You are here

Setup Procedures for HKUVPN with 2-Factor Authentication (2FA) for Linux Using OpenConnect

1. Prerequisite
2. Configuration Procedures
3. Connection Procedures


1. Prerequisite

  1. With effect from 4 January 2016, 2-factor authentication (2FA) by making use of HKU Portal UID/PIN and a one-time password is required for accessing the HKUVPN service. You can register to use 2FA through the online form-
  2. Staff (except visiting, honorary and hourly-paid staff who can use alternate email address only) can choose to receive the token code either through a registered alternate email address or a Mobile App.

  3. Students and departmental account holders will receive the token code via their registered alternate email address.

  4. For staff who chooses to use Mobile App, please follow the procedure at http://www.its.hku.hk/documentation/guide/infosec/2fa/app-token to install the Mobile App.

  5. Please uninstall any earlier version of OpenConnect VPN client before you start the following installation.

2. Configuration Procedures (to be done once only)

Note: The following steps are prepared based on Ubuntu 15.10.

  1. Download and install OpenConnect (VPN client) with the following command-

    sudo apt-get install network-manager-openconnect-gnome

  2. Press "y" and "Enter" to kick off the installation when you see the following message.

    After this operation, 4,691 kb of additional disk space will be used.

    Do you want to continue? [Y/n]

  3. Under System Settings, select Network.

    Network

  4. Click button. Then select VPN from the list and click Create.

    Create VPN

  5. Select Cisco AnyConnect Compatible VPN (openconnect) and click Create.

    Select Cisco AnyConnect Comptible VPN (openconnect)

  6. Perform the following-
    • Enter "VPN2FA" in Connection Name field;
    • Enter "vpn2fa.hku.hk" in Gateway field;
    • Click Save button.

    Enter VPN2FA", "vpn2fa.hku.hk".

3. Connection Procedures

  1. Click Network Manager icon Network Manager icon in the notification area.

    Network Manager icon

  2. Select VPN Connections and click VPN2FA.

    VPN2FA

  3. Enter your HKU Portal UID and PIN in the Username and Password fields respectively and click Login.

    HKU Portal UID and PIN

  4. (i) Applicable to staff/students who choose EMAIL TOKEN

    You will receive an email containing the 6-digit email token to your registered alternate email address. The token is valid for 5 minutes after its sent out time.

    email token

    (ii) Applicable to staff who choose APP TOKEN

    Please retrieve the app token from your mobile device. The token is valid for 1 minute after it is obtained.

    Note: For installation of the mobile app, please refer to http://www.its.hku.hk/documentation/guide/infosec/2fa/app-token.

    On Android devices- On iOS devices-
    • Open FortiToken Mobile.

      FortiToken Mobile

    • Open FortiToken.

      FortiToken

    • Enter your PIN of 4 digits to unlock the app.

      enter pin

    • Enter your PIN of 4 digits to unlock the app.

      enter pin

    • App token will be retrieved.

      app token

    • App token will be retrieved.

      app token

  5. Enter the 6-digit One Time Password in the Response box and click Login.

    6-digit One Time Password

  6. When the VPN is connected, system message VPN Connection has been successfully established will be shown in the notification area.

    VPN connected

  7. To disconnect from HKUVPN server, click Network Manager icon in the notification area. Then select VPN Connections and click Disconnect VPN.

    Disconnect HKUVPN