[ale] VPN connections at Emory
Ron Frazier (ALE)
atllinuxenthinfo at techstarship.com
Tue Jan 22 13:38:28 EST 2013
The TOS at most institutions forbid guest access to wired ports. But, we won't mention that. I don't know about this specific institution.
Un natted connections sound a bit disturbing. I would think the whole institution would be running on a giant nat. Even so, I think a Windows machine should be OK as long as the OS firewall was running.
Re VPN, I was running hotspotvpn on Windows the other night at the meeting on the wireless. I was using HTTP protocol as far as what the menu says. I assume it was using SSL on 443. I think it runs OpenVPN under the covers. It was working fine. When I ran speedtest.net to test it, it showed my data exiting the tunnel in California. Not the most efficient, perhaps, but it worked. They have a linux option, but I haven't gotten that working yet.
Sincerely,
Ron
Jim Kinney <jim.kinney at gmail.com> wrote:
>The end result was, the wired connection from the podium allowed a full
>VPN
>connection out to my lab setup at work.
>
>On Tue, Jan 22, 2013 at 11:02 AM, Brian MacLeod <nym.bnm at gmail.com>
>wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> On 1/17/13 12:28 PM, arxaaron wrote:
>> > On 2013/01/17, at 11:41 , Jim Kinney wrote:
>> >
>> >> What was the final consensus on VPN usage from the ALE-Central
>> >> meeting space? I would MUCH prefer to show real virtualization
>> >> rather than screen shots.
>> >
>> > My understanding is that the podium hardwire connection does not
>> > have any firewall restrictions.
>> >
>> > Perhaps Brian McLeod (cc) could weigh in on this as I think he was
>> > using VPN in one of his recent presentations.
>>
>>
>> Sorry about the late response, I have been on a ship the past few
>days.
>>
>> Emory Guest allegedly allows VPN connectivity, but using Cisco
>> AnyConnect and its ilk yields at best a 10 minute usable connection
>> before termination. I have not seen an out of the box configuration
>of
>> any VPN product work on the Emory Guest network.
>>
>> However, using OpenVPN on TCP 443 does work, and while this is less
>> than optimal for OpenVPN, it works without interruption. The
>> filtering on Emory's wireless sees SSL traffic occurring on 443, and
>> that's just fine with the rules in place.
>>
>> I have been using this the last couple times I have been at a meeting
>> using VPSs (virtual private servers) that cost me a few dollars a
>> year. By doing that I don't make it as obvious I am doing something
>> "bad" by directly connecting to a host Emory could figure out is a
>> home connection, and, I get better uptime and connection speeds with
>> the VPS anyway.
>>
>> It would not surprise me that the podium connection is unfiltered.
>It
>> will also probably not surprise you that I would recommend NOT
>> connecting anything with Windows on it to that connection.
>Unfiltered
>> means it is unfiltered both ways, and I seem to remember Emory hands
>> out non-NAT'ed IPs on those connections. You get the picture.
>>
>> Brian
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQE4BAEBCAAiBQJQ/rgkGxhoa3A6Ly9rZXlzZXJ2ZXIudWJ1bnR1LmNvbQAKCRD5
>> XCJY/q4Y6LQbCACR1brk2jFbecf1gHIBGOfBmcta8c/jKpEerH5v69W4+XUXhIii
>> A2DE6jPRBkzqC8GuPHWKyWhYk1NJZJzbtS8ufsxuLbctbry821eqRJ7jblwUEcWs
>> 0HJYafcs+YNNAXXO50/CgD+z2JPX8McVqRg9fPzY0Xab6jUa0KEwyzgAG/yCqOzE
>> 8lnYmh/3CA4Y0/HzdR7Z8oq6yy0XbVejk98JQbFjgXnCblC6ro2/b3ab15hTtrQQ
>> 2MYB5Q5M5ZnGDsBmTKi8BG7c1VvEUGXqWJ2l9s21toTYM29K6VFRRBnqKQG4GXV+
>> 5ukNqIBqailxLgzuD2i1A+orGm98//nSI+PN
>> =cYRH
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
--
Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
Please excuse my potential brevity.
(To whom it may concern. My email address has changed. Replying to former
messages prior to 03/31/12 with my personal address will go to the wrong
address. Please send all personal correspondence to the new address.)
(PS - If you email me and don't get a quick response, you might want to
call on the phone. I get about 300 emails per day from alternate energy
mailing lists and such. I don't always see new email messages very quickly.)
Ron Frazier
770-205-9422 (O) Leave a message.
linuxdude AT techstarship.com
More information about the Ale
mailing list