Changes between Version 4 and Version 5 of User Guide/Remote Access/VPN

Timestamp:

Feb 28, 2020, 1:49:20 PM (4 years ago)

Author:

seskar

Comment:

—

User Guide/Remote Access/VPN

@@ -1 @@
-=== External connections to ORBIT / COSMOS ===
+== External VPN connections to COSMOS ==
 
-We maintain point to point connections to link various resources to the testbed, mostly at layer 2 for networking experiments.
+We maintain point to point connections to link various resources to the testbed, mostly at layer 2 for networking experiments. This consists of dialable links over internet2, as well as tunnels over the public internet.
 
-This consists of dialable links over internet2, as well as tunnels over the public internet.
+=== User VPN Service ===
 
-=== User access ===
+Connect to the following endpoints using your COSMOS username and password. This will only be active during your reservation.
 
-==== SSH tunneling ====
-This will allow you to connect to anything that the console can
+ ||   Server                  ||  Subnet         ||  Description        ||
+ || vpn.bed.cosmos-lab.org    ||  10.110.0.0/16  ||  COSMOS Main Testbed ||
+ || vpn.sb1.cosmos-lab.org    ||  10.113.0.0/16  ||  COSMOS SB1 ||
+ || vpn.sb2.cosmos-lab.org    ||  10.116.0.0/16  ||  COSMOS SB2 ||
 
 
-==== IKEv2 VPN
+[[CollapsibleStart(Windows)]]
 
-Connect to the following endpoints using your orbit/cosmos username and password. This will only be active during your reservation.
+Windows !PowerShell commands:
 
-|| server                    || domain         || Subnet        || Description        ||
-|| vpn.bed.cosmos-lab.org    || cosmos-lab.org || 10.110.0.0/16  || sb1.cosmos control ||
-|| vpn.sb1.cosmos-lab.org    || cosmos-lab.org || 10.113.0.0/16  || sb1.cosmos control ||
-|| vpn.sb2.cosmos-lab.org    || cosmos-lab.org || 10.116.0.0/16  || sb1.cosmos control ||
-|| vpn.grid.orbit-lab.org    || orbit-lab.org  || 10.10.0.0/16   ||            control ||
-|| vpn.outdoor.orbit-lab.org || orbit-lab.org  || 10.40.0.0/16   ||            control ||
-|| vpn.sb1.orbit-lab.org     || orbit-lab.org  || 10.11.0.0/16   ||            control ||
-|| vpn.sb2.orbit-lab.org     || orbit-lab.org  || 10.12.0.0/16   ||            control ||
-|| vpn.sb3.orbit-lab.org     || orbit-lab.org  || 10.13.0.0/16   ||            control ||
-|| vpn.sb4.orbit-lab.org     || orbit-lab.org  || 10.14.0.0/16   ||            control ||
-|| vpn.sb5.orbit-lab.org     || orbit-lab.org  || 10.15.0.0/16   ||            control ||
-|| vpn.sb6.orbit-lab.org     || orbit-lab.org  || 10.16.0.0/16   ||            control ||
-|| vpn.sb7.orbit-lab.org     || orbit-lab.org  || 10.17.0.0/16   ||            control ||
-|| vpn.sb8.orbit-lab.org     || orbit-lab.org  || 10.18.0.0/16   ||            control ||
-|| vpn.sb9.orbit-lab.org     || orbit-lab.org  || 10.19.0.0/16   ||            control ||
-|| vpn.sb10.orbit-lab.org    || orbit-lab.org  || 10.30.0.0/16   ||            control ||
+  ||  Domain  ||  Windows !PowerShell Commands  ||
+  || SB1    || {{{ Add-VpnConnection -Name "COSMOS SB1" -ServerAddress vpn.sb1.cosmos-lab.org -DnsSuffix sb1.cosmos-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru}}} [[BR]]{{{ Add-VpnConnectionRoute -ConnectionName "COSMOS SB1" -DestinationPrefix 10.113.0.0/16 -PassThru}}} ||
+  || SB2    || {{{ Add-VpnConnection -Name "COSMOS SB2" -ServerAddress vpn.sb2.cosmos-lab.org -DnsSuffix cosmos-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}} [[BR]]{{{ Add-VpnConnectionRoute -ConnectionName "COSMOS SB2" -DestinationPrefix 10.116.0.0/16 -PassThru}}}  ||
+  || Main Testbed || {{{ Add-VpnConnection -Name "COSMOS Main Testbed" -ServerAddress vpn.bed.cosmos-lab.org -DnsSuffix cosmos-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}} [[BR]]{{{ Add-VpnConnectionRoute -ConnectionName "COSMOS Main Testbed" -DestinationPrefix 10.110.0.0/16 -PassThru}}}  ||
 
-===== Instructions
+Open the !PowerShell command window as administrator
 
-Windows commands:
-* {{{ Add-VpnConnection -Name vpn.sb1.cosmos-lab.org -ServerAddress vpn.sb1.cosmos-lab.org -DnsSuffix cosmos-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.sb2.cosmos-lab.org -ServerAddress vpn.sb2.cosmos-lab.org -DnsSuffix cosmos-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.bed.cosmos-lab.org -ServerAddress vpn.bed.cosmos-lab.org -DnsSuffix cosmos-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.grid.orbit-lab.org -ServerAddress vpn.grid.orbit-lab.org -DnsSuffix orbit-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.outdoor.orbit-lab.org -ServerAddress vpn.outdoor.orbit-lab.org -DnsSuffix orbit-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.sb1.orbit-lab.org -ServerAddress vpn.sb1.orbit-lab.org -DnsSuffix orbit-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.sb2.orbit-lab.org -ServerAddress vpn.sb2.orbit-lab.org -DnsSuffix orbit-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.sb3.orbit-lab.org -ServerAddress vpn.sb3.orbit-lab.org -DnsSuffix orbit-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.sb4.orbit-lab.org -ServerAddress vpn.sb4.orbit-lab.org -DnsSuffix orbit-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.sb5.orbit-lab.org -ServerAddress vpn.sb5.orbit-lab.org -DnsSuffix orbit-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.sb6.orbit-lab.org -ServerAddress vpn.sb6.orbit-lab.org -DnsSuffix orbit-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.sb7.orbit-lab.org -ServerAddress vpn.sb7.orbit-lab.org -DnsSuffix orbit-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.sb8.orbit-lab.org -ServerAddress vpn.sb8.orbit-lab.org -DnsSuffix orbit-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.sb9.orbit-lab.org -ServerAddress vpn.sb9.orbit-lab.org -DnsSuffix orbit-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
-* {{{ Add-VpnConnection -Name vpn.sb10.orbit-lab.org -ServerAddress vpn.sb10.orbit-lab.org -DnsSuffix orbit-lab.org -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -RememberCredential -PassThru }}}
+[[Image(PowerShell1.png, 600px)]]
+
+Cut and paste the pair of commands into the !PowerShell window as show in figure below:
+
+[[Image(PowerShell2.png, 600px)]]
+
+Alternatively, [download the Windows !PowerShell script] to your local machine, right-click on it and run it as administrator.
+
+Once VPN connection(s) are created, you will be able to bring the connection menu up by left mouse click on the network icon on the Windows task bar:
+
+[[Image(VPN1.png), 300px)]]
+
+Select the appropriate connection (for which you must have current reservation) which will prompt you for your username and password (only the very first time you activate that particular VPN connection):
 
 
-Replace $SERVER with the server fqdn above, replace $SUBNET with the subnet above
+[[Image(VPN2.png, 300px)]] 
 
-* Windows
- 1. {{{ Add-VpnConnection -Name $SERVER -ServerAddress $SERVER -DnsSuffix $DOMAIN -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling  -RememberCredential -PassThru }}}
- 1. {{{ Add-VpnConnectionRoute -ConnectionName "$SERVER -DestinationPrefix $SUBNET -PassThru }}}
+[[CollapsibleEnd]]
+
+[[BR]]
+
+[[CollapsibleStart(Linux)]]
+ Comming soon
+[[CollapsibleEnd]]
+
+[[BR]]
+
+[[CollapsibleStart(MacOS)]]
+ Comming soon
+[[CollapsibleEnd]]
+
+