Skip to content

Instantly share code, notes, and snippets.

@marshki

marshki/NYU_VPN_Linux.md

Last active March 27, 2025 20:11
Show Gist options
  • Save marshki/834d8b6f19c69b189df1e6b5b2aba428 to your computer and use it in GitHub Desktop.
Save marshki/834d8b6f19c69b189df1e6b5b2aba428 to your computer and use it in GitHub Desktop.
Download ZIP
Connect to NYU-NET via OpenConnect VPN client from a command-line interface (CLI), in GNU/Linux, and macOS.
Raw
NYU_VPN_Linux.md

Connect to NYU-NET via VPN in GNU/Linux--Debian, Fedora, Ubuntu--(and macOS) 🔐

Scope: Use OpenConnect VPN client to connect to NYU-NET, the university's wide-area network (WAN).

Preflight check ✔️✈️

You'll need one or more of the following packages:

  • openconnect
  • network-manager-openconnect
  • network-manager-openconnect-gnome

You may install them via your operating system's (OS) package manager:

Debian, Ubuntu:

apt-get install openconnect network-manager-openconnect network-manager-openconnect-gnome

Fedora:

dnf install openconnect

macOS:

brew install openconnect

How to connect to NYU-NET via OpenConnect from a Terminal

You can access NYU-NET using a full- or split-tunnel connection:

NYU VPN: All Traffic

NYU VPN: NYU-NET Traffic Only

and you'll need to indicate the type of connection you want to establish using the: --authgroup option.

Step 1 (on local client):

Initiate a connection:

sudo openconnect --background --user NetID --authgroup "NYU VPN: All Traffic" vpn.nyu.edu

Step 2 (on local client):

When prompted, provide your credentials:

password:(your local password)

Step 3 (on local client):

VPN authentication requires a: valid NetID and password, as well as access to a multi-factor authentication (MFA) device. The second password prompt requires you to enter one of the following:

push - push notification via Duo App

phone1 - phone call to your primary registered phone number

sms - text message to your primary registered phone number

For example:

Username:(your NetID)

Password:(your NetID password)

Password:(push)

Step 4 (on MFA device, e.g. smartphone):

Accept the push.

Step 5 (on local client):

When you want to disconnect, bring the background process to the foreground:

sudo killall -SIGINT openconnect

then end it with:

SIGINT (Ctrl + C)

or:

SIGTERM(Ctrl + Z)

:neckbeard:❤️

@kazimiersmith
Copy link

For those running Arch: the following command seems to be working for me.

alias nyuvpn="sudo echo "Sudo first" && openconnect --user=USERNAME vpn.nyu.edu --useragent=AnyConnect --cookieonly | sudo openconnect vpn.nyu.edu --useragent=AnyConnect --cookie-on-stdin"

(then run nyuvpn)

See this thread: https://bbs.archlinux.org/viewtopic.php?id=292344. The difference is that you must specify the --user flag for the NYU VPN, otherwise it doesn't work (gives some error about a possible attack).

It's giving "DTLS handshake failed" errors but this doesn't seem to affect my ability to use the VPN.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment