How to Create VPN account and connect to Fermilab VPN server.

VPN Support at Fermilab

Fermilab now provides a VPN (virtual private network) service to accommodate the needs of remote users. A VPN is a virtual private network that uses a public network (Internet) infrastructure to connect remote users to an enterprise network via an encrypted tunnel. The VPN tunnel allows a user to have the functionality of a direct dialup connection, but provides the convenience and higher bandwidth from using a local ISP for connectivity.

How A VPN Connection Works:

Fermilab VPN support is based on a remote access model. The user's remote system must be connected to the general Internet. The user needs to have the appropriate VPN client software on his system, and must have established a VPN account with the Laboratory. Once these elements are in place, the VPN client software can be used to establish a VPN tunnel from the remote system to a VPN concentrator located at the Laboratory. The VPN tunnel uses the Internet to create a virtual point-to-point connection between the remote system and the Laboratory network. All network traffic between the user's system and the Laboratory's campus network is sent within the VPN tunnel in encrypted format. Traffic through the tunnel uses a Fermilab campus network address for the remote system, making it appear to be directly attached to the Fermilab network. Traffic between the user's remote system and the rest of the Internet does not traverse the tunnel, and just follows the system's general Internet path. Once the remote user has completed his Laboratory-related work, the VPN tunnel can be taken down.

It should be noted that Fermilab supports only VPN connections with individual remote systems. Site-to-site connections, such as between a user's home network and the Fermilab campus network, are not supported. Users are also prohibited from using a VPN-connected system as a gateway for other remote systems via technologies such as Network Address Translation (NAT).

Descriptions of VPN technology, including basic VPN components, tunneling & security issues are available at the following URLs:

- http://www.tldp.org/HOWTO/VPN-HOWTO/
- http://www.cisco.com/warp/public/779/largeent/learn/technologies/VPNs.html

Benefits of Using a VPN Connection:

Using VPN connections provides a number of benefits for remote users:

- Data sent between a user's home system and the Laboratory is encrypted

- Some access restrictions on general Internet access to the Laboratory are not applied to VPN connections. Windows NETBIOS protocols, for example, are blocked at the facility border router, but permitted for VPN connections.

- Some resources on the Fermilab network that are restricted to local (on-site) access, may be accessible via VPN connections.

Requirements for using Fermilab VPN:

- Have a computer account at Fermilab

- Obtain a Fermilab VPN account

- Install and properly configure the Cisco VPN client on the home system(s)

o Windows, Linux , Solaris, and Macintosh OS X clients are available and tested

Steps to obtaining a Fermilab VPN account:

* Please also read VPN FAQs:

http://fndcg0.fnal.gov/VPN/VPN-faq.html

1. Registration.

Send a request for VPN account using the Web page:

https://www-dcn.fnal.gov/vpn/vpn_reg.cgi.

User has to select an appropriate Group Name (Affiliation), and provide his/her valid Fermi ID number on this Registration Form. Instruction and password for downloading VPN software will be sent to user via his/her e-mail address as a registration confirmation.

==========

A sample of text:

You are about to access an encrypted page. In order to verify identity of our site correctly
you may need to have the root DOE CA certificate imported in your browser.
Please consult to the URL http://www.doegrids.org/CA/ for more information and obtaining
the CA root certificate.

=========

2. Downloading VPN client.

Using the access password and URL, user need to download both the VPN client software, and the Profile onto user's home computer, install the VPN client on to the system. User only given one download for each file. See VPN Faqs in the link above for further instructions.

3. Activating VPN client.

Please wait 2 hours before calling the Helpdesk after registration for the automated process to complete. Call the Fermilab Computing Helpdesk at (630)840-2345 to have the VPN account activated, and to have the account's password assigned. Passwords must be Alphanumeric, between 8 or 9 characters in length, and must be a different password from the user's Kerberos password. The username is <firstname.lastname> as it appeared in the Fermilab Phone book. Note that the Helpdesk must be contacted via telephone. E-mail requests for account activation will not be acted upon. The Helpdesk hours are 8:00am - 4:30pm; Monday through Friday.

4. Test & Use the VPN client.

Connect to Fermi VPN server with your username and password.