Linux/Command Line ================== .. toctree:: :maxdepth: 1 :caption: Contents: .. role:: underline :class: underline Installing the VPN client ------------------------- .. important:: Always use supported (within its life-cycle period) and updated Linux distribution! RHEL/Rocky/AlmaLinux/Fedora ........................... .. note:: The openconnect package included in `CentOS`_ (8), `Rocky Linux`_ (8,9), `AlmaLinux`_ (8,9), and `Fedora`_ (latest) provides proper support for `Global Protect protocol`_. Open a terminal and type there: .. code:: python sudo dnf -y install epel-release sudo dnf -y update epel-release sudo dnf -y install openconnect Debian/Ubuntu ............. .. warning:: `Ubuntu`_ users: use LTS >= 20 desktop or server installation. If you encounter the problem with ``openconnect`` described in this thread https://gitlab.com/openconnect/openconnect/-/issues/282, download and compile `the latest version of the code`_. Open a terminal and type there: .. code:: console sudo add-apt-repository ppa:yuezk/globalprotect-openconnect sudo apt-get update sudo apt-get install globalprotect-openconnect Getting connected ----------------- To establish a VPN tunnel to the internal infrastructure of Discoverer HPC, execute in terminal: .. code-block:: shell sudo openconnect --protocol=gp --interface=discoverer0 --user=username start.discoverer.bg where the string ``username`` has to be replaced with the actual user name. In case of successful execution, the following output will appear on the display, waiting for the user's password to be provided: .. code-block:: bash Enter login credentials Password: If the correct password is provided, a new stream of status lines will be printed out on the screen, ending with a line that reports the success of establishing the VPN tunnel. That report might look different depending on the version of openconnect used. For instance, on RHEL8 and Rocky Linux 8, as well as on Fedora, the last line will report the private IPv4 address assigned to the tunnel interface: .. code-block:: bash Configured as 10.110.0.229, with SSL disconnected and ESP established On Ubuntu or Debian, that same line might look like: .. code-block:: bash ESP tunnel connected; exiting HTTPS mainloop. Disconnecting ------------- To disconnect the VPN client, terminate the process of the currently running VPN client. Go to the terminal window where the process is still running in the foreground, and type there Ctrl-C (or just close the terminal window). Diagnostics ----------- If the VPN tunnel is established, the execution of the following command line: .. code-block:: bash ip addr show dev discoverer0 will produce an output like: .. code-block:: bash 3: discoverer0: mtu 1422 qdisc fq_codel state UNKNOWN group default qlen 500 link/none inet 10.110.0.229/32 scope global discoverer0 valid_lft forever preferred_lft forever inet6 fe80::2597:d8ee:9bcd:e9bc/64 scope link stable-privacy valid_lft forever preferred_lft forever If the interface discoverer0 is not presented in the system, then either the VPN client is not running currently, or some network problem prevents establishing the VPN tunnel. In case the interface discoverer0 is up, try to ping the login node: .. code-block:: bash ping login.discoverer.bg to proove that the internal infrastructure of Discoverer HPC is accessible. Getting help ------------ See :doc:`help` .. _`CentOS`: https://centos.org/ .. _`Rocky Linux`: https://rockylinux.org/ .. _`AlmaLinux`: https://almalinux.org/ .. _`Ubuntu`: https://ubuntu.com/ .. _`Fedora`: https://getfedora.org/ .. _`the latest version of the code`: https://gitlab.com/openconnect/openconnect/-/tree/master .. _`Global Protect protocol`: https://www.infradead.org/openconnect/globalprotect.html