RAS (Remote Access System) on the University of Tübingen
The problem
The University of Tübingen offers remote access (VPN). With this service, students and researchers can, for instance, access scientific publications from computers outside the university's network. I show how you can use this service with GNU/Linux using only free software instead of Cisco's anyConnect client (recommended by ZDV). I assume you are using Debian or a Debian-based system, but the recipe can easily be adapted to other GNU/Linux distributions.
The solution
We are going to use the OpenConnect VPN client.
# apt-get install openconnect
If you are already managing your network with NetworkManager (for
instance, if you are using GNOME, KDE or Ubuntu's Unity as a Desktop
Environment), then you can install the
network-manager-openconnect-gnome
in order to add VPN management
functionality:
# apt-get install network-manager-openconnect-gnome
Now, you just need to configure the VPN connection using
NetworkManager's graphical interface. The VPN server is located at
ras.uni-tuebingen.de
and you need to log in with your university
credentials. If you are not using NetworkManager, then just type
the following command (sadly, it needs root user privileges):
# openconnect ras.uni-tuebingen.de
You will be asked to type in your login information. Keep in mind that, as soon as you are connected to the VPN, all your internet traffic goes through the university's network. So, to avoid overloading the university's network with your personal internet traffic, and also for security reasons, you should disconnect from the VPN as soon as you don't need it anymore.
A better alternative is to use ocproxy to create a local proxy that redirects the traffic through the VPN. Then, you can use FoxyProxy, ProxySelector or another browser addon of your choice to easily switch between proxy configurations on-the-fly, while you browse the internet. One advantage is that only the traffic of your browser, and only while using the VPN's local proxy, will be redirected through the university's network. Another advantage is that you don't need root user privileges to use this approach. So, let's do it. First, you need to install ocproxy:
# apt-get install ocproxy
Then, to create a local proxy listening on port 11080
, issue the
following command:
$ /usr/sbin/openconnect --script-tun --script "ocproxy -D 11080" ras.uni-tuebingen.de
Yes, in most GNU/Linux distributions you will have to type the full
path to the openconnect executable. As before, you will be asked to
type in your login information. Now, we just add a proxy
configuration on the browser to localhost
on port 11080
. Since
ocproxy only creates a very simple local SOCKS proxy, make sure that
the HTTP, FTP and other entries (except SOCKS, of course) in your
proxy configuration are left blank. And, that's all.