VPN (Virtual Private Network)
Please see
secure network warnings before using VPN.
Why use VPN?
By using VPN, you can establish a direct connection to the
local network of the Nevis particle-physics systems from the outside. You also get the benefits of the
web proxy, in that
all your network connections go through our firewall.
Normally, to access a machine on the local network, you use
ssh
to login to one of the
workgroup servers, then ssh again to the local machine. But there are times when this becomes inconvenient, complicated, or slow; e.g., accessing one of the electronics-design systems at Nevis. A VPN connection can be a simpler solution.
If all you want to do is browse the web securely, you may want to consider a
web proxy instead. They're a bit harder to set up than VPN, but you don't have to install a program to use it.
Limits
VPN works for connections from outside the Nevis particle-physics networks. It does not work when connecting from within that network.
In particular, the Nevis mansion house and wireless connections within the research and electronics buildings are within the network that VPN protects. You cannot use Nevis particle-physics VPN to connect to systems in the research and electronics buildings when you are within the Nevis particle-physics network.
Install Cisco's VPN Client
This only has to be done once.
Although there are many VPN client programs available, since we have a Cisco firewall I find that the Cisco secure client works best and takes advantage of all the networking features.
To get Cisco's
VPN client, scroll to the bottom of this page and click on the appropriate link.
If you already have a version of Cisco's
VPN software that works, you don't have install another one. Just edit the pop-up menu's
VPN servers (just click on the menu and type) to add
vpn.nevis.columbia.edu
and continue as described below.
Using the VPN client
Start the Cisco
VPN client program. You may have to "hunt" for its location. For example, on my Macintosh, I found it in
Applications->Cisco
.
When you start the application:
- The VPN server is
vpn.nevis.columbia.edu
- Click on the
Connect
button.
- If you're prompted for a
Group
, choose Nevis
- Use your Nevis account name and password.
If you have any active network connections (e.g., you have an
ssh
session open) they'll probably be cut off when you connect to VPN. Just restart the connection to have its traffic go through the secure network.
If you're having trouble accessing your local network devices (e.g., a printer in your home), go into the Cisco client preferences and make sure
Allow local (LAN) access
is checked. Then disconnect and reconnect VPN.
That's it!
Things to try
Our firewall normally filters out
ping
attempts to any device inside the Nevis particle-physics networks. Before you start VPN, try to ping
mail.nevis.columbia.edu
; it will not succeed. After you connect with Cisco's client,
ping mail
will work.
From outside of Nevis, systems on the
local network are "invisible." Once you establish a VPN connection, you should be able to directly
ssh
to any system on that network; e.g.,
ssh ekumen.nevis.columbia.edu
.
Some systems have restricted access to the outside world, e.g., the electronics-design machines. With a VPN connection, you should be able to directly
ping
and
ssh
to a restricted system like
elecsim4
(assuming you have an account on
elecsim4
, of course!).
Downloads
If you're using Mac OS 14 (Sonoma), try the Ventura client.