Connect to IU's SSL VPN using Ivanti Secure Access (formerly Pulse Secure) on a 32- or 64-bit Linux workstation

Overview

Note:
The Pulse Secure VPN client was rebranded to Ivanti Secure Access on July 22, 2022. You may be prompted to upgrade to the new client, but either will work for connecting to the IU VPN, and your existing settings should carry over.

For workstations running 32- or 64-bit Red Hat Enterprise Linux (RHEL), CentOS, Ubuntu, or Debian, UITS recommends using Ivanti Secure Access (formerly Pulse Secure) to connect to Indiana University's SSL VPN. IU students, faculty, and staff can download Ivanti Secure Access from IUware.

Important:
  • Use the IU VPN only under one of these conditions:
    • If you are trying to access a service you can't get to another way.
    • If your IT Pro has told you that you need to use it.

    Generally, you won't need to use the VPN if you are a student. For example, you don't need a VPN connection to:

    • Use learning tools, such as Canvas, Zoom, or Kaltura.
    • Read your IU email over the web.
    • Work with your files in Microsoft OneDrive at IU or Google at IU My Drive.
  • If you have difficulty with the VPN: Try using IUanyWare (doesn't require a VPN connection).

    For example, you can use IUanyWare's Remote Desktop Connection app to remote into a device on campus. Additionally, IUanyWare's Chrome browser allows you to access sites as if you were on campus.

    In IUanyWare, search the available apps to find what may be helpful.

  • On the IU network: You cannot connect to the VPN, as it is for off-campus use only.

    If you receive a 1329 error when attempting to connect to the VPN, try connecting using a non-eduroam or non-IU Secure connection.

Notes:
  • To ensure accountability of network communication, the University Information Policy Office prohibits group accounts from connecting to IU's SSL VPN. To make a VPN connection, you must log in using your personal IU username and passphrase.
  • For general VPN usage, you can connect one device at a time. If you connect a second device while you already have a connection running to another device, you'll see a prompt asking whether you want to maintain the existing connection and cancel the new connection request, or break the existing connection and establish a new connection. Groups VPN users can connect two devices concurrently.

Install Ivanti Secure Access

Note:
Ivanti Secure Access (formerly Pulse Secure) does not support USB security keys for authentication using Two-Step Login (Duo). For alternative device options, see Two-Step Login (Duo) device recommendations.

Use the appropriate instructions below to download and install Ivanti Secure Access. If you are logged in as a standard user, you should switch to a privileged user account with the command su username (replace username with your local username); alternatively, change to root with su root, and then leave sudo off the commands in the following instructions.

Ubuntu/Debian

  1. Depending on your operating system, download the 32- or 64-bit .deb package from IUware.
  2. When prompted to open the package, make sure Open with and Software Install (default) are selected.
  3. A new window should appear that provides a review of the Ivanti Secure Access package; select Install, and authenticate using your administrator credentials.
  4. When the application is installed, install the following dependencies using these commands:
    sudo apt-get install libwebkitgtk-1.0-0
    
    sudo apt-get install libproxy1-plugin-webkit
    
    sudo apt-get install libgnome-keyring0

CentOS/RHEL

  1. Depending on your operating system, download the 32- or 64-bit .rpm package from IUware.
  2. In a Terminal window, navigate to the directory containing the .rpm file. For example, if the file is in your Downloads folder, enter:
    cd Downloads
  3. To install the package, enter (replace nameofpackage.rpm with the name of the downloaded package):
    sudo rpm -i nameofpackage.rpm
  4. If you get a "missing dependency" error, enter:
    sudo /usr/local/pulse/PulseClient.sh install_dependency_packages

    If you still receive "missing dependency" errors, run the commands indicated in those errors to install the remaining dependencies.

Notes:
  • If you receive an error similar to "mv: cannot stat '/usr/local/pulse/pulse.1.gz': No such file or directory", you can safely ignore it.
  • If you receive any dependency-related errors, run the following command:
    sudo /usr/local/pulse/PulseClient_x86_64.sh install_dependency_packages

Configure the connection

  1. Open Ivanti Secure Access. (Its location will vary depending on your operating system.)
  2. To add a new connection, select +.
  3. In the "Enter Configuration" box:
  4. Select Add.

Connect and disconnect

To connect to the VPN:

  1. Open Ivanti Secure Access. (Its location will vary depending on your operating system.)
  2. Next to the SSL VPN connection you created, select Connect.
  3. In the window that appears:

When you're prompted for a secondary password, you need to enter your Two-Step Login (Duo) option. For example, you would enter push to push a login request to your mobile device.

In the "Secondary Password" field, enter one of the following and complete any prompts to connect:

  • A passcode (for example, 123456): Generated by Duo Mobile, an SMS text, or a single-button hardware token
  • push: Sends a push login request to the Duo Mobile app on your primary smartphone or tablet
  • phone: Calls your primary phone number (whether mobile phone or landline)
  • sms: Sends a new SMS passcode to your primary device; once you receive the passcode via SMS, enter it into the "Secondary Password" field.
    Important:
    • The sms and phone options are not available unless you have the exemption form completed and approved.
    • Entering sms will cause the initial login to fail with a "Credentials were invalid. Please try again." error message. However, you also will receive a text message with a passcode to enter in the "Secondary Password" field.
    Note:
    If you have more than one device of a certain type registered (such as a second smartphone or tablet), you can add a number to the end of your secondary password to direct login requests to a particular device (for example, push2 will send a login request to your second phone; phone3 will call your third phone).

To disconnect from the VPN:

  1. Open the Ivanti Secure Access window (if it isn't already open).
  2. Next to the connection, select Disconnect.

Qualified and compatible platforms

To ensure that you can connect to the IU VPN, verify that you are running the latest version of Ivanti Secure Access (formerly Pulse Secure) available on IUware. For operating system requirements and recommendations, see Ivanti's product documentation.

This is document arue in the Knowledge Base.
Last modified on 2023-08-17 16:25:16.