Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Off‐Site Access

advertisement 
Off‐Site Access PPD IT How‐to Guides December 2010 Off‐Site Access When you are working away from RAL, you can connect to the RAL network via Virtual Private Network. This allows you to see internal RAL web pages and provides a way to access SSC, which is only reachable from Research Council networks1. STFC uses the Microsoft PPTP protocol for VPN, with a load‐balanced server at RAL, vpn.rl.stfc.ac.uk2. STFC has similar network infrastructure at Daresbury, so as a fallback the same procedure may be used to connect to Daresbury, specifying instead vpn.dl.stfc.ac.uk3 ‐ there is a secure tunnel for traffic between RAL and Daresbury. A side effect of our recommendation that you route all network traffic over the VPN tunnel is that you need to configure the internet settings for the VPN to use the RAL or Daresbury web caches in order that general web access is possible when connected to the VPN. Contents Instructions for setting up a PPTP connection to the RAL network....................................................... 2 Windows 7 / Vista ....................................................................................................................... 2 Windows XP................................................................................................................................. 4 Mac OS X ..................................................................................................................................... 4 A warning about proxy settings for Visitors .......................................................................................... 6 A note on proxy configuration and split routing ................................................................................... 6 Contact PPDITHelpdesk@stfc.ac.uk with any further questions, comments or corrections. 1
This is the reason why we recommend routing all network traffic via the VPN 2
There are a number of aliases for the VPN server at RAL, namely vpn.stfc.ac.uk, vpn.rl.stfc.ac.uk and pptp01.rl.ac.uk 3
Similarly there are a number of aliases for the VPN server at Daresbury, namely vpn2.stfc.ac.uk, vpn.dl.stfc.ac.uk and dialup04.dl.ac.uk 1 Off‐Site Access PPD IT How‐to Guides December 2010 Instructions for setting up a PPTP connection to the RAL network Windows 7 / Vista 1. Open the Start Menu and click Connect to. 2. If required, select Open Network and Sharing Center. 3. In the window that appears, click Set up a new connection or network. 4. Select Connect to a workplace, and click Next. 5. Select Use my Internet connection (VPN). 6. Set the Internet address to vpn.rl.stfc.ac.uk and give the connection a suitable name (e.g. RAL PPTP), then click Next. 7. Type your federal ID and password, and set the domain as CLRC. It is recommended that you do not tick Remember this password. Click Connect. 2 Off‐Site Access PPD IT How‐to Guides December 2010 8. Click Close to return to the Network and Sharing Center, then click on Internet Options. 9. Select the Connections tab, select the required connection (i.e. RAL PPTP) and click Settings. Do not click LAN Settings. 10. In the Automatic configuration section tick only Use automatic configuration script and set the Address to http://wwwcache.rl.ac.uk/proxy.pac (http://wwwcache.dl.ac.uk/proxy.pac if using vpn.dl.stfc.ac.uk). Leave the Proxy server section blank and ignore the Dial‐up settings section. 11. This connection is now readily accessible from Start Menu > Connect to. 3 Off‐Site Access PPD IT How‐to Guides December 2010 Windows XP The procedure is slightly different, albeit many of the dialogue boxes are very similar to those for Windows 7 and Vista. 1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
Open the Start Menu and then Control Panel (Classic view). Go to Internet Options. In the dialogue box that comes up, open the Connections tab and click Add… Select Connect to a private network through the Internet and click Next. If you get a page titled Public Network select Do not dial the initial connection and click Next. Type the server name, vpn.rl.stfc.ac.uk, and click Next. If you get a page titled Smart Cards select Do not use my smart card and click Next. Give the connection a suitable name (e.g. RAL PPTP) and click Finish. In the new window, tick Use automatic configuration script. In the Address field type http://wwwcache.rl.ac.uk/proxy.pac (http://wwwcache.dl.ac.uk/proxy.pac if using vpn.dl.stfc.ac.uk). Enter your federal ID and the domain (CLRC). Click Properties, and in the dialog that appears, under the Options tab, tick Include Windows logon domain. Close the windows by clicking OK in each case, until you are back at the Internet Properties window. Select Never dial a connection and then click OK. To use this connection, open the Start Menu and go to Settings > Control Panel > Network Connections. You can copy it to the Desktop to create a shortcut. Mac OS X 1.
2.
3.
4.
Open the Apple Menu and go to System Preferences. Select the Network pane. Click the + to add a new connection. Set the interface as VPN, the type as PPTP, and give the connection a suitable name (e.g. RAL PPTP). Click Create. 5. Type the server name, vpn.rl.stfc.ac.uk, and enter the account name as CLRC\<your federal ID>. 6. You may find it useful to tick Show VPN status in Menu bar. 4 Off‐Site Access PPD IT How‐to Guides December 2010 7. Click Advanced… 8. Under the Options tab, ensure Send all traffic over VPN is ticked. 9. Under the Proxies tab, set Configure Proxies to Using a PAC file and specify the PAC File URL as http://wwwcache.rl.ac.uk/proxy.pac (http://wwwcache.dl.ac.uk/proxy.pac if using vpn.dl.stfc.ac.uk) and then click OK. 5 Off‐Site Access PPD IT How‐to Guides December 2010 10. Finally click Apply. 11. This connection is now available under Apple Menu > System Preferences > Network (and if you selected Show VPN status in Menu bar above, as an additional element on the right hand side of the menu bar). A warning about proxy settings for Visitors It is important to note that the RAL proxy should only be configured for the VPN, not for LAN settings on Windows or Ethernet or Airport on Macintosh. Attempting to use the RAL proxy when not connected to the RAL network will render web pages inaccessible. PPD Staff who intend to use the computer at RAL on the wired network will of course need their LAN settings correctly specified, but this is handled by their Windows profile. A note on proxy configuration and split routing The descriptions above force all traffic down the VPN tunnel, so that access is provided to networks only reachable from RAL. One side effect of this is to require use of the RAL proxy to enable off‐site web browsing, another is that it may preclude access to local resources, in particular any local network resources not on the same Ethernet sub‐net. Printing at CERN is an obvious example here. It is possible to not force all traffic over the VPN and thereby maintain access to local resources. However to enable access to the other networks only reachable from RAL then requires modifying the IP routing tables for your computer to route these networks over the VPN tunnel. These networks include Daresbury (148.79.0.0), the Exchange servers (172.16.133.0), Swindon (192.171.198.0) and SSC (194.66.176.0/22). As these modifications require Administrator rights we do not support this. 6
Related documents
Girls in the Physics Classroom: A Teachers* Guide for Action
Girls in the Physics Classroom: A Teachers* Guide for Action
Peplink SpeedFusion
Peplink SpeedFusion
remote_access_applications
remote_access_applications
CSUN CECS Information Systems JD1112 x3919 Page 2
CSUN CECS Information Systems JD1112 x3919 Page 2
Download
advertisement