This article details the configuration steps for accessing the Department of Physics network via Fortinet SSL VPN on supported Linux distributions. The settings listed below are for the VPN gateway: vpn.physics.ox.ac.uk.

Installation

• Open a terminal.
• Update your package list and install: sudo apt update && sudo apt install network-manager-fortisslvpn-gnome

VPN Configuration

• Go to Settings > Network
• In the VPN section, click the +(Add VPN) button.
• Select Fortinet SSLVPN
• Set up the VPN
  • Name: Physics VPN
  • Gateway: vpn.physics.ox.ac.uk:443
  • User name: your Physics username
  • Password: your Physics password
  • Click Advanced and lock for the Trusted certificate field and set it to this value: f8a7a1fd236e48b50d197a17179e2ca4c83a85ba52b67649df34787dfa4e25a9
• Navigate to the IPv4 within the VPN settings:
  • Check the box for: Use this connection only for resources on its network. This setting ensures that only traffic destined for the Physics network will use the VPN, and all other traffic (like general browsing) will use your local ISP.

Checking and Formatting the Trusted Certificate

The VPN configuration requires the current server certificate's SHA-256 fingerprint, stripped of colons and converted to lowercase.

Obtain the Fingerprint

Visit the gateway address (https://vpn.physics.ox.ac.uk) in a web browser to view the certificate.

• Chrome browser:
  • Go to the https://vpn.physics.ox.ac.uk/
  • Click the View Site Information icon next to the URL.
  • Click the Connection is secure, and Certificate is valid.
  • Under the General tab, find  SHA-256 fingerprints -> Certificate value.
• Firefox browser:
  • Go to the https://vpn.physics.ox.ac.uk
  • Click the  padlock icon next to the URL.
  • Click Connection secure and then More information.
  • Click View Certificate scroll down to the Fingerprints section.
  • Use the SHA-256 the value.

Format the Fingerprint

Use the following Python command in a terminal to convert the fingerprint to the required format (colon-less and lowercase).

• Copy the full SHA-256 fingerprint (including colons).
• Run the command below:

python3 -c 'print(input("Paste fingerprint here: ").replace(":", "").lower())'

• Paste the copied fingerprint and press Enter.
• Copy the resulting reformatted string and paste in into the Trusted certificate field in your VPN settings.

You can convert the trusted certificate to the right format by running (in a terminal) python3 -c 'print(input().replace(":", "").lower())' pasting the fingerprint into the terminal, hitting enter, then copying the reformatted version over to the VPN settings.

Security Requirements & Compliance

All devices connecting to the Physics network MUST comply with the following minimum security requirements:

1. Running a supported Operating System (OS).
2. All application and OS updates are applied.
3. A Firewall is actively running.
4. Antivirus Software is installed and running with up-to-date definitions.
5. Spyware detection is running.

Connection also constitutes acceptance of the Department of Physics Rules for Computer Use.