edit · print · PDF

Please note that all the SIEpedia's articles address specific issues or questions raised by IAC users, so they do not attempt to be rigorous or exhaustive, and may or may not be useful or applicable in different or more general contexts.

Note: With the introduction of the new VPN system, much simpler and easier to use, the instructions below are now obsolete. Set up and usage instructions for the new VPN can be found in the SIC VPN page

Work At Home using VPN

VPN has become the safest and most popular method of connecting to the IAC network from home, or when traveling, etc. It replaces the old connection method that used acceso.ll.iac.es, and spare you the trouble of setting up all the required ssh tunnels.

However, the process of login in on the VPN site via Web browser and then starting Network Connect may be a little cumbersome. What you might not know is that there is a very easy and fast way to use the VPN via command line (you don't even need to type your username and password!).

Here we describe how to set it up, following the excellent tutorial provided in http://www.scc.kit.edu/scc/net/juniper-vpn/linux/. The instructions have been tested on Fedora 19 and Fedora 20, but probably they'll work for other distributions as well (with perhaps some minor modifications, for instance the cafile and certfile entries). There is also a similar method for Mac OS X, based on the "Network Connect" Application and a simple applescript, described below.

Install the required software

If you already logged in via browser and downloaded successfully the software when prompted, probably have in your home a directory called "~/.juniper_networks". If not, download and install the jar file following the instructions in http://www.scc.kit.edu/scc/net/juniper-vpn/linux/ (second block in item 1. under HowTo: "If the Sun Java doesn't work ...").

  • Set proper permissions for the executables:
    sudo chown root:root ~/.juniper_networks/network_connect/ncsvc
    sudo chmod 6755 ~/.juniper_networks/network_connect/ncsvc
    chmod 744 ~/.juniper_networks/network_connect/ncdiag
  • Download the connection script, place it into ~/bin (alternatively, /usr/local/bin/ or other suitable location). Set execution permission.
    cd ~/bin/
    wget -cNS http://www.scc.kit.edu/scc/net/juniper-vpn/linux/jnc
    chmod a+x jnc
  • Create the directory for the configuration files. Create configuration file called, for instance, smoulinsky.conf (The examples here refer to a fictitious user called Stanislao Moulinsky; of course replace smoulinsky with your actual username.)
    mkdir -p ~/.juniper_networks/network_connect/config
    cd ~/.juniper_networks/network_connect/config/
    nedit smoulinsky.conf (or open it with vi, emacs, etc ...)
  • Such file will contain the following lines (replace username and <passwordVPN> with their actual values):
 
host=vpn.iac.es
user=smoulinsky
password=<passwordVPN>
realm=Estandar
cafile=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
certfile=
# The above settings for cafile and certfile work in Fedora-19 and Fedora-20, don't know about other Linux distributions.

  • Now you're ready to start VPN by typing
    ~/bin/jnc --nox smoulinsky
    After a few attempts, the laptop should join the IAC network
  • Once connected, you can ssh to any other IAC Linux desktop (to mount scratch disks, see below), use IAC floating licenses (IDL, NAG, etc.), access internal servers by their proper name (no need for setting up ssh tunnels), etc.
  • After you're done with the work for which you needed the VPN, it's best to disconnect with:
    ~/bin/jnc stop

Access to scratch disks

If you wish to access internal scratch disks in Linux desktop, the simplest way to do it is to use the SSH Filesystem (SSHFS).

First of all, install the required sshfs package (and dependencies): yum install sshfs

Then, you can define some useful aliases, for instance (bash syntax):
alias s_italia="mkdir -p /home/smoulinsky/italia_s ; sshfs italia:/scratch /home/smoulinsky/italia_s"
alias burdeos="mkdir -p /home/smoulinsky/burdeos ; sshfs italia:/net/burdeos/scratch /home/smoulinsky/burdeos"
Thus, ls -al /home/smoulinsky/italia_s will show the content of the /scratch/ disk in italia, while ls -al /home/smoulinsky/burdeos will list all directories in burdeos's /scratch

If you get an error message like "fuse: failed to open /dev/fuse: Permission denied", try changing the following permission: sudo chmod a+rw /dev/fuse
To unmount: "fusermount -u /home/smoulinsky/italia_s" (same for other mountpoints)

Access to emails

You can use Thunderbird with the same settings you use at the IAC, that is:

  • Server settings
    • Server name: correo.iac.es
    • Port: 993
    • Account name: your username
    • Connection security: SSL/TLS
    • Authentication method: Normal password
  • Outgoing server (SMTP)
    • Server name: correo.iac.es
    • Port: 25
    • User name: your username
    • Authentication method: Normal password
    • Connection security: STARTTLS

Licensed software packages

Once connected to the IAC network via VPN, you can get access to the floating licenses for all the licensed packages available at the IAC (IDL, Mathematica, NAG, etc.). You only need to define the relevant environment variable (as is the case for IDL) or edit a specific file holding the data of the license server (as one does for Mathematica).

For specific instructions, please get in touch with us.

Mac OS X

The method described above won't work on Mac OS X. However, there is a procedure one can follow that allows connecting to the VPN from the command line.

  • Make sure you have an Application called "Network Connect" installed on your Mac. In principle, it gets installed when connecting to the VPN via browser and then launching Network Connect. However, if not, you can install it manually. First, connect to the VPN with the usual web browser-based procedure, then on the browser's address bar paste the following URL: https://vpn.iac.es/dana-cached/nc/NetworkConnect.dmg. Download the file and install it.
  • Copy the applescript from https://discussions.apple.com/thread/6228985?tstart=0, saving it into a file called, for instance, vpn-mac (no extension required). Put this file in /use/local/bin, ~/bin/ or other suitable directory in your PATH. Edit it and replace "username" and "password" with your VPN credentials; also replace x.x.x.x by vpn.iac.es in the connect to line. Assign execute permission to the file, for instance chmod 755 vpn-mac. You may need to add the line #!/usr/bin/osascript as the very first line of the file, before the tell ... statement.
    In the webpage above the OP mentions that the script fails on Mac OS X version 10.9, however we have tested it on Lion (10.7.5) and on Mavericks (10.9.4), and on both it seems to work fine.
  • Run the command vpn-mac. A GUI will open up, with two text fields for Username and Password. After a couple of seconds delay, the fields will autocomplete and the VPN Network Connect is activated. An icon resembling a yellow lock with three small green bars protruding should appear on your dock.
    You should then be able to ssh to your linux desktop machine, use the floating license or access your emails as explained earlier. The access to scratch disks works as well, provided you install the sshfs package from MacPorts or HomeBrew.

We do not have much experience with Network Connect on Mac OS X. If you (IAC user) have any problems following these instructions or something does not work right, please let us know.

edit · print · PDF
Page last modified on March 14, 2018, at 10:06 AM