<HTML dir=ltr><HEAD>
<META http-equiv=Content-Type content="text/html; charset=unicode">
<META content="MSHTML 6.00.2900.3157" name=GENERATOR></HEAD>
<BODY>
<DIV id=idOWAReplyText5426 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>OpenVPN allows you to put your remote client computer "physically" and very securely on an ad-hoc local network. Therefore, as the most simple setup, you can run an OpenVPN server on the same machine that you use for the bridge server and handle remote clients as local network clients, allowing access to the bridge for a range of local IPs only (e.g. 10.10.x.x), in addition to your regular bridge access over the Internet. For intricate technical details of fine-tuning the bridge server, I would encourage you to contact Joe at <A href="mailto:stone004@umn.edu">stone004@umn.edu</A>.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Zsolt</FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV></DIV>
<DIV id=idSignature66274 dir=ltr>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>---</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT color=#000000>
<DIV class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Arial><FONT size=2>Zsolt Nagykaldi, PhD<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></FONT></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Arial><FONT size=2>Assistant Professor of Research<o:p></o:p></FONT></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Arial><FONT size=2>Clinical IT Specialist<o:p></o:p></FONT></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0in 0in 0pt"><o:p><FONT face=Arial size=2> </FONT></o:p></DIV>
<DIV class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Arial><FONT size=2>University of <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" /><st1:place w:st="on"><st1:PlaceName w:st="on">Oklahoma</st1:PlaceName> <st1:PlaceName w:st="on">Health</st1:PlaceName> <st1:PlaceName w:st="on">Sciences</st1:PlaceName> <st1:PlaceType w:st="on">Center</st1:PlaceType></st1:place><o:p></o:p></FONT></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Arial><FONT size=2>Department of Family & Preventive Medicine<o:p></o:p></FONT></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Arial><FONT size=2><st1:Street w:st="on"><st1:address w:st="on">900 N.E. 10th Street</st1:address></st1:Street><o:p></o:p></FONT></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Arial><FONT size=2><st1:place w:st="on"><st1:City w:st="on">Oklahoma City</st1:City>, <st1:State w:st="on">OK</st1:State> <st1:PostalCode w:st="on">73104</st1:PostalCode></st1:place><o:p></o:p></FONT></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0in 0in 0pt"><o:p><FONT face=Arial size=2> </FONT></o:p></DIV>
<DIV class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Arial size=2>Phone: (405) 271-8000 ext.1-32208</FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Arial size=2>Fax:<SPAN style="mso-spacerun: yes"> </SPAN>(405) 271-2784</FONT></DIV></FONT></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> George Estes [mailto:gestes@ncsa.uiuc.edu]<BR><B>Sent:</B> Tue 9/11/2007 12:08 PM<BR><B>To:</B> Nagykaldi, Zsolt F. (HSC)<BR><B>Cc:</B> ag-tech@mcs.anl.gov<BR><B>Subject:</B> RE: [AG-TECH] NAT and bridge traffic<BR></FONT><BR></DIV>
<DIV>Zsolt,<BR><BR> What's the basic setup for using OpenVPN with a bridge?<BR><BR>Thanks,<BR>George<BR><BR>At 10:46 AM 9/11/2007 -0500, Nagykaldi, Zsolt F. \(HSC\) wrote:<BR>
<BLOCKQUOTE class=cite type="cite"><BR> <BR><FONT face=arial size=2>It is generally a pain in the back to establish connections to bridge servers in a NAT -ed environment. Port forwarding is one of your options, however there are a number of issues: 1) A large number of ports may need to be forwarded depending on the bridge setup and how many bridges you want to access (security implications); 2) Some older Cisco firewalls without a decent GUI may give you a hard time to create the appropriate rules to do what you need.</FONT><BR> <BR><FONT face=arial size=2>My suggestion is to forget about ports and use OpenVPN on the bridge and the client machine to go through the NAT -ed network and everything in between your computer and the bridge. We have a significant experience with this and pretty good results. Your absolute expert (who came up with the combined bridge/Open VPN server solution) is Joe Stone (<A href="mailto:stone004@umn.edu">stone004@umn.edu</A>). I can also help, if needed.</FONT><BR> <BR><FONT face=arial size=2>Zsolt</FONT><BR> <BR> <BR><FONT face=arial size=2>---</FONT><BR> <BR><FONT face=arial size=2>Zsolt Nagykaldi, PhD<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /></FONT><BR><FONT face=arial size=2>Assistant Professor of Research</FONT><BR><FONT face=arial size=2>Clinical IT Specialist</FONT><BR><FONT face=arial size=2> </FONT><BR><FONT face=arial size=2>University of <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />Oklahoma Health Sciences Center</FONT><BR><FONT face=arial size=2>Department of Family & Preventive Medicine</FONT><BR><FONT face=arial size=2>900 N.E. 10th Street</FONT><BR><FONT face=arial size=2>Oklahoma City, OK 73104</FONT><BR><FONT face=arial size=2> </FONT><BR><FONT face=arial size=2>Phone: (405) 271-8000 ext.1-32208</FONT><BR><FONT face=arial size=2>Fax: (405) 271-2784</FONT><BR><BR>
<HR>
<FONT face=tahoma size=2><B>From:</B> owner-ag-tech@mcs.anl.gov on behalf of George Estes<BR><B>Sent:</B> Tue 9/11/2007 9:00 AM<BR><B>To:</B> ag-tech@mcs.anl.gov<BR><B>Subject:</B> [AG-TECH] NAT and bridge traffic<BR></FONT><BR><FONT size=2>Hello,<BR><BR> Could someone with experience in this area tell me the issues/problems with receiving traffic from a bridge server if I'm behind a NAT. I've looked through the ag-tech mailing list and there's talk of problems but I can't find specifics.<BR><BR>Thanks,<BR>George<BR></FONT></BLOCKQUOTE></DIV></BODY></HTML>