Joe, Would you be willing to share your experience in setting up the OpenVPN/Bridge?
Thanks, George X-Envelope-From: zsolt-nagyka...@ouhsc.edu X-Envelope-To: <ges...@ncsa.uiuc.edu> Subject: RE: [AG-TECH] NAT and bridge traffic Date: Tue, 11 Sep 2007 12:51:27 -0500 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [AG-TECH] NAT and bridge traffic Thread-Index: Acf0ljzjI12+VmBDQr2sxHVMjKfGHQABTNuN From: "Nagykaldi, Zsolt F. \(HSC\)" <zsolt-nagyka...@ouhsc.edu> To: "George Estes" <ges...@ncsa.uiuc.edu> Cc: <ag-t...@mcs.anl.gov> X-OriginalArrivalTime: 11 Sep 2007 17:51:27.0882 (UTC) FILETIME=[60C30EA0:01C7F49C] X-Proofpoint-Virus-Version: vendor=fsecure engine=4.65.5502:2.3.11,1.2.37,4.0.164 definitions=2007-09-11_04:2007-09-11,2007-09-11,2007-09-11 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=3.1.0-0708230000 definitions=main-0709110068 X-Scanned-By: milter-spamc/1.12.383 .383 (rimantadine.ncsa.uiuc.edu [141.142.2.77]); Tue, 11 Sep 2007 12:52:16 -0500 X-Spam-Status: NO, hits=4.50 required=4.90 X-Null-Tag: aefa1a49861c3a28f7ff4601584732f4 X-NCSA-MailScanner-Information: Please contact h...@ncsa.uiuc.edu for more information, rimantadine.ncsa.uiuc.edu X-NCSA-MailScanner: Found to be clean X-Deliver-To: gestes OpenVPN allows you to put your remote client computer "physically" and very securely on an ad-hoc local network. Therefore, as the most simple setup, you can run an OpenVPN server on the same machine that you use for the bridge server and handle remote clients as local network clients, allowing access to the bridge for a range of local IPs only (e.g. 10.10.x.x), in addition to your regular bridge access over the Internet. For intricate technical details of fine-tuning the bridge server, I would encourage you to contact Joe at stone...@umn.edu<mailto:stone...@umn.edu>. Zsolt --- Zsolt Nagykaldi, PhD<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> Assistant Professor of Research Clinical IT Specialist University of <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />Oklahoma Health Sciences Center Department of Family & Preventive Medicine 900 N.E. 10th Street Oklahoma City, OK 73104 Phone: (405) 271-8000 ext.1-32208 Fax: (405) 271-2784 _____ From: George Estes [mailto:ges...@ncsa.uiuc.edu] Sent: Tue 9/11/2007 12:08 PM To: Nagykaldi, Zsolt F. (HSC) Cc: ag-t...@mcs.anl.gov Subject: RE: [AG-TECH] NAT and bridge traffic Zsolt, What's the basic setup for using OpenVPN with a bridge? Thanks, George At 10:46 AM 9/11/2007 -0500, Nagykaldi, Zsolt F. \(HSC\) wrote: It is generally a pain in the back to establish connections to bridge servers in a NAT -ed environment. Port forwarding is one of your options, however there are a number of issues: 1) A large number of ports may need to be forwarded depending on the bridge setup and how many bridges you want to access (security implications); 2) Some older Cisco firewalls without a decent GUI may give you a hard time to create the appropriate rules to do what you need. My suggestion is to forget about ports and use OpenVPN on the bridge and the client machine to go through the NAT -ed network and everything in between your computer and the bridge. We have a significant experience with this and pretty good results. Your absolute expert (who came up with the combined bridge/Open VPN server solution) is Joe Stone (stone...@umn.edu<mailto:stone...@umn.edu>). I can also help, if needed. Zsolt --- Zsolt Nagykaldi, PhD<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> Assistant Professor of Research Clinical IT Specialist University of <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />Oklahoma Health Sciences Center Department of Family & Preventive Medicine 900 N.E. 10th Street Oklahoma City, OK 73104 Phone: (405) 271-8000 ext.1-32208 Fax: (405) 271-2784 _____ From: owner-ag-t...@mcs.anl.gov on behalf of George Estes Sent: Tue 9/11/2007 9:00 AM To: ag-t...@mcs.anl.gov Subject: [AG-TECH] NAT and bridge traffic Hello, Could someone with experience in this area tell me the issues/problems with receiving traffic from a bridge server if I'm behind a NAT. I've looked through the ag-tech mailing list and there's talk of problems but I can't find specifics. Thanks, George
