Page tree
Skip to end of metadata
Go to start of metadata

These instructions apply to Cubbli and Ubuntu versions later than 18.04. If you have an older installation, you should upgrade. 

All Helsinki University (HU) computational resources, including file shares, printers, software and computational resources can be used remotely used with Cubbli (and Linux), most by multiple different methods. You should also see Helpdesk's instructions.

VDI remote desktops

Easiest way to access is through remote Virtual Desktop Infrastructure (VDI) remote desktops. VDI provides both remote Windows desktops and Linux desktops. The Windows desktops are remotely  available only for University staff because of Windows licensing.  You can access VDI  with VMWare Horizon client or from browser through link If you have a University laptop installation (Windows, Linux, or MAC) you can access VDI from the Univerity Menu.  You don't need a VPN to access remote desktop resources. Please see instructions from helpdesk

If you have a personal University Windows desktop hosts in University's premises, you can ask Helpdesk to provide access to it with VDI. 


HY-VPN (Virtual Privete Network) tunnel allows you directly access University's file shares, University's printers and some of University's servers which aren't available in the open Internet. Helpdesk has more instructions, also for other operating systems. 

The recommended way is to just click HY-VPN Tunnel only from Cubbli Network Manager menu:

Network Manager in Cubbli

If you want to direct all traffic through VPN click instead HY-VPN - All traffic. This is recommended when you are using untrusted public networks (WiFi access points). This also allows you to access some scientific publications where access is allowed by default from University Network.  Please direct all traffic through University network only when you need it,  since university's network capacity is limited. 

HY-VPN 1 and HY-VPN 2 tunnels don't have network address translation and are bridged instead of tunneled VPNs. Only use thses older VPN connections if you a problem with other VPNs or if for some reason NAT can't be used. 

You can configure HY-VPN to be enabled automatically when you connect to a WiFi network. Use the Network Settings dialog:

Configure HY-VPN to be anabled automatically.

Setting up HY-VPN in your own Linux installation with Network Manager

If you want to have HY-VPN available for Network Manager in your own Linux (just like the picture above) you need to have network-manager-openvpn-gnome package (or equivalent for your Linux distribution) installed. Then download and run this script. Since it needs access to your Linux hosts Network Manager, run it in a terminal on your Desktop. Don't attempt to run it with sudo, or over ssh or in a container or in a Anaconda environment. And you shouldn't run random scripts downloaded from the Internet! Check what it does before you run it. 

jjaakkol@lx9-907-20658:~$ wget --quiet && bash ./
This script sets up HY-VPN for you assuming you have Linux, Network Manager
and network-manager-openvpn packages installed.

Dreamed up by Jani Jaakkola 2020-03-26.
Your Univ. Helsinki user account: jjaakkol
Connection 'HY-VPN-tun - Tunnel only (jjaakkol)' (61fbf977-99ee-474a-8a90-e3770f346e4a) successfully added.

Here is how using the script looks like in a fresh Ubuntu 18.04 installation: 

You can configure Network Manager using the GUI too. Use these settings. The tabs not shown here should be left unchanged with their default values. Remember to use your own user account instead of jjaakkol. And remember to download HY-VPN-CA-20.pem certificate. 

VPN tab. Click the Advanced button for more.

Advanced / General 


Advanced / TLS Authentication

Using OpenVPN from command line. 

If you don't want to use Network Manager, but have sudo access and you insists on using openvpn from command line. Download the openvpn configuration (wget is used here at the command line). Use ctrl+c (^C) to shut down the VPN connection.  Remember to send the logs and error messages if you have any problems, otherwise we can't help you. The openvpn configuration is also likely to work in Android smart devices too, though I haven't tested it.

jjaakkol@lx9-907-20658:~$ wget --quiet
jjaakkol@lx9-907-20658:~$ sudo openvpn ./hy-vpn-tun.ovpn
Fri Mar 27 15:24:35 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Fri Mar 27 15:24:35 2020 library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.08
Enter Auth Username: jjaakkol
Enter Auth Password: ************
Fri Mar 27 15:24:42 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Mar 27 15:24:42 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Mar 27 15:24:42 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]
Fri Mar 27 15:24:42 2020 UDP link local: (not bound)
Fri Mar 27 15:24:42 2020 UDP link remote: [AF_INET]
Fri Mar 27 15:24:42 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Mar 27 15:24:42 2020 [] Peer Connection Initiated with [AF_INET]
Fri Mar 27 15:24:43 2020 TUN/TAP device tun-hyvpn opened
Fri Mar 27 15:24:43 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Mar 27 15:24:43 2020 /sbin/ip link set dev tun-hyvpn up mtu 1500
Fri Mar 27 15:24:43 2020 /sbin/ip addr add dev tun-hyvpn local peer
Fri Mar 27 15:24:43 2020 Initialization Sequence Completed
^CFri Mar 27 15:30:07 2020 event_wait : Interrupted system call (code=4)
Fri Mar 27 15:30:07 2020 /sbin/ip addr del dev tun-hyvpn local peer
Fri Mar 27 15:30:07 2020 SIGINT[hard,] received, process exiting


University has multiple different remotely accessible ssh servers, which are available to all University users:

  • (this is a larger physical machine with 256G physical memory and Intel Xeon CPU E5-2620 with 6 cores (12 threads). 

These hosts can be used to access University's shared file systems through sftp and as ssh jump hosts to other University's ssh services, which aren't directly visible to the open Internet. It possible to forward web browser requests through ssh sessions to get access to University's browser resources without having to run everything through a firewall. 

Network file shares.

MS OneDrive and other cloud storage services can be accessed with rclone. Please see Using rclone to access MS OneDrive and cloud storage for details. 

  • No labels