Connecting to SBU Computer Science Palo Alto Network GlobalProtect Gateway from CentOS

The following documentation is based on Centos 7.4

Install the vpnc package on your system from the Centos epel repository. The EPEL repository is an additional package repository that provides easy access to install packages for commonly used software.

Install epel-release. Ensure you have root privileges:
# yum install epel-release
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: centos.mirror.constant.com
* extras: mirrors.centos.webair.com
* updates: repos-va.psychz.net
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-9 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================

 Package                               Arch                            Version                         Repository                       Size

=====================================================================================

Installing:
 epel-release                          noarch                          7-9                             extras                           14 k

Transaction Summary
=====================================================================================
Install 1 Package

Total download size: 14 k
Installed size: 24 k
Is this ok [y/d/N]: y
Downloading packages:
epel-release-7-9.noarch.rpm
14 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : epel-release-7-9.noarch
1/1
Verifying : epel-release-7-9.noarch
1/1

Installed:
 epel-release.noarch 0:7-9

Complete!

 

Install vpnc. Ensure you have root privileges:
# yum install vpnc
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: centos.mirror.constant.com
* epel: mirror.es.its.nyu.edu
* extras: mirrors.centos.webair.com
* updates: repos-va.psychz.net
Resolving Dependencies
--> Running transaction check
---> Package vpnc.x86_64 0:0.5.3-22.svn457.el7 will be installed
--> Processing Dependency: vpnc-script for package: vpnc-0.5.3-22.svn457.el7.x86_64
--> Running transaction check
---> Package vpnc-script.noarch 0:0.5.3-22.svn457.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================

 Package                           Arch                         Version                                     Repository                  Size

=====================================================================================

Installing:
 vpnc                              x86_64                       0.5.3-22.svn457.el7                         epel                        85 k
Installing for dependencies:
 vpnc-script                       noarch                       0.5.3-22.svn457.el7                         epel                        14 k

Transaction Summary
=====================================================================================
Install  1 Package (+1 Dependent package)

Total download size: 99 k
Installed size: 210 k
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/epel/packages/vpnc-0.5.3-22.svn457.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for vpnc-0.5.3-22.svn457.el7.x86_64.rpm is not installed
(1/2): vpnc-0.5.3-22.svn457.el7.x86_64.rpm                                                                           
|  85 kB  00:00:00    
(2/2): vpnc-script-0.5.3-22.svn457.el7.noarch.rpm                                                                    
|  14 kB  00:00:00     
-----------------------------------------------------------------------------------------------------------

Total 330 kB/s                                                | 99 kB 00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
 Userid     : "Fedora EPEL (7) <epelatfedoraproject.org>"
 Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
 Package : epel-release-7-9.noarch (@extras)
 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : vpnc-script-0.5.3-22.svn457.el7.noarch
1/2
  Installing : vpnc-0.5.3-22.svn457.el7.x86_64
2/2
  Verifying : vpnc-script-0.5.3-22.svn457.el7.noarch
1/2
  Verifying : vpnc-0.5.3-22.svn457.el7.x86_64
2/2

Installed:
 vpnc.x86_64 0:0.5.3-22.svn457.el7

Dependency Installed:
  vpnc-script.noarch 0:0.5.3-22.svn457.el7

Complete!

 

  • Connect to CS vpn. You will be prompted for 2 sets of credentials.
    IPsec ID: cs_mobile
    IPSec secret: mobile

vpn.cs.stonybrook.edu: Use your Computer Science Active Directory user ID and password

Execute vpnc. Ensure you have root privileges:
vpnc
Enter IPSec gateway address:vpn.cs.stonybrook.edu
Enter IPSec ID for vpn.cs.stonybrook.edu: cs_mobile
Enter IPSec secret for cs_mobileatvpn.cs.stonybrook.edu:
Enter username for vpn.cs.stonybrook.edu: cs\{your CS Active Directory user ID}
Enter password for cs\xxx@vpn.cs.stonybrook.edu:
VPNC started in background (pid: 26186)...

 

  • To verify your VPN connection, execute the ifconfig command. The tun0 interface information shows your CS VPN IP address provided by the Palo Alto Global Protect Gateway.

# ifconfig

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1342
        inet 130.245.76.7  netmask 255.255.255.255  destination 130.245.76.7
        inet6 fe80::8b82:19c3:53dd:3f14  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 83  bytes 83807 (81.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 88  bytes 9757 (9.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 

  • Disconnecting VPN connection:

sudo vpnc-disconnect