Linux

This user guide helps you to establish a VPN connection with Linux.

Requirements

Installing software

In the browser open the VPN page of the Universiy of Vienna. Log in with your u:account details and the one-time password:

  • With an authentication app on your smartphone: Open the app. On the VPN website, enter the currently valid code in the field One-time password, which is displayed in the app in the ZID Universität Wien account. Then, before the code expires, press Logon.
  • With YubiKey: Position the cursor in the One-time password field. Plug the YubiKey into a USB port on your device and then press the button on the YubiKey. The one-time password is entered in the text field. The Logon button is activated automatically.

Login

For the download of the software click BIG-IP Edge Client Linux.
If you want to download the Linux client under Windows or MacOS instead, click here.

Screenshot VPN BIG-IP Edge Client Linux Download

Open the terminal.

Screenshot Linux VPN Terminal

  1. Go to the Download directory, by entering the following command and then (as well as at the end of all commands mentioned in these user guides) press Enter:

    cd Downloads

    If the directory has a different name, type in the respective name or path in Downloads.
  2. Unpack the Installation data:

    tar -xvf BIGIPLinuxClient.tgz
  3. Change to the directory BIGIPLinuxClient:

    cd BIGIPLinuxClient
  4. For Debian based systems (e.g. Ubuntu, Mint) install the required package via dpkg:

    sudo dpkg -i linux_f5cli.x86_64.deb

    or for ARM architectures (e.g. Raspberry PI):  sudo dpkg -i linux_f5cli.armhf.deb

    For RPM based systems (e.g. Fedora, CentOS, Redhat) install the required package via rpm:

    sudo rpm –i linux_f5cli.x86_64.rpm

  5. Type in the local password of your device and press Enter. The software will be installed.

    If you neither use a Debian nor a RPM based system, you may try the installation with the old installer insted by typing in the following command:
    sudo ./old-version/Install.sh
    and answer all questions with yes.

Establishing a VPN connection

Two variants are available for establishing a connection:

  • Route all traffic through the VPN tunnel by specifying port 8443 when connecting:
    f5fpc -s -t vpn.univie.ac.at:8443 -d /etc/ssl/certs/ -u u:account-UserID@
  • Only route data traffic to computers in the university’s data network through the VPN tunnel (split tunnel):
    f5fpc -s -t vpn.univie.ac.at -d /etc/ssl/certs/ -u u:account-UserID@

In the parameter -u type in your u:account UserID followed by an @ symbol and the one-time password:

  • With an authentication app on your smartphone: Open the app and enter the currently valid code immediately after the @ symbol, which is displayed in the app in the ZID Universität Wien account. Then, before the code expires, press Enter.
  • With YubiKey: Plug the YubiKey into a USB port on your device and then press the button on the YubiKey. The one-time password is entered automatically at the current position of the cursor (immediately after the @ symbol) and Enter is pressed automatically.

Typing in the directory the certificates are in is not always necessary and can be ignored (Option: -d /etc/ssl/certs/).

Type in your u:account password and click Enter.
The connection should be up and running.

Screenshot Linux VPN u:account Passwort

You can check the connection status after waiting for 5 seconds and by using the command f5fpc --info. IF the connection has been succesfull, it should look like the screenshot.

Screenshot VPN Linux Verbindung prüfen

Manually installing root certificate

If you receive the failure notice Server certificate verfication failed, do the following steps:

  1. Download the Root-Zertifikat.
    Change the name to USERTrust_RSA_Certification_Authority.pem and copy it in the directory /etc/ssl/certs/. Create a shortcut to /etc/ssl/certs/fc5a8f99.0

    wget https://zid.univie.ac.at/fileadmin/user_upload/d_zid/zid-open/daten/datennetz/vpn/Linux/SHA-2_Root_USERTrust_RSA_Certification_Authority.crt

    sudo mv SHA-2_Root_USERTrust_RSA_Certification_Authority.crt /etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem

    sudo
    ln -s /etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem /etc/ssl/certs/fc5a8f99.0
  2. Repeat the connection establishment.

Diconnecting from VPN

To disconnect, type in the following command:
f5fpc -o

Screenshot VPN Linux Befehl Verbindung trennen