-
Notifications
You must be signed in to change notification settings - Fork 0
VPN Access
You currently need VPN access to be able to connect to the lab computers
On an ubuntu-based system, if you cannot ping or ssh to the lab computers then you may need to try the following
- with the use of
systemd, things are bit more difficult because it dynamically adjusts your resolv.conf file - if this is the case for you, you will need to move the resolv.conf to another filename if it is a symlink, as that means that systemd is taking care of it
cd /etc
sudo mv resolv.conf resolv.conf.disabled #in case you need to get it later, or want to know what is inside it!
sudo vim resolv.conf
Now add the following to your resolv.conf and save it, then connect to the VPN again
nameserver 127.0.0.53 132.205.1.1 8.8.8.8
options edns0 trust-ad
search concordia.ca net.concordia.ca
As of 17/02/2026, the following method works for installing and connecting through the VPN. Tested on Pop!_OS (Ubuntu 24.04)
Concordia VPN uses Microsoft SAML, which on Pop!_OS is most reliably handled by FortiClient (official repo). After connecting, FortiClient may break public DNS, so you apply a small DNS fix script.
wget -O - https://repo.fortinet.com/repo/forticlient/7.2/debian/DEB-GPG-KEY \
| gpg --dearmor | sudo tee /usr/share/keyrings/repo.fortinet.com.gpg >/dev/null
Add repo
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/repo.fortinet.com.gpg] https://repo.fortinet.com/repo/forticlient/7.2/debian/ stable non-free" \
| sudo tee /etc/apt/sources.list.d/repo.fortinet.com.list
Install
sudo apt update
sudo apt install forticlient
If you want to verify:
apt-cache policy forticlient
forticlient version
Launch FortiClient GUI. You can do this via CLI with forticlient gui but it also works just by launching the app.
Configure VPN as per https://www.concordia.ca/it/support/connect-from-home.html:
Connection Name: Concordia VPN
Remote Gateway: vpn.concordia.ca
Customize port: 443
Client Certificate: None
Complete Microsoft MFA login
This SHOULD connect your VPN but you won't have internet access.
IP ping should work ping 1.1.1.1
But domain names fail: ping google.com > “Name or service not known”
You have to fix this manually once, then you can write a helper:
Find your active interface:
ip route | grep default
Then set public DNS on that interface (example uses enp6s0):
sudo resolvectl dns enp6s0 1.1.1.1 8.8.8.8
Then ping google.com should work!
Create script
mkdir -p ~/bin #if it doesnt exist yet
nano ~/bin/fixvpn
Paste:
#!/usr/bin/env bash
iface=$(ip route | awk '/default/ {print $5; exit}')
sudo resolvectl dns "$iface" 1.1.1.1 8.8.8.8
echo "DNS fixed on $iface"
Save and close, then make it executable:
chmod +x ~/bin/fixvpn
Add ~/bin to PATH if not already:
echo 'export PATH="$HOME/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc
Open FortiClient GUI, log in,
run fixvpn in terminal