Mobility VPN connection in Linux - RamonPradoMoreno/learned-at-work GitHub Wiki

This page explains how to connect to Indra's VPN service from a computer running FEDORA 31. It should work in any linux environment.

Requirements

Openconnect will be the tool used for connecting. To install it execute:

sudo dnf install openconnect

Connection

You will only need to connect with the mobility website through the terminal:

Try to connect:

# Juniper is the vpn provider that we use
sudo openconnect --juniper https://mobility.indracompany.com/ -u rpradom

It will fail and tell you that the signer is not trusted.

Copy the --servercert:

To trust this server in future, perhaps add this to your command line:
    --servercert pin-sha256:vMcWD41E8cVkYAJATWMmf06uTsUSOuGh+eNZ17aU1W8=

To trust it in the future type yes and press enter.

Now run the previous command with the new --servercert:

sudo openconnect --juniper https://mobility.indracompany.com/ -u rpradom --servercert pin-sha256:vMcWD41E8cVkYAJATWMmf06uTsUSOuGh+eNZ17aU1W8=

Type your sudo password if requested.
Type yout vpn password.

Disconnection

Press Ctrl + C

Troubleshooting

You may have another interface that is routing the VPN traffic without you knowing it or you may have DNS problems. First we need to get the ip. In order to do so try:

ping madppvppzha.indra.es

If DNS is working you will see the ip next to the domain name:

64 bytes from madppvppzha.indra.es (172.22.215.210): icmp_seq=1 ttl=119 time=12.1 ms

If it is not working try to connect using the ip instead of the domain name. If it works then you had a DNS problem.

If DNS is working but you still cant connect it is probably due to another interface that is routing the VPN traffic without you knowing it. Try:

route -n

In your route table you can check if the packets might be redirected to an unexpected interface. If this is your case try disabling the interface. If this works, let's hope that interface can stay disabled.

sudo ifconfig br-62e49b2eeb0a down