Thanks Joe,
We are helping a large number of K-12 schools setup Access Grid nodes in
their schools. Many of these schools are using NAT. We've found some of the
network administrators at the schools don't have the ability, or willingness,
to re-configure the NAT router. So we looking for an alternative. Any help
you could give would be appreciated.
Thanks,
George
At 06:21 PM 9/11/2007 -0500, Joseph Stone wrote:
Yes. I've kicked around the idea with Zsolt about doing a session over the
AG, perhaps in my venue server. Caveat: It currently has been tested and is
set up for 2.4
I think I now know how to make it work with a 3.0 environment but would need
time to get it there. I can discuss this more.
My current boss needs to know I plan to share the experience before I can
solidly commit.
Joe
On Sep 11, 2007, at 3:35 PM, George Estes wrote:
Joe,
Would you be willing to share your experience in setting up the
OpenVPN/Bridge?
Thanks,
George
X-Envelope-From:
[email protected]<mailto:[email protected]>
X-Envelope-To: <[email protected]<mailto:[email protected]>>
Subject: RE: [AG-TECH] NAT and bridge traffic
Date: Tue, 11 Sep 2007 12:51:27 -0500
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [AG-TECH] NAT and bridge traffic
Thread-Index: Acf0ljzjI12+VmBDQr2sxHVMjKfGHQABTNuN
From: "Nagykaldi, Zsolt F. \(HSC\)"
<[email protected]<mailto:[email protected]>>
To: "George Estes" <[email protected]<mailto:[email protected]>>
Cc: <[email protected]<mailto:[email protected]>>
X-OriginalArrivalTime: 11 Sep 2007 17:51:27.0882 (UTC)
FILETIME=[60C30EA0:01C7F49C]
X-Proofpoint-Virus-Version: vendor=fsecure
engine=4.65.5502:2.3.11,1.2.37,4.0.164
definitions=2007-09-11_04:2007-09-11,2007-09-11,2007-09-11 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam
adjust=0 reason=mlx engine=3.1.0-0708230000 definitions=main-0709110068
X-Scanned-By: milter-spamc/1.12.383 .383 (rimantadine.ncsa.uiuc.edu
[141.142.2.77]); Tue, 11 Sep 2007 12:52:16 -0500
X-Spam-Status: NO, hits=4.50 required=4.90
X-Null-Tag: aefa1a49861c3a28f7ff4601584732f4
X-NCSA-MailScanner-Information: Please contact
[email protected]<mailto:[email protected]> for more information,
rimantadine.ncsa.uiuc.edu
X-NCSA-MailScanner: Found to be clean
X-Deliver-To: gestes
OpenVPN allows you to put your remote client computer "physically" and
very securely on an ad-hoc local network. Therefore, as the most simple setup,
you can run an OpenVPN server on the same machine that you use for the bridge
server and handle remote clients as local network clients, allowing access to
the bridge for a range of local IPs only (e.g. 10.10.x.x), in addition to your
regular bridge access over the Internet. For intricate technical details of
fine-tuning the bridge server, I would encourage you to contact Joe at
[email protected]<mailto:[email protected]>.
Zsolt
---
Zsolt Nagykaldi, PhD<?xml:namespace prefix = o ns =
"urn:schemas-microsoft-com:office:office" />
Assistant Professor of Research
Clinical IT Specialist
University of <?xml:namespace prefix = st1 ns =
"urn:schemas-microsoft-com:office:smarttags" />Oklahoma Health Sciences Center
Department of Family & Preventive Medicine
900 N.E. 10th Street
Oklahoma City, OK 73104
Phone: (405) 271-8000 ext.1-32208
Fax: (405) 271-2784
_____
From: George Estes [mailto:[email protected]]
Sent: Tue 9/11/2007 12:08 PM
To: Nagykaldi, Zsolt F. (HSC)
Cc: [email protected]<mailto:[email protected]>
Subject: RE: [AG-TECH] NAT and bridge traffic
Zsolt,
What's the basic setup for using OpenVPN with a bridge?
Thanks,
George
At 10:46 AM 9/11/2007 -0500, Nagykaldi, Zsolt F. \(HSC\) wrote:
It is generally a pain in the back to establish connections to
bridge servers in a NAT -ed environment. Port forwarding is one of your
options, however there are a number of issues: 1) A large number of ports may
need to be forwarded depending on the bridge setup and how many bridges you
want to access (security implications); 2) Some older Cisco firewalls without a
decent GUI may give you a hard time to create the appropriate rules to do what
you need.
My suggestion is to forget about ports and use OpenVPN on the
bridge and the client machine to go through the NAT -ed network and everything
in between your computer and the bridge. We have a significant experience with
this and pretty good results. Your absolute expert (who came up with the
combined bridge/Open VPN server solution) is Joe Stone
([email protected]<mailto:[email protected]>). I can also help, if needed.
Zsolt
---
Zsolt Nagykaldi, PhD<?xml:namespace prefix = o ns =
"urn:schemas-microsoft-com:office:office" />
Assistant Professor of Research
Clinical IT Specialist
University of <?xml:namespace prefix = st1 ns =
"urn:schemas-microsoft-com:office:smarttags" />Oklahoma Health Sciences Center
Department of Family & Preventive Medicine
900 N.E. 10th Street
Oklahoma City, OK 73104
Phone: (405) 271-8000 ext.1-32208
Fax: (405) 271-2784
_____
From: [email protected]<mailto:[email protected]>
on behalf of George Estes
Sent: Tue 9/11/2007 9:00 AM
To: [email protected]<mailto:[email protected]>
Subject: [AG-TECH] NAT and bridge traffic
Hello,
Could someone with experience in this area tell me the
issues/problems with receiving traffic from a bridge server if I'm behind a
NAT. I've looked through the ag-tech mailing list and there's talk of problems
but I can't find specifics.
Thanks,
George
