Navigation

 

Install Ivanti (Pulse-Secure) VPN-Client on Linux

The preferred installation method is to add the definition of the triumf-swdist repository to your package manager, and then use it to install the Ivanti Secure VPN client.   Thus, subsequent updates will follow the same procedure is updates to system-packages.

Requirements

  • At least 500MB of free space in /opt
  • Minimum version of Linux distribution:
    CentOS-7, Fedora-32, Ubuntu-20.04.1, Debian-10.6

Installation

Choose your Linux-distribution from:

CentOS-7CentOS-8FedoraOpenSUSE
Debian Ubuntu Mint


If your distribution is not listed, then you can try manually installing the appropriate deb or rpm file from Office-365 / IS&T / Downloads / Linux .  For this to work, your Linux distribution must be compatible with one of the distributions shown in the requirements.

Starting Pulse GUI

The PulseUI launcher is installed under the Applications menu of your desktop environment.  It can also be started with:

/opt/pulsesecure/bin/pulseUI

Add a profile with the settings shown on the main TRIUMF-VPN page .

Why OpenConnect no longer works with TRIUMF VPN

Authentication for TRIUMF VPN is based on TRIDENT which redirects to https://auth.triumf.ca for the password entry, and  subsequent multi-factor authentication.   Therefore, the VPN client must handle the web-page redirect, and receive the token generated by the authentication procedure.   At present, the only client capable of interacting with the Ivanti Secure VPN-server in this way is the Ivanti Secure VPN-client provided by the vendor.

Ivanti Secure Issues

After a certain amount of logins (usually 30+ logins) to TRIUMF VPN with the Pulse Secure Linux client, you may no longer be able to successfully make a connection, even though things seem otherwise fine with the Pulse Secure client. You may need to delete the Pulse Secure client cookies due to a bug in the software before you can connect to the VPN again. In order to clean out your cookies, make sure you're disconnected from VPN and run the following commands in a terminal:

rm -f ~/.pulsesecure/cef/Cookies

rm -f ~/.pulsesecure/cef/Cookies-journal

Once you've completed these commands, your cookies files should be removed and you can try logging in again.