Návody FIT
Jdi na navigaci

Linux

It is possible to connect to the faculty VPN using one of the following methods.

If you have problems connecting to the faculty VPN, please use the Common problems section.

A. Using NetworkManager

  1. Install OpenVPN and its integration for NetworkManager using your system’s package manager.
    Arch Linux
    pacman -S openvpn networkmanager-openvpn
    Debian / Ubuntu
    apt install openvpn network-manager-openvpn-gnome
    Fedora
    dnf install openvpn NetworkManager-openvpn-gnome
  2. Download configuration file for FIT VPN fit-vpn.ovpn.

  3. Run the following sequence of commands to import and adjust the VPN profile:

    nmcli connection import type openvpn file fit-vpn.ovpn  1
nmcli connection modify fit-vpn connection.permissions user:$USER  2
nmcli connection modify fit-vpn +ipv4.never-default true +ipv6.never-default true  3
nmcli connection modify fit-vpn +vpn.data username=<CVUT-USERNAME>  4
    1. Import OpenVPN profile from file fit-vpn.ovpn (you may need to use sudo).
    2. Allow only yourself to use this VPN connection (you may need to use sudo).
    3. Never use this VPN as your default gateway, i.e. avoid forwarding all the traffic to the VPN.
    4. Authenticate using your CTU username.

  4. Connect to FIT VPN using the following command or via GUI. You should be prompted for a password – enter your FIT Password [1].

    nmcli connection up fit-vpn

NetworkManager should store it in your system keyring and never ask it again

B. Manually using OpenVPN client

Upozornění:

This is not a recommended method. It is better to use some OpenVPN helper provided by your system (e.g. NetworkManager, ConnMan, init script, service…).

  1. Install OpenVPN using your system’s package manager.
    Arch Linux
    pacman -S openvpn
    Debian / Ubuntu
    apt install openvpn
    Fedora
    dnf install openvpn
  2. Download configuration file for FIT VPN fit-vpn.ovpn.

  3. Run openvpn with path to the configuration file fit-vpn.ovpn. You will be prompted for a username and password – enter your CTU username and FIT Password [1].

    sudo openvpn --config fit-vpn.ovpn

C. Using ConnMan

  1. Install OpenVPN, and possible OpenVPN plugin for ConnMan, using your system’s package manager.
    Arch Linux
    sudo pacman -S openvpn
    Debian / Ubuntu
    sudo apt install openvpn connman-vpn

  2. Create user and group openvpn, if they don’t exist yet.

    sudo useradd --home-dir /var/empty --no-create-home --system --shell /sbin/nologin --user-group openvpn

  3. Configure ConnMan VPN to run OpenVPN client as user openvpn – create configuration file /etc/connman/vpn-plugin/openvpn.conf with:

    [DACPrivileges]
User=openvpn
Group=openvpn
  4. Download configuration file for FIT VPN fit-vpn.ovpn and move it e.g. into directory /etc/openvpn.

  5. In the aforesaid file /etc/openvpn/fit-vpn.ovpn, set directive auth-user-pass to /etc/openvpn/fit-vpn.pass:

    sudo sed -i 's|^auth-user-pass|& /etc/openvpn/fit-vpn.pass|' /etc/openvpn/fit-vpn.ovpn

  6. Create file /etc/openvpn/fit-vpn.pass readable just for the user root and group openvpn. Write your CTU username on the first line (substitute <CVUT-USERNAME>) and FIT Password [1] on the second line (substitute <PASSWORD>):

    printf '%s\n%s\n' '<CVUT-USERNAME>' '<PASSWORD>' | sudo install -D -m 640 -o root -g openvpn /dev/stdin /etc/openvpn/fit-vpn.pass

  7. Create provisioning file /var/lib/connman-vpn/fit-vpn.config for ConnMan VPN:

    [provider_openvpn]
Type=OpenVPN
Name=FIT VPN
Host=vpn.fit.cvut.cz
OpenVPN.DeviceType=tun
OpenVPN.ConfigFile=/etc/openvpn/fit-vpn.ovpn

  8. Connect to FIT VPN using the following command or via GUI.

    connmanctl connect vpn_vpn_fit_cvut_cz

If an error message appears that the “Connect” method doesn’t exist on the “net.connman.Service” interface, it means that ConnMan hasn’t detected a new VPN configuration for whatever reason. In that case, or even on another error, try restarting connmand. Then check that the command connmanctl vpnconnections displays “FIT VPN” and check the logs.

To exclude an error on the ConnMan side, try to connect directly using the OpenVPN client: sudo openvpn --config /etc/openvpn/fit-vpn.ovpn.

Common problems

Logging in

If you are unable to log in to the faculty VPN, make sure that you are logging in with your CTU username and FIT password.

DNS address translation

If access to servers in the *.in.fit.cvut.cz domain will not work for you (DNS address translation does not work), use the following procedure:

  1. Install the OpenVPN client according to procedure B.
  2. Install the following package:
    Debian / Ubuntu
    sudo apt install openvpn-systemd-resolved

  3. Download the fit-vpn.ovpn configuration file and add the following lines to it:

    script-security 2
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
up /etc/openvpn/update-systemd-resolved
up-restart
down /etc/openvpn/update-systemd-resolved
down-pre

  4. Use sudo to run OpenVPN with the path to the configuration file. When prompted, log in with your CTU username and FIT password.

    sudo openvpn --config fit-vpn.ovpn
  1. FIT Password is not CTU Password! You can change your FIT Password in ICT profile. More about FIT Password via https://help.fit.cvut.cz/accounts/index.html#fit-password