Network/VPN/macOS: Difference between revisions

From UMIACS
Jump to navigation Jump to search
No edit summary
(39 intermediate revisions by 10 users not shown)
Line 1: Line 1:
'''Please note that this tutorial assumes you already have a network connection established.'''
'''Please note that this tutorial assumes you already have a network connection established.'''
'''Authentication is handled via the Windows domain.  If you have an account in the PC Active Directory you already have access.'''
'''If you have a UMIACS account, you already have access.'''


The UMIACS VPN is accessible through the Junos Pulse Client.  Alternatively, you can establish a connection through a web browser.
The UMIACS VPN is accessible through the Pulse Secure Client.  Alternatively, you can establish a connection through a web browser.


== Connecting through the Junos Pulse client ==
'''As of May 10th 2019, MFA Authentication is mandatory.'''
==Prerequisites==
* Device enrolled with [[Duo | UMIACS Duo]]
* macOS 10.11 or higher as of the current version of the Pulse Secure Client
 
== Connecting through the Pulse Secure client ==
#'''Download the client:'''
#'''Download the client:'''
#:[[Media:JunosPulse.dmg|OSX Junos Pulse Client]]<br style="clear:both"/>
#:[[Media:PulseSecure9.1R9.dmg|macOS Pulse Secure Client]]<br style="clear:both"/>
#:''Upon starting the client for the first time it will ask to upgrade the client.  This will pull an up to date version of the client with the most recent configuration.''
#:''Upon starting the client for the first time it may ask to upgrade the client.  This will pull an up-to-date version of the client with the most recent configuration.''
#'''Open the client and click 'Add' (+) under the connection section.'''
#'''Open the client and click 'Add' (+) under the connection section.'''
#:[[Image:JunosOSX.png|thumb|center|280px|[OSX] Click the 'Add' (+) button to create a new connection]]
#:[[Image:JunosOSX.png|thumb|left|510px|[macOS] Click the 'Add' (+) button to create a new connection]]<br style="clear:both"/>
#'''In the 'Name' field, enter a descriptive name for this vpn Connection.'''
#'''In the 'Name' field, enter a descriptive name for this vpn Connection.'''
#'''In the 'Server URL' enter 'vpn.umiacs.umd.edu''''  
#'''In the 'Server URL' enter 'vpn.umiacs.umd.edu''''  
#:[[Image:JunosOSXSettings.png|thumb|center|280px|[OSX] Enter the name of the vpn server]]
#:[[Image:JunosOSXSettings.png|thumb|left|510px|[macOS] Enter the name of the vpn server]]<br style="clear:both"/>
#'''Enter your UMIACS windows side credentials and hit connect.'''  
#'''Enter your UMIACS credentials and hit connect.'''  
#:[[Image:JunosOSXLogin.png|thumb|center|280px|[OSX] Enter UMIACS Windows Credentials]]
#:[[Image:JunosOSXLogin.png|thumb|left|510px|[macOS] Enter UMIACS Credentials]]<br style="clear:both"/>
#'''Complete the [[Network/VPN/MFA | MFA]] Verification Step. For example, if you wish to push a notification to your device, type the word "push" into the secondary password box.
#:[[Image:mac_mfa_step.png|thumb|left|510px|[macOS] Enter a secondary password.]]<br style="clear:both"/>
::The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the [[Network/VPN/MFA | MFA]] requirement.  As a result, you will be prompted for credentials twice.


::{|class="wikitable"
!Second Credential Password Value:
! Result
|-
| push
| Send a push verification to your Duo connected device
|-
| phone
| Send a call verification to your Duo connected device.
|-
| <press YubiKey>
| If you have a physical token then you would press the YubiKey for the one time password.
|}
::Please note that registering a YubiKey for use with the VPN requires interaction with UMIACS Tech Staff. Please [[HelpDesk | contact us]] if you would like to register a YubiKey for this purpose.
{{Note|<b>Pro-tip:</b> Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically use your preferred method.}}


<br style="clear:both"/>
<br style="clear:both"/>
== Connecting through a web browser ==  
 
'''Connecting to the VPN via the web browser requires that Java be enable on your machine. For additional information on Java, as well as download links and install instructions please see: http://www.java.com
You should now be connected to the UMIACS VPN. If you encounter an error, please refer to the "Setup Security Requirement" section bellow.
#'''Open up a browser and go to 'vpn.umiacs.umd.edu' '''
 
#:Log in using your UMIACS windows side credentials
==Checking VPN Status==
#'''Click 'Start' in the Network Connect section towards the bottom right hand side of the page.'''
# In the top right hand corner, on your status bar, you should see an S icon in a black circle. If there's a green arrow, that means you are connected! If there is nothing, that means you are not.
#:This will launch a Java applet that will open up a new window showing the status of your VPN connection.
#: [[Image:Check the Status of your ConnectionOSX1.png|thumb|left|610px|[macOS] The top image is connected, the bottom image is not.]]<br style="clear:both"/>
#:Keep an eye out for a notification at the top of your browser requesting permission to run Java. [[Image:VPNBrowser.png|thumb|center|500px|Click 'Start' to open the Network Connect applet]]
# You can click this icon, as well, and it will show you the status of your connection.
#'''To disconnect from the VPN click 'Sign Out' in the browser.'''
#:[[Image:AreYouConnected2.png|thumb|left|610px|[macOS] The Pulse drop down menu.]]<br style="clear:both"/>
# If the icon is not in the status bar, you can find Pulse Secure in your Applications folder. There you will see a list of connections.
 
 
==Setup Security Requirement (Follow these steps if you encounter an error while connecting through the Pulse Secure client) ==
 
# '''Click the Apple logo at the top left of your desktop'''
#:[[Image:ClickApple.png|thumb|left|510px|[macOS] Click the apple logo to show menu]]<br style="clear:both"/>
# '''Click "System Preferences"'''
#:[[Image:SystemPreferences.png|thumb|left|510px|[macOS] Enter the system preferences]]<br style="clear:both"/>
# '''Click "Security & Privacy"'''
#:[[Image:SecurityPrivacy.png|thumb|left|510px|[macOS] Enter the security and privacy settings]]<br style="clear:both"/>
# '''Click the "lock" icon at the bottom left and Enter your credentials to enable changes.'''
#:[[Image:EnterCredentials.png|thumb|left|510px|[macOS] Enter credentials to allow changes]]<br style="clear:both"/>
# '''In the "General" tab, under "Allow Apps Downloaded From", select "Mac Apps Store and Identified developers"'''
#:[[Image:AppStoreIdentifier.png|thumb|left|510px|[macOS] Select Mac Apps Store and Identified developers]]<br style="clear:both"/>
# '''Click "Next" to the message "System Software From Developers "Pulse Secure LLC" was blocked from loading" if prompted.'''
# '''Click "Allow" to enable the extension.'''
#:[[Image:Allow.png|thumb|left|510px|[macOS] Click Allow]]<br style="clear:both"/>
# '''Close the "Security & Privacy" window.'''

Revision as of 14:15, 17 November 2020

Please note that this tutorial assumes you already have a network connection established. If you have a UMIACS account, you already have access.

The UMIACS VPN is accessible through the Pulse Secure Client. Alternatively, you can establish a connection through a web browser.

As of May 10th 2019, MFA Authentication is mandatory.

Prerequisites

  • Device enrolled with UMIACS Duo
  • macOS 10.11 or higher as of the current version of the Pulse Secure Client

Connecting through the Pulse Secure client

  1. Download the client:
    macOS Pulse Secure Client
    Upon starting the client for the first time it may ask to upgrade the client. This will pull an up-to-date version of the client with the most recent configuration.
  2. Open the client and click 'Add' (+) under the connection section.
    [macOS] Click the 'Add' (+) button to create a new connection

  3. In the 'Name' field, enter a descriptive name for this vpn Connection.
  4. In the 'Server URL' enter 'vpn.umiacs.umd.edu'
    [macOS] Enter the name of the vpn server

  5. Enter your UMIACS credentials and hit connect.
    [macOS] Enter UMIACS Credentials

  6. Complete the MFA Verification Step. For example, if you wish to push a notification to your device, type the word "push" into the secondary password box.
    [macOS] Enter a secondary password.

The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement. As a result, you will be prompted for credentials twice.
Second Credential Password Value: Result
push Send a push verification to your Duo connected device
phone Send a call verification to your Duo connected device.
<press YubiKey> If you have a physical token then you would press the YubiKey for the one time password.
Please note that registering a YubiKey for use with the VPN requires interaction with UMIACS Tech Staff. Please contact us if you would like to register a YubiKey for this purpose.


Exclamation-point.png Pro-tip: Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically use your preferred method.


You should now be connected to the UMIACS VPN. If you encounter an error, please refer to the "Setup Security Requirement" section bellow.

Checking VPN Status

  1. In the top right hand corner, on your status bar, you should see an S icon in a black circle. If there's a green arrow, that means you are connected! If there is nothing, that means you are not.
    [macOS] The top image is connected, the bottom image is not.

  2. You can click this icon, as well, and it will show you the status of your connection.
    [macOS] The Pulse drop down menu.

  3. If the icon is not in the status bar, you can find Pulse Secure in your Applications folder. There you will see a list of connections.


Setup Security Requirement (Follow these steps if you encounter an error while connecting through the Pulse Secure client)

  1. Click the Apple logo at the top left of your desktop
    [macOS] Click the apple logo to show menu

  2. Click "System Preferences"
    [macOS] Enter the system preferences

  3. Click "Security & Privacy"
    [macOS] Enter the security and privacy settings

  4. Click the "lock" icon at the bottom left and Enter your credentials to enable changes.
    [macOS] Enter credentials to allow changes

  5. In the "General" tab, under "Allow Apps Downloaded From", select "Mac Apps Store and Identified developers"
    [macOS] Select Mac Apps Store and Identified developers

  6. Click "Next" to the message "System Software From Developers "Pulse Secure LLC" was blocked from loading" if prompted.
  7. Click "Allow" to enable the extension.
    [macOS] Click Allow

  8. Close the "Security & Privacy" window.