RAS (Remote Access System) on the University of Tübingen

The University of Tübingen offers remote access (VPN). With this service, students and researchers can, for instance, access scientific publications from computers outside the university's network. I show how you can use this service with GNU/Linux using only free software instead of Cisco's anyConnect client (recommended by ZDV). I assume you are using Debian or a Debian-based system, but the recipe can easily be adapted to other GNU/Linux distributions.

We are going to use the OpenConnect VPN client.

# apt-get install openconnect

If you are already managing your network with NetworkManager (for instance, if you are using GNOME, KDE or Ubuntu's Unity as a Desktop Environment), then you can install the network-manager-openconnect-gnome in order to add VPN management functionality:

# apt-get install network-manager-openconnect-gnome

Now, you just need to configure the VPN connection using NetworkManager's graphical interface. The VPN server is located at ras.uni-tuebingen.de and you need to log in with your university credentials. If you are not using NetworkManager, then just type the following command (sadly, it needs root user privileges):

# openconnect ras.uni-tuebingen.de

You will be asked to type in your login information. Keep in mind that, as soon as you are connected to the VPN, all your internet traffic goes through the university's network. So, to avoid overloading the university's network with your personal internet traffic, and also for security reasons, you should disconnect from the VPN as soon as you don't need it anymore.

A better alternative is to use ocproxy to create a local proxy that redirects the traffic through the VPN. Then, you can use FoxyProxy, ProxySelector or another browser addon of your choice to easily switch between proxy configurations on-the-fly, while you browse the internet. One advantage is that only the traffic of your browser, and only while using the VPN's local proxy, will be redirected through the university's network. Another advantage is that you don't need root user privileges to use this approach. So, let's do it. First, you need to install ocproxy:

# apt-get install ocproxy

Then, to create a local proxy listening on port 11080, issue the following command:

$ /usr/sbin/openconnect --script-tun --script "ocproxy -D 11080" ras.uni-tuebingen.de

Yes, in most GNU/Linux distributions you will have to type the full path to the openconnect executable. As before, you will be asked to type in your login information. Now, we just add a proxy configuration on the browser to localhost on port 11080. Since ocproxy only creates a very simple local SOCKS proxy, make sure that the HTTP, FTP and other entries (except SOCKS, of course) in your proxy configuration are left blank. And, that's all.