 Username: LDAP Username
 Password: LDAP Password + OTP Token

Official Cisco IPSec VPN Client for Windows

Template:Warning

IPSec Over NAT

If you're are able to connect to the VPN but the client statistics shows sending traffic (TX) increasing but receiving traffic (RX) is not. You are most likely running into an issue related to NAT. To rectify this issue please do the following:

From your VPN Client Interface:

  • Right click the connection and click Modify
  • Under the Transport tab, Check enable Transport Tunneling
  • Check the IPSec Over UDP (NAT/PAT) check box

Should this fail, you may need to destroy and recreate your connection using the above values.

OS X Cisco IPSec VPN Client

As of 10.6 (Snow Leopard) OS X now has native support for Cisco IPSec VPNs.

  • Open System Preferences and select Network.
  • Click the + button at the bottom of the device/interface list to add a new service.
  • Change the Interface menu option to VPN.
  • In the VPN Type menu list select Cisco IPSec.
  • Type in a name for your new VPN connection in the Service Name field and click the Create button.
  • Select the new VPN service you just created in the main list of interfaces (still in the Network preference pane).
  • Enter the primary VPN IP (vpngateway.liquidweb.com) in the Server Address field.
  • Enter your Account Name (user name) and Password into the indicated text fields.
  • Click on the Authentication Settings... button.
  • Enter the following for the Shared Secret authentication string: py6HA6O18Lyp3uhz89RAn
  • Set the Group to liquidwebremote
  • Click OK to close the window.

You can test your new VPN connection using the Connect button inside the same preference pane, or you can check the box marked Show VPN status in menu bar for quick-and-easy access to turning the VPN connection on and off.

Open Source vpnc client (Linux / BSD)

Install the vpnc client via your Distros package manager:

sudo yum install vpnc
sudo dnf install vpnc
sudo apt-get install vpnc
sudo pacman -S vpnc

Specify the following in the default configuration file:

IPSec gateway vpngateway.liquidweb.com
IPSec ID liquidwebremote
IPSec secret py6HA6O18Lyp3uhz89RAn
Xauth username YOUR_LIQUID_WEB_USERNAME_HERE
IKE DH Group dh5 

To start your VPN connection you can type the following:

vpnc

You will be prompted for a password:

Enter your LDAP Password + OTP Token

---