Network/VPN/macOS: Difference between revisions

From UMIACS
Jump to navigation Jump to search
(Created page with "'''Please note that this tutorial assumes you already have a network connection established.''' '''Authentication is handled via the Windows domain. If you have an account in...")
 
No edit summary
 
(68 intermediate revisions by 16 users not shown)
Line 1: Line 1:
'''Please note that this tutorial assumes you already have a network connection established.'''
The UMIACS VPN is accessible through the Ivanti Connect Secure Client.  Alternatively, you can establish a connection through a [https://vpn.umiacs.umd.edu/ web browser], but this may fail if you have an outdated version of Ivanti Connect Secure already installed.
'''Authentication is handled via the Windows domain. If you have an account in the PC Active Directory you already have access.'''


The UMIACS VPN is accessible through the Junos Pulse Client.  Alternatively, you can establish a connection through a web browser.
==Prerequisites==
* macOS 13.x or higher as of the current version of the Ivanti Connect Secure Client
* A [[Accounts#UMIACS_Account | full UMIACS account]]
* Device enrolled with [[Duo | UMIACS Duo]] for multi-factor authentication
* An established network connection (wired or wireless)


== Connecting through the Junos Pulse client ==
== Connecting through the Ivanti Connect Secure client ==
#'''Download the client:'''
#'''Download the client:'''
#:[[Media:JunosPulse.dmg|OSX]]<br style="clear:both"/>
#:[https://obj.umiacs.umd.edu/ivanti-connectsecure/macOS/PulseSecure-mac-22.7.3-installer.dmg macOS Ivanti Connect Secure Client]
#:''Upon starting the client for the first time it will ask to upgrade the client.  This will pull an up to date version of the client with the most recent configuration.''
#:''Upon starting the client for the first time it may ask to upgrade the client.  This will pull an up-to-date version of the client with the most recent configuration.''
#'''Open the client and click 'Add' (+) under the connection section'''
#'''Open the client and click 'Add' (+) under the connection section.'''
#:[[Image:JunosOSX.png|thumb|center|280px|[OSX] Click the 'Add' (+) button to create a new connection]]
#:[[Image:Ivanti client1.png|thumb|left|510px|[macOS] Click the 'Add' (+) button to create a new connection]]<br style="clear:both"/>
#'''In the 'Name' field, enter a descriptive name for this vpn Connection'''
#'''In the 'Name' field, enter a descriptive name for this vpn Connection.'''
#'''In the 'Server URL' enter 'vpn.umiacs.umd.edu''''  
#'''In the 'Server URL' enter 'vpn.umiacs.umd.edu''''  
#:[[Image:JunosOSXSettings.png|thumb|center|280px|[OSX] Enter the name of the vpn server]]
#:[[Image:Ivanticonnection.png|thumb|left|510px|[macOS] Enter the name of the vpn server]]<br style="clear:both"/>
#'''Enter your windows side credentials and hit connect'''  
#'''Enter your UMIACS credentials and hit connect.'''  
#:[[Image:JunosOSXLogin.png|thumb|center|280px|[OSX] Enter UMIACS Windows Credentials]]
#:[[Image:Ivanticlientmac5.png|thumb|left|510px|[macOS] Enter UMIACS Credentials]]<br style="clear:both"/>
#'''Complete the [[Network/VPN/MFA | MFA]] Verification Step. For example, if you wish to push a notification to your device, type the word "push" into the secondary password box.
#:[[Image:SecondaryloginmacOS.png|thumb|left|510px|[macOS] Enter a secondary password.]]<br style="clear:both"/>
::The Ivanti VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the [[Network/VPN/MFA | MFA]] requirement.  As a result, you will be prompted for credentials twice.


::{|class="wikitable"
!Second Credential Password Value:
! Result
|-
| push
| Send a push verification to your Duo connected device
|-
| phone
| Send a call verification to your Duo connected device.
|-
| <press YubiKey>
| If you have a physical token then you would press the YubiKey for the one time password.
|}


<br style="clear:both"/>
::Please note that registering a YubiKey for use with the VPN requires interaction with UMIACS Tech Staff. Please [[HelpDesk | contact us]] if you would like to register a YubiKey for this purpose.
== Connecting through a web browser ==  
{{Note|<b>Pro-tip:</b> Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically use your preferred method.}}
'''Connecting to the VPN via the web browser requires that Java be enable on your machine. For additional information on Java, as well as download links and install instructions please see: http://www.java.com
 
#'''Open up a browser and go to 'vpn.umiacs.umd.edu' '''
You should now be connected to the UMIACS VPN. You can close the window and the VPN will remain connected.
#:Log in using your windows side credentials
 
#'''Click 'Start' in the Network Connect section towards the bottom right hand side of the page.'''
If you encounter an error, please refer to the "Setup Security Requirement" section bellow.
#:This will launch a Java applet that will open up a new window showing the status of your VPN connection
 
#:Keep an eye out for a notification at the top of your browser requesting permission to run Java [[Image:VPNBrowser.png|thumb|center|500px|Click 'Start' to open the Network Connect applet]]
==Checking VPN Status==
#'''To disconnect from the VPN click 'Sign Out' in the browser.'''
# In the top right hand corner, on your status bar, you should see an S icon in a black circle. If there's a green arrow, that means you are connected! If there is nothing, that means you are not.
#: [[Image:CheckingVPNstatus1.png|thumb|left|610px|[macOS] The top image is connected, the bottom image is not.]]<br style="clear:both"/>
# You can click this icon, as well, and it will show you the status of your connection.
#:[[Image:CheckingVPN2.png|thumb|left|610px|[macOS] The Pulse drop down menu.]]<br style="clear:both"/>
# If the icon is not in the status bar, you can find Pulse Secure in your Applications folder. There you will see a list of connections.
 
 
==Setup Security Requirement (Follow these steps if you encounter an error while connecting through the Ivanti Secure client) ==
 
# Click the Apple logo at the top left of your desktop
# Click '''System Settings'''
# Click '''Privacy & Security'''
# Scroll to the '''Security''' section and select '''App Store and identified developers'''
#* You will have to enter your credentials
# Click '''Next''' to the message "System Software From Developers "Pulse Secure LLC" was blocked from loading" if prompted.
# Click '''Allow''' to enable the extension.
# Close the '''System Settings''' window.

Latest revision as of 15:27, 12 September 2024

The UMIACS VPN is accessible through the Ivanti Connect Secure Client. Alternatively, you can establish a connection through a web browser, but this may fail if you have an outdated version of Ivanti Connect Secure already installed.

Prerequisites

  • macOS 13.x or higher as of the current version of the Ivanti Connect Secure Client
  • A full UMIACS account
  • Device enrolled with UMIACS Duo for multi-factor authentication
  • An established network connection (wired or wireless)

Connecting through the Ivanti Connect Secure client

  1. Download the client:
    macOS Ivanti Connect Secure Client
    Upon starting the client for the first time it may ask to upgrade the client. This will pull an up-to-date version of the client with the most recent configuration.
  2. Open the client and click 'Add' (+) under the connection section.
    [macOS] Click the 'Add' (+) button to create a new connection

  3. In the 'Name' field, enter a descriptive name for this vpn Connection.
  4. In the 'Server URL' enter 'vpn.umiacs.umd.edu'
    [macOS] Enter the name of the vpn server

  5. Enter your UMIACS credentials and hit connect.
    [macOS] Enter UMIACS Credentials

  6. Complete the MFA Verification Step. For example, if you wish to push a notification to your device, type the word "push" into the secondary password box.
    [macOS] Enter a secondary password.

The Ivanti VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement. As a result, you will be prompted for credentials twice.
Second Credential Password Value: Result
push Send a push verification to your Duo connected device
phone Send a call verification to your Duo connected device.
<press YubiKey> If you have a physical token then you would press the YubiKey for the one time password.
Please note that registering a YubiKey for use with the VPN requires interaction with UMIACS Tech Staff. Please contact us if you would like to register a YubiKey for this purpose.
Exclamation-point.png Pro-tip: Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically use your preferred method.

You should now be connected to the UMIACS VPN. You can close the window and the VPN will remain connected.

If you encounter an error, please refer to the "Setup Security Requirement" section bellow.

Checking VPN Status

  1. In the top right hand corner, on your status bar, you should see an S icon in a black circle. If there's a green arrow, that means you are connected! If there is nothing, that means you are not.
    [macOS] The top image is connected, the bottom image is not.

  2. You can click this icon, as well, and it will show you the status of your connection.
    [macOS] The Pulse drop down menu.

  3. If the icon is not in the status bar, you can find Pulse Secure in your Applications folder. There you will see a list of connections.


Setup Security Requirement (Follow these steps if you encounter an error while connecting through the Ivanti Secure client)

  1. Click the Apple logo at the top left of your desktop
  2. Click System Settings
  3. Click Privacy & Security
  4. Scroll to the Security section and select App Store and identified developers
    • You will have to enter your credentials
  5. Click Next to the message "System Software From Developers "Pulse Secure LLC" was blocked from loading" if prompted.
  6. Click Allow to enable the extension.
  7. Close the System Settings window.