Joe,

  Would you be willing to share your experience in setting up the 
OpenVPN/Bridge?

Thanks,
George


   X-Envelope-From: zsolt-nagyka...@ouhsc.edu
   X-Envelope-To: <ges...@ncsa.uiuc.edu>
   Subject: RE: [AG-TECH] NAT and bridge traffic
   Date: Tue, 11 Sep 2007 12:51:27 -0500
   X-MS-Has-Attach:
   X-MS-TNEF-Correlator:
   Thread-Topic: [AG-TECH] NAT and bridge traffic
   Thread-Index: Acf0ljzjI12+VmBDQr2sxHVMjKfGHQABTNuN
   From: "Nagykaldi, Zsolt F. \(HSC\)" <zsolt-nagyka...@ouhsc.edu>
   To: "George Estes" <ges...@ncsa.uiuc.edu>
   Cc: <ag-t...@mcs.anl.gov>
   X-OriginalArrivalTime: 11 Sep 2007 17:51:27.0882 (UTC) 
FILETIME=[60C30EA0:01C7F49C]
   X-Proofpoint-Virus-Version: vendor=fsecure 
engine=4.65.5502:2.3.11,1.2.37,4.0.164 
definitions=2007-09-11_04:2007-09-11,2007-09-11,2007-09-11 signatures=0
   X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 
ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 
reason=mlx engine=3.1.0-0708230000 definitions=main-0709110068
   X-Scanned-By: milter-spamc/1.12.383 .383 (rimantadine.ncsa.uiuc.edu 
[141.142.2.77]); Tue, 11 Sep 2007 12:52:16 -0500
   X-Spam-Status: NO, hits=4.50 required=4.90
   X-Null-Tag: aefa1a49861c3a28f7ff4601584732f4
   X-NCSA-MailScanner-Information: Please contact h...@ncsa.uiuc.edu for more 
information, rimantadine.ncsa.uiuc.edu
   X-NCSA-MailScanner: Found to be clean
   X-Deliver-To: gestes


   OpenVPN allows you to put your remote client computer "physically" and very 
securely on an ad-hoc local network. Therefore, as the most simple setup, you 
can run an OpenVPN server on the same machine that you use for the bridge 
server and handle remote clients as local network clients, allowing access to 
the bridge for a range of local IPs only (e.g. 10.10.x.x), in addition to your 
regular bridge access over the Internet. For intricate technical details of 
fine-tuning the bridge server, I would encourage you to contact Joe at 
stone...@umn.edu<mailto:stone...@umn.edu>.


   Zsolt


   ---

   Zsolt Nagykaldi, PhD<?xml:namespace prefix = o ns = 
"urn:schemas-microsoft-com:office:office" />
   Assistant Professor of Research
   Clinical IT Specialist

   University of <?xml:namespace prefix = st1 ns = 
"urn:schemas-microsoft-com:office:smarttags" />Oklahoma Health Sciences Center
   Department of Family & Preventive Medicine
   900 N.E. 10th Street
   Oklahoma City, OK 73104

   Phone: (405) 271-8000 ext.1-32208
   Fax:     (405) 271-2784


     _____

   From: George Estes [mailto:ges...@ncsa.uiuc.edu]
   Sent: Tue 9/11/2007 12:08 PM
   To: Nagykaldi, Zsolt F. (HSC)
   Cc: ag-t...@mcs.anl.gov
   Subject: RE: [AG-TECH] NAT and bridge traffic

   Zsolt,

     What's the basic setup for using OpenVPN with a bridge?

   Thanks,
   George

   At 10:46 AM 9/11/2007 -0500, Nagykaldi, Zsolt F. \(HSC\) wrote:




      It is generally a pain in the back to establish connections to bridge 
servers in a NAT -ed environment. Port forwarding is one of your options, 
however there are a number of issues: 1) A large number of ports may need to be 
forwarded depending on the bridge setup and how many bridges you want to access 
(security implications); 2) Some older Cisco firewalls without a decent GUI may 
give you a hard time to create the appropriate rules to do what you need.

      My suggestion is to forget about ports and use OpenVPN on the bridge and 
the client machine to go through the NAT -ed network and everything in between 
your computer and the bridge. We have a significant experience with this and 
pretty good results. Your absolute expert (who came up with the combined 
bridge/Open VPN server solution) is Joe Stone 
(stone...@umn.edu<mailto:stone...@umn.edu>). I can also help, if needed.

      Zsolt


      ---

      Zsolt Nagykaldi, PhD<?xml:namespace prefix = o ns = 
"urn:schemas-microsoft-com:office:office" />
      Assistant Professor of Research
      Clinical IT Specialist

      University of <?xml:namespace prefix = st1 ns = 
"urn:schemas-microsoft-com:office:smarttags" />Oklahoma Health Sciences Center
      Department of Family & Preventive Medicine
      900 N.E. 10th Street
      Oklahoma City, OK 73104

      Phone: (405) 271-8000 ext.1-32208
      Fax:     (405) 271-2784


        _____

      From: owner-ag-t...@mcs.anl.gov on behalf of George Estes
      Sent: Tue 9/11/2007 9:00 AM
      To: ag-t...@mcs.anl.gov
      Subject: [AG-TECH] NAT and bridge traffic

      Hello,

        Could someone with experience in this area  tell me the issues/problems 
with receiving traffic from a bridge server if I'm behind a NAT.  I've looked 
through the ag-tech mailing list and there's talk of problems but I can't find 
specifics.

      Thanks,
      George

Reply via email to