How to connect

As explained at First steps section if you are accessing CESGA’s resources from an authorized center, you do not need to configure the VPN.

Another way to access our servers without using the VPN is through the User Portal with your username and password. Under the Tools section, you have an SSH Terminal that opens a command terminal directly on FinisTerrae III. Another option are the Remote Desktops, which provide a Linux desktop with direct access to the directories and command terminal of FinisTerrae III. These Remote Desktops will be destroyed after 36 hours, unless you log out of the desktop before reaching that limit or restart the countdown. If you want more information about the use of the Remote Desktops you can check this page.

If you are not at your center or working abroad (whether at home or in another country), you must use the VPN to connect with our servers (except for SSH Terminal and Remote Desktops, as explained above). Enabling a VPN connection is mandatory in all these cases, and the VPN must be established using FortiClient. The installation and configuration of this tool are discussed below for different operating systems.

Installation and configuration of FortiClient on Windows and MacOS

Warning

If the client freezes at 40%, it is due to a bug in FortiClient version 7.0 or later. To resolve this issue, we recommend downloading and installing version 6.2 for Windows. and MacOS

To install FortiClient as a VPN client provider, download it from their website. The VPN connection will be configured as follows (there may be some differences between the Windows client and macOS client, but the configuration parameters are the same):

../_images/vpn1.png

For its configuration it is necessary to establish the VPN name as gateway.cesga.es. Check the Customize port box and enter the 443) since it is not checked by default even if you write the number.

It’s important to underline that the username refers to the complete email address that the user used to request registration to access our servers. The domain may differ between institutions, universities and other associated centers. If you are uncertain which email address you used for registration, you may verify it in the User Portal Profile.

Warning

It is not possible to use username@ft3.cesga.es as the email to authenticate in FortiClient. You must use the complete email address used to request registration to access our servers.

Note

For the users with a “curso” account, the login will be cursoNNN@cesga.es where NNN the number assigned to that account. For example: curso101@cesga.es

Installation and configuration of VPN-Fortissl on Linux

1. Download it here and follow these steps as root:

unrar e vpn-fortissl.rar
tar xvzf forticlientsslvpn_linux_4.4.2323.tar.gz
cd forticlientsslvpn
./fortisslvpn.sh
Accept the license agreement presented
../forticlientsslvpn_cli --server gateway.cesga.es:443 --vpnuser usuario@dominio.com

Alternatively, if you are using a Linux operating system such as Debian, Ubuntu, or Mint, you can install network-manager-fortisslvpn package. This package belongs to the ‘universe’ repository which is normally enabled by default.

For Linux systems, to create the VPN from the GNOME network manager, it is also necessary to install the network-manager-fortisslvpn-gnome package. Without this package, the “VPN” tab does not appear within the fortisslvpn configuration.

2. Configure the connection as root as follows:

Gateway Remoto: gateway.cesga.es
Port: 443
Username: email@dominio.com (it is the one used in the user registration)
Password: your_password

Installation and configuration of OpenFortiVPN on Linux

There is also an alternative open-source client called OpenFortiVPN that you can use instead of FortisslVPN. Some Linux distibutions like Ubuntu, Debian, OpenSuse or Arch Linux provide OpenFortiVPN packages.

  • Ubuntu 18.04 or newer versions:

sudo apt install openfortivpn
  • Integration with the NetworkManager in GNOME:

sudo apt install network-manager-fortisslvpn-gnome
  • Centos 7 ( available in the EPEL repo):

yum install openfortivpn

2. For any of the cases above, configure the connection as root as follows:

Gateway Remoto: gateway.cesga.es
Port: 443
Username: email@dominio.com (it is the one used in the user registration)
Password: your_password

No certificated are need to stablish the connection.

Once openfortivpn is installed you can start the VPN executing sudo openfortivpn gateway.cesga.es:443 -u username@dominio.com -p "your_password". Once you submit that command, the window will show the next information, the window will become blocked and you can no longer use it. You will have to open a new window in your command terminal.

VPN account password:
INFO: Connected to gateway.
INFO: Authenticated.
INFO: Remote gateway has allocated a VPN.
WARN: No gateway address, using interface for routing
Using interface ppp0
Connect: ppp0 <--> /dev/pts/4
INFO: Got addresses: [...], ns [0.0.0.0, 0.0.0.0]
INFO: Negotiation complete.
INFO: Negotiation complete.
local IP address ...
remote IP address ...
INFO: Interface ppp0 is UP.
INFO: Setting new routes...
INFO: Adding VPN nameservers...
INFO: Tunnel is up and running.

In case you don’t want the window to block you can edit /etc/openfortivpn/config with the following information and execute sudo openfortivpn &

# config file for openfortivpn, see man openfortivpn(1)
host = gateway.cesga.es
port = 443
username: email@dominio.com (it is the one used in the user registration)
password: your_password

You can also create an alias (activate_VPN) to start OpenFortiVPN:

$ cat activate_vpn

VERSION=$(lsb_release -r -s)

if [[ $VERSION == "20.04" ]]; then
    sudo wg-quick up wg0
else
    sudo openfortivpn &
end

FinisTerrae III fingerprints:

ft3.cesga.es ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXtPYxPF1zL9fQ0o2x0/mLdZGBrSjYG8zsou81952QCpo9q/R0VHMUQw9xn2hSEQlKzENQ/k5H8X2LE1zgKb6U/5UQJneQFv/54b3aahtTTg9Vx4+8yj0gnoxlieG4Ng5OBK+MpqBpo9ZeXanuQDvXX1U8G1UlvWOWOMdNSA2+vcgbW1xUU8SX0eRh73+FIJHtiOfAdioRp/L64UBklb6z77g4NsPFPIfHsCKhuMi9jB6ruLqaKtBELrXQpgJ4dcC/p8UiPwuVcdAPJKgHrb9EqwaNbCLlogsIib5xXHjn8TYrv8FEytCoaVgRK2vvCeUyZh7ndV9QSAwxuqVu2bvuTPXTrXJ6nl1u1YacGGdSzxe0KLY6RiTnbDF7fBtknJJlQpajWGKneF9Fac8MLWNT010orGIc+duZCjy8KrFoIDBmqHkRWddyeIn+aw6yq1ZbqmyPw+T7iyDpNkIPdeQ/hQcgsTsd+u5TmoICX+zpfpneoBEJjvDBI+ANe//nOEk=
ft3.cesga.es ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIb9q8ImmvHjq2owgvP3JOEfsP86/SkT0o8lSGpP8vpmTs63Z2wrMh2CETjf1UsVt56ExUs07CYeKbUlLjyVhqo==
ft3.cesga.es ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF/jKxoDJT5dffCJeMdrxFtMhulC735UbakEARi3p6hc

Remote connection

If you are using Linux or MacOS as your operating system, you can access Finisterrae III directly from the command terminal. However, if you are a Windows user, you will need to install a UNIX-like environment.

Newer versions of Windows allow for connection via SSH with the Windows command terminal (cmd), so it is not mandatory to use a UNIX client.

Nevertheless, MobaXterm provides a complete environment for connecting to Finisterrae III and transferring files locally and to Finisterrae III, making it a useful tool. You can download and install MobaXterm from its official website. Once installed, the first step is to create a new user session and configure it as follows:

Remote Host: ft3.cesga.es
Specify username: username (Just the username without @)
Port: 22

After the password is entered, the Finisterrae III home screen will be displayed in the terminal tab. This indicates that the user has successfully logged in to one of the login nodes, allowing them to edit files, copy or move them, and submit jobs to the queue system.

If the home screen is not displayed automatically, the user can enter the following address to access it:

ssh username@ft3.cesga.es