# cloudmesh-vpn
This library is a wrapper around [openconnect](https://gitlab.com/openconnect/openconnect)
that provides added functionality. Additional features include secure password saving
that uses the native-OS keyring, as well as vpn-slicing, which only sends traffic
destined for school servers through the VPN and keeps other traffic out of the tunnel.
Perhaps most conveniently, this library provides an easy way to install openconnect via
a package manager (chocolatey for Windows, homebrew for macOS) without requiring any other
dependencies besides Python. The package manager is installed for you on-the-fly which installs
openconnect.
| School | Tested | VPN-Slicing |
| ------- | ------ | ----------- |
| UVA <img src="https://upload.wikimedia.org/wikipedia/commons/thumb/d/dd/University_of_Virginia_Rotunda_logo.svg/2007px-University_of_Virginia_Rotunda_logo.svg.png" alt="uva" height="15"/> | ✅ | ✅ |
| FIU <img src="https://digicdn.fiu.edu/core/_assets/images/logo-top.svg" alt="fiu" width="25"/> | ✅ | ✅ |
| UFL <img src="https://www.ufl.edu/wp-content/uploads/sites/5/2022/12/UF-logo-500x500-1.png" alt="uf" height="15"/> | ✅ | ✅ |
| FAMU | ❌ | ❌ |
| NYU | ✅ | ❌ |
| UCI | ❌ | ❌ |
| GMU | ❌ | ❌ |
| OleMiss | ❌ | ❌ |
| SC | ❌ | ❌ |
## Install
### Windows
Open any terminal (git bash, cmd, powershell) as administrator.
[Download Python from the Python website.](https://www.python.org/downloads/) Your Python version can be checked
with the command `python -V`. Try doing the following.
```bash
python -V
# hopefully that works, if not, use python3 instead of python from now on.
# in git bash run as administrator:
python -m venv ~/ENV3
# or, in cmd run as administrator:
python -m venv "%USERPROFILE%\ENV3"
#
# if you are in git bash then:
source ~/ENV3/Scripts/activate
# if you are in cmd then:
"%USERPROFILE%\ENV3\Scripts\activate.bat"
```
```bash
# now you see (ENV3)
pip install cloudmesh-vpn
```
## Usage
To connect to the UVA Anywhere VPN, run
```bash
# YOU MUST BE IN YOUR VIRTUAL ENVIRONMENT.
# see the previous commands on how to activate it first.
cms vpn connect
```
For other organizations, the `--service` flag can be used:
```bash
cms vpn connect --service=ufl
# possible services are uva fiu ufl
```
Note- currently the output will be piped to the terminal
and will end in response to `Ctrl + C`
consider executing the following:
`nohup cms vpn connect --service=ufl >/dev/null 2>&1`
To disconnect from current VPN, run
```bash
cms vpn disconnect
```
To see info regarding your connection, run
```bash
cms vpn info
```
## Troubleshooting
Sometimes DNS lookup is broken entirely
To fix:
```powershell
Get-DnsClientNrptRule | Remove-DnsClientNrptRule -Force
netsh interface ipv4 delete winsservers name="Ethernet" all
netsh interface ipv4 delete winsservers name="Wi-Fi" all
rasdial /disconnect
net start dnscache
net stop dnscache
ping google.com
```
## Linux and macOS
### Requirements
We use the command `openconnect`. To check if it is available please use
```bash
$ which openconnect
```
If it is not available, on macOS do:
```bash
brew install openconnect
```
you can install it on Ubuntu with
```bash
$ sudo apt install openssl
$ sudo apt install openconnect
$ sudo apt install network-manager-openconnect
```
and in case you use gnome also:
```bash
$ sudo apt install network-manager-gnome
$ sudo apt install network-manager-openconnect-gnome
```
### Getting certificates
We have tested this tool only with University of Virginia, but it should be simple to adapt. Just follow the
instructions to obtain the certificates from your provider.
At UVA you find the certificate and other documentation at
* <https://www.rc.virginia.edu/userinfo/linux/uva-anywhere-vpn-linux/>
we place all certificates into ~/.ssh/uva
```
mkdir -p ~/.ssh/uva
# You will receive a file ending in .p12. In this example we will assume it is named mst3k.p12.
cd ~/.ssh/uva
# wget https://download.its.virginia.edu/local-auth/universal/usher.cer
wget --no-check-certificate https://download.its.virginia.edu/local-auth/universal/usher.cer
```
To get a certificate for your device, go to
* <https://cloud.securew2.com/public/82116/limited/?device=Unknown>
Fill it out and get the key. You will receive a
file ending in .p12. In this example we will assume it
is named mst3k.p12 and place it into ~/.ssh/uva/user.p12
It is important for us to rename this key to user.p12
so we have a simpler way of identifying it and writing this documentation.
Now convert the keys and certificates with the following commands
```bash
cd ~/.ssh/uva
openssl pkcs12 -in user.p12 -nocerts -nodes -out user.key
openssl pkcs12 -in user.p12 -clcerts -nokeys -out user.crt
openssl x509 -inform DER -in usher.cer -out usher.crt
```
Now your UVA directory should have the following files in it.
```
ls ~/.ssh/uva/
user.crt user.key user.p12 usher.cer usher.crt
```
### Install and using the command
You can now use the cloudmesh cms vpn command.
```bash
$ pip install cloudmesh-vpn
$ cms help
```
To connect use
```bash
$ cms vpn connect
```
To disconnect
```bash
$ cms vpn disconnect
```
## Acknowledgments
This work was in part funded by the NSF
CyberTraining: CIC: CyberTraining for Students and Technologies
from Generation Z with the award numbers 1829704 and 2200409.
## Manual Page
<!-- START-MANUAL -->
```
Command vpn
===========
::
Usage:
vpn connect [--service=SERVICE] [--timeout=TIMEOUT] [-v] [--choco]
vpn disconnect [-v]
vpn status [-v]
vpn info
This command manages the vpn connection
Options:
-v debug [default: False]
--choco installs chocolatey [default: False]
Description:
vpn info
prints out information about your current location as
obtained via the vpn connection.
vpn status
prints out "True" if the vpn is connected
and "False" if it is not.
vpn disconnect
disconnects from the VPN.
vpn connect [--service=SERVICE]
connects to the UVA Anywhere VPN.
If the VPN is already connected a warning is shown.
You can connect to other VPNs while specifying their names
as given to you by the VPN provider with e service option.
```
<!-- STOP-MANUAL -->
Raw data
{
"_id": null,
"home_page": null,
"name": "cloudmesh-vpn",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "Gregor von Laszewski <laszewski@gmail.com>, \"J.P. Fleischer\" <jacquespfleischer@gmail.com>",
"keywords": "helper library, cloudmesh",
"author": null,
"author_email": "Gregor von Laszewski <laszewski@gmail.com>, \"J.P. Fleischer\" <jacquespfleischer@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/98/76/a94ec92b773a72a98a91188075235a2b67ee978206e43abbf90297fc3314/cloudmesh_vpn-5.0.16.tar.gz",
"platform": null,
"description": "# cloudmesh-vpn\r\n\r\nThis library is a wrapper around [openconnect](https://gitlab.com/openconnect/openconnect)\r\nthat provides added functionality. Additional features include secure password saving\r\nthat uses the native-OS keyring, as well as vpn-slicing, which only sends traffic\r\ndestined for school servers through the VPN and keeps other traffic out of the tunnel.\r\nPerhaps most conveniently, this library provides an easy way to install openconnect via\r\na package manager (chocolatey for Windows, homebrew for macOS) without requiring any other\r\ndependencies besides Python. The package manager is installed for you on-the-fly which installs\r\nopenconnect.\r\n\r\n| School | Tested | VPN-Slicing |\r\n| ------- | ------ | ----------- |\r\n| UVA <img src=\"https://upload.wikimedia.org/wikipedia/commons/thumb/d/dd/University_of_Virginia_Rotunda_logo.svg/2007px-University_of_Virginia_Rotunda_logo.svg.png\" alt=\"uva\" height=\"15\"/> | \u2705 | \u2705 |\r\n| FIU <img src=\"https://digicdn.fiu.edu/core/_assets/images/logo-top.svg\" alt=\"fiu\" width=\"25\"/> | \u2705 | \u2705 |\r\n| UFL <img src=\"https://www.ufl.edu/wp-content/uploads/sites/5/2022/12/UF-logo-500x500-1.png\" alt=\"uf\" height=\"15\"/> | \u2705 | \u2705 |\r\n| FAMU | \u274c | \u274c |\r\n| NYU | \u2705 | \u274c |\r\n| UCI | \u274c | \u274c |\r\n| GMU | \u274c | \u274c |\r\n| OleMiss | \u274c | \u274c |\r\n| SC | \u274c | \u274c |\r\n\r\n## Install\r\n\r\n### Windows\r\n\r\nOpen any terminal (git bash, cmd, powershell) as administrator.\r\n\r\n[Download Python from the Python website.](https://www.python.org/downloads/) Your Python version can be checked\r\nwith the command `python -V`. Try doing the following.\r\n\r\n```bash\r\npython -V\r\n# hopefully that works, if not, use python3 instead of python from now on.\r\n# in git bash run as administrator:\r\npython -m venv ~/ENV3\r\n# or, in cmd run as administrator:\r\npython -m venv \"%USERPROFILE%\\ENV3\"\r\n#\r\n# if you are in git bash then:\r\nsource ~/ENV3/Scripts/activate\r\n# if you are in cmd then:\r\n\"%USERPROFILE%\\ENV3\\Scripts\\activate.bat\"\r\n```\r\n\r\n```bash\r\n# now you see (ENV3)\r\npip install cloudmesh-vpn\r\n```\r\n\r\n## Usage\r\n\r\nTo connect to the UVA Anywhere VPN, run\r\n\r\n```bash\r\n# YOU MUST BE IN YOUR VIRTUAL ENVIRONMENT.\r\n# see the previous commands on how to activate it first.\r\ncms vpn connect\r\n```\r\n\r\nFor other organizations, the `--service` flag can be used:\r\n\r\n```bash\r\ncms vpn connect --service=ufl\r\n# possible services are uva fiu ufl\r\n```\r\n\r\nNote- currently the output will be piped to the terminal\r\nand will end in response to `Ctrl + C`\r\nconsider executing the following:\r\n\r\n`nohup cms vpn connect --service=ufl >/dev/null 2>&1`\r\n\r\nTo disconnect from current VPN, run\r\n\r\n```bash\r\ncms vpn disconnect\r\n```\r\n\r\nTo see info regarding your connection, run\r\n\r\n```bash\r\ncms vpn info\r\n```\r\n\r\n## Troubleshooting\r\n\r\nSometimes DNS lookup is broken entirely\r\n\r\nTo fix:\r\n\r\n```powershell\r\nGet-DnsClientNrptRule | Remove-DnsClientNrptRule -Force\r\nnetsh interface ipv4 delete winsservers name=\"Ethernet\" all\r\nnetsh interface ipv4 delete winsservers name=\"Wi-Fi\" all\r\nrasdial /disconnect\r\nnet start dnscache\r\nnet stop dnscache\r\nping google.com\r\n```\r\n\r\n## Linux and macOS\r\n\r\n### Requirements\r\n\r\nWe use the command `openconnect`. To check if it is available please use\r\n\r\n```bash\r\n$ which openconnect\r\n```\r\n\r\nIf it is not available, on macOS do:\r\n\r\n```bash\r\nbrew install openconnect\r\n```\r\n\r\nyou can install it on Ubuntu with \r\n\r\n```bash\r\n$ sudo apt install openssl\r\n$ sudo apt install openconnect\r\n$ sudo apt install network-manager-openconnect\r\n```\r\nand in case you use gnome also:\r\n\r\n```bash\r\n$ sudo apt install network-manager-gnome\r\n$ sudo apt install network-manager-openconnect-gnome\r\n```\r\n\r\n### Getting certificates\r\n\r\nWe have tested this tool only with University of Virginia, but it should be simple to adapt. Just follow the \r\ninstructions to obtain the certificates from your provider.\r\n\r\nAt UVA you find the certificate and other documentation at \r\n\r\n* <https://www.rc.virginia.edu/userinfo/linux/uva-anywhere-vpn-linux/>\r\n\r\nwe place all certificates into ~/.ssh/uva\r\n\r\n```\r\nmkdir -p ~/.ssh/uva\r\n# You will receive a file ending in .p12. In this example we will assume it is named mst3k.p12.\r\ncd ~/.ssh/uva\r\n# wget https://download.its.virginia.edu/local-auth/universal/usher.cer\r\nwget --no-check-certificate https://download.its.virginia.edu/local-auth/universal/usher.cer\r\n```\r\n\r\nTo get a certificate for your device, go to \r\n\r\n* <https://cloud.securew2.com/public/82116/limited/?device=Unknown>\r\n\r\nFill it out and get the key. You will receive a \r\nfile ending in .p12. In this example we will assume it \r\nis named mst3k.p12 and place it into ~/.ssh/uva/user.p12\r\n\r\nIt is important for us to rename this key to user.p12\r\nso we have a simpler way of identifying it and writing this documentation.\r\n\r\nNow convert the keys and certificates with the following commands\r\n\r\n```bash\r\ncd ~/.ssh/uva\r\nopenssl pkcs12 -in user.p12 -nocerts -nodes -out user.key\r\nopenssl pkcs12 -in user.p12 -clcerts -nokeys -out user.crt\r\nopenssl x509 -inform DER -in usher.cer -out usher.crt\r\n```\r\n\r\n\r\nNow your UVA directory should have the following files in it.\r\n\r\n```\r\nls ~/.ssh/uva/\r\nuser.crt user.key user.p12 usher.cer usher.crt\r\n```\r\n\r\n\r\n### Install and using the command\r\n\r\nYou can now use the cloudmesh cms vpn command.\r\n\r\n\r\n```bash\r\n$ pip install cloudmesh-vpn\r\n$ cms help\r\n```\r\n\r\nTo connect use \r\n\r\n\r\n```bash\r\n$ cms vpn connect \r\n```\r\n\r\n\r\nTo disconnect\r\n\r\n```bash\r\n$ cms vpn disconnect\r\n```\r\n\r\n## Acknowledgments\r\n\r\nThis work was in part funded by the NSF\r\nCyberTraining: CIC: CyberTraining for Students and Technologies\r\nfrom Generation Z with the award numbers 1829704 and 2200409.\r\n\r\n\r\n\r\n## Manual Page\r\n\r\n<!-- START-MANUAL -->\r\n```\r\nCommand vpn\r\n===========\r\n\r\n::\r\n\r\n Usage:\r\n vpn connect [--service=SERVICE] [--timeout=TIMEOUT] [-v] [--choco]\r\n vpn disconnect [-v]\r\n vpn status [-v]\r\n vpn info\r\n\r\n This command manages the vpn connection\r\n\r\n Options:\r\n -v debug [default: False]\r\n --choco installs chocolatey [default: False]\r\n\r\n Description:\r\n vpn info\r\n prints out information about your current location as\r\n obtained via the vpn connection.\r\n\r\n vpn status\r\n prints out \"True\" if the vpn is connected\r\n and \"False\" if it is not.\r\n\r\n vpn disconnect\r\n disconnects from the VPN.\r\n\r\n vpn connect [--service=SERVICE]\r\n connects to the UVA Anywhere VPN.\r\n\r\n If the VPN is already connected a warning is shown.\r\n\r\n You can connect to other VPNs while specifying their names\r\n as given to you by the VPN provider with e service option.\r\n\r\n\r\n```\r\n<!-- STOP-MANUAL -->\r\n",
"bugtrack_url": null,
"license": "Apache License\r\n Version 2.0, January 2004\r\n http://www.apache.org/licenses/\r\n \r\n Copyright 2021,2022 Gregor von Laszewski, University of Virginia\r\n \r\n Licensed under the Apache License, Version 2.0 (the \"License\");\r\n you may not use this file except in compliance with the License.\r\n You may obtain a copy of the License at\r\n \r\n http://www.apache.org/licenses/LICENSE-2.0\r\n \r\n Unless required by applicable law or agreed to in writing, software\r\n distributed under the License is distributed on an \"AS IS\" BASIS,\r\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n See the License for the specific language governing permissions and\r\n limitations under the License.\r\n ",
"summary": "Virtual Private Network connection in the cloudmesh suite",
"version": "5.0.16",
"project_urls": {
"Changelog": "https://github.com/cloudmesh/cloudmesh-vpn/blob/main/CHANGELOG.md",
"Documentation": "https://github.com/cloudmesh/cloudmesh-vpn/blob/main/README.md",
"Homepage": "https://github.com/cloudmesh/cloudmesh-vpn",
"Issues": "https://github.com/cloudmesh/cloudmesh-vpn/issues",
"Repository": "https://github.com/cloudmesh/cloudmesh-vpn.git"
},
"split_keywords": [
"helper library",
" cloudmesh"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "c0132b374a8f0a17f2b3b8e1cce4258da173265aaa9c5d3f56e3b37152d1aa4a",
"md5": "d93ee7831c08ea425664b8a2671a1654",
"sha256": "072297ca8ce5b2e66be798bc3433047d80491e2d2211c96338ea913d945ed1a1"
},
"downloads": -1,
"filename": "cloudmesh_vpn-5.0.16-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "d93ee7831c08ea425664b8a2671a1654",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": ">=3.8",
"size": 24588,
"upload_time": "2025-09-13T01:27:44",
"upload_time_iso_8601": "2025-09-13T01:27:44.273488Z",
"url": "https://files.pythonhosted.org/packages/c0/13/2b374a8f0a17f2b3b8e1cce4258da173265aaa9c5d3f56e3b37152d1aa4a/cloudmesh_vpn-5.0.16-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "9876a94ec92b773a72a98a91188075235a2b67ee978206e43abbf90297fc3314",
"md5": "72155330ec335d2bbd0e39ccb2d6befa",
"sha256": "d96dfffbc549bd4f66749a42e4e5fb5a433e1c825842a90b0efdc4026ea3fe80"
},
"downloads": -1,
"filename": "cloudmesh_vpn-5.0.16.tar.gz",
"has_sig": false,
"md5_digest": "72155330ec335d2bbd0e39ccb2d6befa",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 26996,
"upload_time": "2025-09-13T01:27:45",
"upload_time_iso_8601": "2025-09-13T01:27:45.666688Z",
"url": "https://files.pythonhosted.org/packages/98/76/a94ec92b773a72a98a91188075235a2b67ee978206e43abbf90297fc3314/cloudmesh_vpn-5.0.16.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-09-13 01:27:45",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cloudmesh",
"github_project": "cloudmesh-vpn",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "cloudmesh-cmd5",
"specs": []
},
{
"name": "cloudmesh-sys",
"specs": []
},
{
"name": "cloudmesh-inventory",
"specs": []
},
{
"name": "cloudmesh-configuration",
"specs": []
},
{
"name": "keyring",
"specs": []
},
{
"name": "pexpect",
"specs": []
},
{
"name": "pytest",
"specs": []
},
{
"name": "vpn-slice",
"specs": []
}
],
"lcname": "cloudmesh-vpn"
}
