[AG-TECH] NAT and bridge traffic

Joseph Stone stone004 at umn.edu
Tue Sep 11 18:21:10 CDT 2007 

Yes.  I've kicked around the idea with Zsolt about doing a session  
over the AG, perhaps in my venue server.  Caveat: It currently has  
been tested and is set up for 2.4
I think I now know how to make it work with a 3.0 environment but  
would need time to get it there.  I can discuss this more.
My current boss needs to know I plan to share the experience before I  
can solidly commit.

Joe

On Sep 11, 2007, at 3:35 PM, George Estes wrote:

> Joe,
>
>   Would you be willing to share your experience in setting up the  
> OpenVPN/Bridge?
>
> Thanks,
> George
>> X-Envelope-From: Zsolt-Nagykaldi at ouhsc.edu
>> X-Envelope-To: <gestes at ncsa.uiuc.edu>
>> Subject: RE: [AG-TECH] NAT and bridge traffic
>> Date: Tue, 11 Sep 2007 12:51:27 -0500
>> X-MS-Has-Attach:
>> X-MS-TNEF-Correlator:
>> Thread-Topic: [AG-TECH] NAT and bridge traffic
>> Thread-Index: Acf0ljzjI12+VmBDQr2sxHVMjKfGHQABTNuN
>> From: "Nagykaldi, Zsolt F. \(HSC\)" <Zsolt-Nagykaldi at ouhsc.edu>
>> To: "George Estes" <gestes at ncsa.uiuc.edu>
>> Cc: <ag-tech at mcs.anl.gov>
>> X-OriginalArrivalTime: 11 Sep 2007 17:51:27.0882 (UTC) FILETIME= 
>> [60C30EA0:01C7F49C]
>> X-Proofpoint-Virus-Version: vendor=fsecure  
>> engine=4.65.5502:2.3.11,1.2.37,4.0.164  
>> definitions=2007-09-11_04:2007-09-11,2007-09-11,2007-09-11  
>> signatures=0
>> X-Proofpoint-Spam-Details: rule=notspam policy=default score=0  
>> spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0  
>> classifier=spam adjust=0 reason=mlx engine=3.1.0-0708230000  
>> definitions=main-0709110068
>> X-Scanned-By: milter-spamc/1.12.383 .383  
>> (rimantadine.ncsa.uiuc.edu [141.142.2.77]); Tue, 11 Sep 2007  
>> 12:52:16 -0500
>> X-Spam-Status: NO, hits=4.50 required=4.90
>> X-Null-Tag: aefa1a49861c3a28f7ff4601584732f4
>> X-NCSA-MailScanner-Information: Please contact help at ncsa.uiuc.edu  
>> for more information, rimantadine.ncsa.uiuc.edu
>> X-NCSA-MailScanner: Found to be clean
>> X-Deliver-To: gestes
>>
>>
>> OpenVPN allows you to put your remote client computer "physically"  
>> and very securely on an ad-hoc local network. Therefore, as the  
>> most simple setup, you can run an OpenVPN server on the same  
>> machine that you use for the bridge server and handle remote  
>> clients as local network clients, allowing access to the bridge  
>> for a range of local IPs only (e.g. 10.10.x.x), in addition to  
>> your regular bridge access over the Internet. For intricate  
>> technical details of fine-tuning the bridge server, I would  
>> encourage you to contact Joe at stone004 at umn.edu.
>>
>>
>> Zsolt
>>
>>
>> ---
>>
>> Zsolt Nagykaldi, PhD<?xml:namespace prefix = o ns = "urn:schemas- 
>> microsoft-com:office:office" />
>> Assistant Professor of Research
>> Clinical IT Specialist
>>
>> University of <?xml:namespace prefix = st1 ns = "urn:schemas- 
>> microsoft-com:office:smarttags" />Oklahoma Health Sciences Center
>> Department of Family & Preventive Medicine
>> 900 N.E. 10th Street
>> Oklahoma City, OK 73104
>>
>> Phone: (405) 271-8000 ext.1-32208
>> Fax:     (405) 271-2784
>>
>> From: George Estes [mailto:gestes at ncsa.uiuc.edu]
>> Sent: Tue 9/11/2007 12:08 PM
>> To: Nagykaldi, Zsolt F. (HSC)
>> Cc: ag-tech at mcs.anl.gov
>> Subject: RE: [AG-TECH] NAT and bridge traffic
>>
>> Zsolt,
>>
>>   What's the basic setup for using OpenVPN with a bridge?
>>
>> Thanks,
>> George
>>
>> At 10:46 AM 9/11/2007 -0500, Nagykaldi, Zsolt F. \(HSC\) wrote:
>>>
>>>
>>> It is generally a pain in the back to establish connections to  
>>> bridge servers in a NAT -ed environment. Port forwarding is one  
>>> of your options, however there are a number of issues: 1) A large  
>>> number of ports may need to be forwarded depending on the bridge  
>>> setup and how many bridges you want to access (security  
>>> implications); 2) Some older Cisco firewalls without a decent GUI  
>>> may give you a hard time to create the appropriate rules to do  
>>> what you need.
>>>
>>> My suggestion is to forget about ports and use OpenVPN on the  
>>> bridge and the client machine to go through the NAT -ed network  
>>> and everything in between your computer and the bridge. We have a  
>>> significant experience with this and pretty good results. Your  
>>> absolute expert (who came up with the combined bridge/Open VPN  
>>> server solution) is Joe Stone (stone004 at umn.edu). I can also  
>>> help, if needed.
>>>
>>> Zsolt
>>>
>>>
>>> ---
>>>
>>> Zsolt Nagykaldi, PhD<?xml:namespace prefix = o ns = "urn:schemas- 
>>> microsoft-com:office:office" />
>>> Assistant Professor of Research
>>> Clinical IT Specialist
>>>
>>> University of <?xml:namespace prefix = st1 ns = "urn:schemas- 
>>> microsoft-com:office:smarttags" />Oklahoma Health Sciences Center
>>> Department of Family & Preventive Medicine
>>> 900 N.E. 10th Street
>>> Oklahoma City, OK 73104
>>>
>>> Phone: (405) 271-8000 ext.1-32208
>>> Fax:     (405) 271-2784
>>>
>>> From: owner-ag-tech at mcs.anl.gov on behalf of George Estes
>>> Sent: Tue 9/11/2007 9:00 AM
>>> To: ag-tech at mcs.anl.gov
>>> Subject: [AG-TECH] NAT and bridge traffic
>>>
>>> Hello,
>>>
>>>   Could someone with experience in this area  tell me the issues/ 
>>> problems with receiving traffic from a bridge server if I'm  
>>> behind a NAT.  I've looked through the ag-tech mailing list and  
>>> there's talk of problems but I can't find specifics.
>>>
>>> Thanks,
>>> George

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/ag-tech/attachments/20070911/1e6c5ee4/attachment.htm>

More information about the ag-tech mailing list