Linux/Command Line¶
Installing the VPN client¶
Important
Always use supported (within its life-cycle period) and updated Linux distribution!
RHEL/Rocky/AlmaLinux/Fedora¶
Note
The openconnect package included in CentOS (8), Rocky Linux (8,9), AlmaLinux (8,9), and Fedora (latest) provides proper support for Global Protect protocol.
Open a terminal and type there:
sudo dnf -y install epel-release
sudo dnf -y update epel-release
sudo dnf -y install openconnect
Debian/Ubuntu¶
Warning
Ubuntu users: use LTS >= 20 desktop or server installation. If you encounter the problem with openconnect
described in this thread https://gitlab.com/openconnect/openconnect/-/issues/282, download and compile the latest version of the code.
Open a terminal and type there:
sudo add-apt-repository ppa:yuezk/globalprotect-openconnect
sudo apt-get update
sudo apt-get install globalprotect-openconnect
Getting connected¶
To establish a VPN tunnel to the internal infrastructure of Discoverer HPC, execute in terminal:
sudo openconnect --protocol=gp --interface=discoverer0 --user=username start.discoverer.bg
where the string username
has to be replaced with the actual user name. In case of successful execution, the following output will appear on the display, waiting for the user’s password to be provided:
Enter login credentials
Password:
If the correct password is provided, a new stream of status lines will be printed out on the screen, ending with a line that reports the success of establishing the VPN tunnel. That report might look different depending on the version of openconnect used. For instance, on RHEL8 and Rocky Linux 8, as well as on Fedora, the last line will report the private IPv4 address assigned to the tunnel interface:
Configured as 10.110.0.229, with SSL disconnected and ESP established
On Ubuntu or Debian, that same line might look like:
ESP tunnel connected; exiting HTTPS mainloop.
Disconnecting¶
To disconnect the VPN client, terminate the process of the currently running VPN client. Go to the terminal window where the process is still running in the foreground, and type there Ctrl-C (or just close the terminal window).
Diagnostics¶
If the VPN tunnel is established, the execution of the following command line:
ip addr show dev discoverer0
will produce an output like:
3: discoverer0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1422 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet 10.110.0.229/32 scope global discoverer0
valid_lft forever preferred_lft forever
inet6 fe80::2597:d8ee:9bcd:e9bc/64 scope link stable-privacy
valid_lft forever preferred_lft forever
If the interface discoverer0 is not presented in the system, then either the VPN client is not running currently, or some network problem prevents establishing the VPN tunnel.
In case the interface discoverer0 is up, try to ping the login node:
ping login.discoverer.bg
to proove that the internal infrastructure of Discoverer HPC is accessible.
Getting help¶
See Getting help