<html>
Joe,<br><br>
Would you be willing to share your experience in setting up the
OpenVPN/Bridge?<br><br>
Thanks,<br>
George<br>
<blockquote type=cite class=cite cite>X-Envelope-From:
Zsolt-Nagykaldi@ouhsc.edu<br>
X-Envelope-To: <gestes@ncsa.uiuc.edu><br>
Subject: RE: [AG-TECH] NAT and bridge traffic<br>
Date: Tue, 11 Sep 2007 12:51:27 -0500<br>
X-MS-Has-Attach: <br>
X-MS-TNEF-Correlator: <br>
Thread-Topic: [AG-TECH] NAT and bridge traffic<br>
Thread-Index: Acf0ljzjI12+VmBDQr2sxHVMjKfGHQABTNuN<br>
From: "Nagykaldi, Zsolt F. \(HSC\)"
<Zsolt-Nagykaldi@ouhsc.edu><br>
To: "George Estes" <gestes@ncsa.uiuc.edu><br>
Cc: <ag-tech@mcs.anl.gov><br>
X-OriginalArrivalTime: 11 Sep 2007 17:51:27.0882 (UTC)
FILETIME=[60C30EA0:01C7F49C]<br>
X-Proofpoint-Virus-Version: vendor=fsecure
engine=4.65.5502:2.3.11,1.2.37,4.0.164
definitions=2007-09-11_04:2007-09-11,2007-09-11,2007-09-11
signatures=0<br>
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0
classifier=spam adjust=0 reason=mlx engine=3.1.0-0708230000
definitions=main-0709110068<br>
X-Scanned-By: milter-spamc/1.12.383 .383 (rimantadine.ncsa.uiuc.edu
[141.142.2.77]); Tue, 11 Sep 2007 12:52:16 -0500<br>
X-Spam-Status: NO, hits=4.50 required=4.90<br>
X-Null-Tag: aefa1a49861c3a28f7ff4601584732f4<br>
X-NCSA-MailScanner-Information: Please contact help@ncsa.uiuc.edu for
more information, rimantadine.ncsa.uiuc.edu<br>
X-NCSA-MailScanner: Found to be clean<br>
X-Deliver-To: gestes<br><br>
<br>
<font face="arial" size=2>OpenVPN allows you to put your remote client
computer "physically" and very securely on an ad-hoc local
network. Therefore, as the most simple setup, you can run an OpenVPN
server on the same machine that you use for the bridge server and handle
remote clients as local network clients, allowing access to the bridge
for a range of local IPs only (e.g. 10.10.x.x), in addition to your
regular bridge access over the Internet. For intricate technical details
of fine-tuning the bridge server, I would encourage you to contact Joe at
<a href="mailto:stone004@umn.edu">stone004@umn.edu</a>.</font><br>
<br>
<br>
<font face="arial" size=2>Zsolt</font><br>
<br>
<br>
<font face="arial" size=2>---</font><br>
<br>
<font face="arial" size=2>Zsolt Nagykaldi, PhD<?xml:namespace prefix =
o ns = "urn:schemas-microsoft-com:office:office"
/></font><br>
<font face="arial" size=2>Assistant Professor of Research</font><br>
<font face="arial" size=2>Clinical IT Specialist</font><br>
<font face="arial" size=2> </font><br>
<font face="arial" size=2>University of <?xml:namespace prefix = st1
ns = "urn:schemas-microsoft-com:office:smarttags" />Oklahoma
Health Sciences Center</font><br>
<font face="arial" size=2>Department of Family & Preventive
Medicine</font><br>
<font face="arial" size=2>900 N.E. 10th Street</font><br>
<font face="arial" size=2>Oklahoma City, OK 73104</font><br>
<font face="arial" size=2> </font><br>
<font face="arial" size=2>Phone: (405) 271-8000 ext.1-32208</font><br>
<font face="arial" size=2>Fax: (405)
271-2784</font><br>
<br>
<hr>
<font face="tahoma" size=2><b>From:</b> George Estes
[<a href="mailto:gestes@ncsa.uiuc.edu" eudora="autourl">mailto:gestes@ncsa.uiuc.edu</a>]<br>
<b>Sent:</b> Tue 9/11/2007 12:08 PM<br>
<b>To:</b> Nagykaldi, Zsolt F. (HSC)<br>
<b>Cc:</b> ag-tech@mcs.anl.gov<br>
<b>Subject:</b> RE: [AG-TECH] NAT and bridge traffic<br>
</font><br>
Zsolt,<br><br>
What's the basic setup for using OpenVPN with a bridge?<br><br>
Thanks,<br>
George<br><br>
At 10:46 AM 9/11/2007 -0500, Nagykaldi, Zsolt F. \(HSC\) wrote:<br>
<blockquote type=cite class=cite cite><br>
<br>
<font face="arial" size=2>It is generally a pain in the back to establish
connections to bridge servers in a NAT -ed environment. Port forwarding
is one of your options, however there are a number of issues: 1) A large
number of ports may need to be forwarded depending on the bridge setup
and how many bridges you want to access (security implications); 2) Some
older Cisco firewalls without a decent GUI may give you a hard time to
create the appropriate rules to do what you need.</font><br>
<br>
<font face="arial" size=2>My suggestion is to forget about ports and use
OpenVPN on the bridge and the client machine to go through the NAT -ed
network and everything in between your computer and the bridge. We have a
significant experience with this and pretty good results. Your absolute
expert (who came up with the combined bridge/Open VPN server solution) is
Joe Stone (<a href="mailto:stone004@umn.edu">stone004@umn.edu</a>). I can
also help, if needed.</font><br>
<br>
<font face="arial" size=2>Zsolt</font><br>
<br>
<br>
<font face="arial" size=2>---</font><br>
<br>
<font face="arial" size=2>Zsolt Nagykaldi, PhD<?xml:namespace prefix =
o ns = "urn:schemas-microsoft-com:office:office"
/></font><br>
<font face="arial" size=2>Assistant Professor of Research</font><br>
<font face="arial" size=2>Clinical IT Specialist</font><br>
<font face="arial" size=2> </font><br>
<font face="arial" size=2>University of <?xml:namespace prefix = st1
ns = "urn:schemas-microsoft-com:office:smarttags" />Oklahoma
Health Sciences Center</font><br>
<font face="arial" size=2>Department of Family & Preventive
Medicine</font><br>
<font face="arial" size=2>900 N.E. 10th Street</font><br>
<font face="arial" size=2>Oklahoma City, OK 73104</font><br>
<font face="arial" size=2> </font><br>
<font face="arial" size=2>Phone: (405) 271-8000 ext.1-32208</font><br>
<font face="arial" size=2>Fax: (405)
271-2784</font><br><br>
<hr>
<font face="tahoma" size=2><b>From:</b> owner-ag-tech@mcs.anl.gov on
behalf of George Estes<br>
<b>Sent:</b> Tue 9/11/2007 9:00 AM<br>
<b>To:</b> ag-tech@mcs.anl.gov<br>
<b>Subject:</b> [AG-TECH] NAT and bridge traffic<br>
</font><br>
<font size=2>Hello,<br><br>
Could someone with experience in this area tell me the
issues/problems with receiving traffic from a bridge server if I'm behind
a NAT. I've looked through the ag-tech mailing list and there's
talk of problems but I can't find specifics.<br><br>
Thanks,<br>
George</font></blockquote></blockquote></html>