From Cncz
Revision as of 12:11, 7 February 2014 by Polman (talk | contribs) (VPN (Virtual Private Network) connection)
Jump to: navigation, search

VPN (Virtual Private Network) connection

  • C&CZ manages a VPN server, which makes it possible for all users to gain secure/encrypted access to the network with their username/password. The computer at home (or anywhere on the Internet) becomes a part of the campus network. In this way users can get access to services that are normally only accessible from computers on campus.

The most common of such services are connecting to disk shares or special servers. To access your files on your home directory (U: Drive) you can follow this procedure.

For the use of the University library one does not need VPN, because the library has a proxy website, which can be used from anywhere on the Internet after logging in with your RU-password.

Examples of installation and configuration of the VPN:

Note: users of F-secure need to change the Firewall configuration to lift blocking of GRE.

Note: If the vpn connection immediately drops when you start to use it , it may be that the MTU value for the ethernet card is set to high, see for examle optimizing MTU

To use this VPN server you will need an account with password for the Faculty of Science. Visit DIY (Do It Yourself).

SSH SOCKS-Proxy to access journals (linux)

There is a convenient alternative to VPN or the UB proxy website described above to access online journals from anywhere. With SSH one can start a so called SOCKS Proxy-server, which can be used by web-browsers.

  • Login to your FNWI account with ssh:
 ssh -D 8942 lilo3.science.ru.nl       # (or any other login-server)
 (Enter password if required)

If your FNWI username (e.g. "peter") is different on your local username use:

 ssh -D 8942 -l peter lilo3.science.ru.nl

The -D flag starts "dynamic" application-level portforwarding. The port number (here 8942) can be any number above 1024 and below 65536. If a port is already in use by another process try a different number.

  • Tell the web browser to use the server. In Firefox:
 * Edit - Preferences - Advanced - Settings
 * Select "Manual proxy configuration"
 * SOCKS Host: localhost      Port: 8942
 * Select SOCKS v5
 * OK

If you now go to a journal website i.e., J. Chem. Phys., you should see "Your access is provided by: Universiteitsbibliotheek" and you should have the same access as from within the Radboud University domain.

Run ssh in the background

With these flags:

 ssh -f -N -D port 

ssh will run in the background (-f) and only setup the proxy server but not actually logon (-N).


The "netstat" command may be used to troubleshoot problems:

 netstat -at

will show all active and non-active tcp sockets. In the above example you should see something like:

 MYPC:/home/peter $ netstat -at
 Active Internet connections (servers and established)
 Proto Recv-Q Send-Q Local Address           Foreign Address         State      
 tcp        0      0 localhost:smtp          *:*                     LISTEN      
 tcp        0      0 localhost:8942          *:*                     LISTEN      
 tcp        0      0 *:ssh                   *:*                     LISTEN      
 tcp        0      0 localhost:ipp           *:*                     LISTEN      
 tcp        0      0 peter.home:36953        postvak.science.r:imaps ESTABLISHED
 tcp        0      0 peter.home:36808        lilo3.science.ru.nl:ssh ESTABLISHED
 tcp        0      0 localhost:smtp          *:*                     LISTEN      
 tcp        0      0 localhost:8942          *:*                     LISTEN