Limits

VPN works for connections from outside the Nevis particle-physics networks. It does not work when connecting from within that network.

In particular, the Nevis mansion house and wireless connections within the research and electronics buildings are within the network that VPN protects. You cannot connect to VPN from there.

• The VPN server is vpn.nevis.columbia.edu

• The VPN server is vpn.nevis.columbia.edu
• Click on the Connect button.
• If you're prompted for a Group, choose Nevis
• Use your Nevis account name and password.

VPN (Virtual Private Network)

Please see secure network warnings before using VPN.

Why use VPN?

By using VPN, you can establish a direct connection to the local network of the Nevis particle-physics systems from the outside. You also get the benefits of the web proxy, in that all your network connections go through our firewall.

Normally, to access a machine on the local network, you use ssh to login to one of the workgroup servers, then ssh again to the local machine. But there are times when this becomes inconvenient, complicated, or slow; e.g., accessing one of the electronics-design systems at Nevis. A VPN connection can be a simpler solution.

Here are the steps; the first section only has to be done once.

Install Cisco's AnyConnect

Although there are many VPN client programs available, since we have a Cisco firewall I find that the Cisco secure client works best and takes advantage of all the networking features.

The simplest way to get Cisco AnyConnect is to download it from the VPN server on our firewall. Visit:

https://vpn.nevis.columbia.edu

When you are prompted, select Group to be Nevis (that's probably already selected), and use your regular Nevis account name and password to login.

Once you've logged into WebVPN, select AnyConnect from the panel on the left-hand side. Then click on Start AnyConnect. (The instructions on the right-hand side are obsolete and misleading; e.g., you don't need to install Java.)

You'll be taken to a web page that will let you download a version of AnyConnect for your operating system (Mac OS X, Windows, or Linux). If you need installation help, click on Instructions in the lower right-hand corner.

Using the VPN client

Start the AnyConnect client program. You may have to "hunt" for its location. For example, on my Macintosh, I found it in Applications->Cisco.

When you start the application:

The VPN server is vpn.nevis.columbia.edu Click on the Connect button. If you're prompted for a Group, choose Nevis Use your Nevis account name and password.

That's it!

Things to try

Our firewall normally filters out ping attempts to any device inside the Nevis particle-physics networks. Before you start VPN, try to ping mail.nevis.columbia.edu; it will not succeed. After you connect with AnyConnect, ping mail will work.

From outside of Nevis, systems on the local network are "invisible." Once you establish a VPN connection, you should be able to directly ssh to any system on that network; e.g., ssh student41.nevis.columbia.edu.

Some systems have restricted access to the outside world, e.g., the electronics-design machines. With a VPN connection, you should be able to directly ping and ssh to a restricted system like elecsim4 directly (assuming you have an account on elecsim4, of course!).

If you're having trouble accessing your local network devices (e.g., a printer in your home), go into the AnyConnect preferences and make sure Allow local (LAN) access is checked.