Linux Packages for JHConnect

Overview

This is the site for the official "unofficial" Linux packages for the Johns Hopkins VPN service. It is well known that the Hopkins JHConnect portal does not support Linux (if you're not sure just try it). A basic Bash script has been assembled which will allow for a VPN connection to the JHU network using the JHConnect (Juniper Networks) upstream binaries. As in the case of the JHConnect portal, you need a valid JHED ID and Password in order to connect.

NOTE: This site and packages are not associated with the Hopkins IT group. Please forward all question or comments to the contacts below.

Packages

Linux packages have been created for Debian based and Red Hat based systems. For those who use a different distribution than these or prefer not to use the package management a bundled tarball is also provided.

Packages:

• Version 2.1
• Version 2.0.1
• Version 2.0
• Version 1.0

• All versions

Usage

Once the package (assuming Version 2.0 or greater) is installed (for those using the tarball be sure to update your PATH appropriately), the VPN service may be started by issuing from the command line:

jhu_nc.sh start

where you will then be prompted for your JHED ID and Password. To safely stop the service run:

jhu_nc.sh stop

in a separate terminal.

An easy way to see that the service launched successfully is to execute /sbin/ifconfig from the command line. For a successful VPN connection, the tunneling network device (i.e. tun0, tun1, etc.) will be listed in the first column with the connection information listed in the second. If the tunneling device is not listed, then the connection was not successful. In this case refer to the README (default location /opt/jhconnect/doc/README) and/or the Known Issues section below.

Included in versions 2.1 or greater, is the jhu_nc_update_cert.sh script which is used to update the certificate file. This can be used at any time to update the certificate file to the latest one used by the VPN server. To update the certificate simply run:

jhu_nc_update_cert.sh

as root.

Known Issues

1. If your JHED password is about to expire within a 10-day period, you will need to update your JHED password in order for the jhu_nc.sh script to work. Otherwise when launching jhu_nc.sh, you will be redirected to a password expiration page and the program will fail silently.


2. If there is an IP address change for sslconnect.johnshopkins.edu and an old IP address for sslconnect.johnshopkins.edu is listed in /etc/hosts then the VPN connection will fail. When jhu_nc.sh is executed, /etc/hosts file is updated to include the IP address/hostname alias for sslconnect.johnshopkins.edu. If this value is not current then the connection cannot be made. Also this issue will only occur if /etc/hosts is not properly cleaned up by ncsvc upon stoping the VPN service.


3. Periodically it may be required to update the certificate file in order for the jhu_nc.sh script to work. If the certificate has been updated by the VPN server, the jhu_nc.sh will fail silently when used with an out-of-date certificate. If this happens try running jhu_nc_update_cert.sh to get the latest certificate.

Contacts