wiki:UserGuide/RemoteAccess/VPNpersist

Site Navigation

  1. COSMOS Testbed Overview
    1. Concepts
    1. Testbed Workflow
    1. Availability and Resource Status
    1. Events and Conferences
  6. Getting Started
    1. Make an Account
    2. Create and Configure SSH Keys
    3. Make a Reservation
    4. Log in to your Reservation
    5. Control Resources with OMF
    6. Run a Hello World Experiment
    7. Get Help and Support
  7. COSMOS/ORBIT User Guide
    1. The COSMOS Portal
    2. Connecting to the Testbed
    3. Running Experiments
    4. Policies and Support
    5. Quick Links
    1. Policies
    1. Account Creation
    1. Camera Streaming
    1. Scheduling and Reservations
    1. Disk Images
    1. Frequently Asked Questions
    1. Resource Control with OMF
  15. COSMOS Portal
    1. Your First Visit
    2. Setting Up Your Account
    3. Reserving Testbed Time
    4. Monitoring Your Experiment
    5. Connecting via SSH
    6. Managing Disk Images
    7. Joining the Community
    8. Browsing Users and Groups
    9. Tips
  16. Account Management
    1. Edit Profile
    2. Change Password
    3. SSH Keys
  17. Portal Dashboard
    1. Profile Card
    2. Usage Statistics
    3. Community Forum
  18. Directory
    1. Users
    2. Groups
    3. Privacy Note
  19. Disk Images
    1. Browsing Images
    2. Image Details
    3. Searching and Sorting
    4. Managing Your Images
    5. Baseline Images
    6. Saving Custom Images
    7. Storage and Retention
  20. Community Forum
    1. Accessing the Forum
    2. Forum Categories
    3. How to Use the Forum
    4. Forum Etiquette
    5. Privacy and Access
  21. Getting Started with the COSMOS Portal
    1. Creating an Account
    2. Logging In
    3. What to Do After Logging In
  22. SSH Access to Testbed Nodes
    1. Access Model
    2. Console Servers
    3. Basic Connection
    4. SSH Config File
    5. SSH Tunneling
    6. File Transfer
    7. Troubleshooting
  23. Scheduler
    1. Calendar View
    2. Reservation Colors
    3. Creating a Reservation
    4. Competing for a Slot
    5. Modifying or Canceling Reservations
    6. My Reservations
    7. Resource Information
  24. Testbed Status
    1. Node Status Grid
    2. RF Matrix Control (SB4)
    3. Understanding Node States During Experiments
    1. Remote Access
    1. Chrome Remote Desktop Setup Page
  27. Installing Chrome Remote Desktop (CRD) on a Custom Image
    1. Measurement & Result Collection
    1. Storage
    1. Support
    1. Contributing to the Wiki
  32. Tutorials
    1. SDR and Wireless
    2. Wireless Digital Twins
    3. Optical Networking
    4. Wired Networking
    5. Edge Computing
    6. 4G/5G Systems
    7. Orchestration Platforms
  33. Architecture
    1. Data Flow
    1. Deployment Map
    1. Domains
    1. Naming Convention
    1. Networks
    1. Optical
  40. Resources, Services and APIs
    1. RF Control
    2. SDR Control
    3. Compute Control
    4. Network Control
    5. Optical Control
  41. Datasets
  42. Hardware Info
    1. Cameras
    1. Compute
    1. FR3 SDRs
    1. Network
    1. Nodes
    1. Optical
    1. RF Subsystems
    1. Antennas
    1. Full-Duplex Radio
    1. RF Front End
    1. Software Defined Radios (SDR)
  54. RF Policies & Compliance
    1. Outdoor Radio Frequency Allocation
    2. Program Experiment License
    3. Spectrum Monitoring
    4. Emergency Stop Procedures
    5. Network and Platform Security

Persistent Site to Site VPN

Each console, as well as the central firewall act as potential VPN endpoints. To establish a site to site vpn, usually you will need to choose a console as the end-point. This will provide L3 access to the control network for that domain. L3 access to data networks will require additional configuration.

The endpoints run strongSwan VPN with the following configuration template (please contact us for the needed "left" information in <brackets> below, as well as a pre-shared key; you will need to provide us with the "right" information in <brackets> below, as well as a phone number or other secure (non-email) way to send you the pre-shared key): 

conn %default
    auto=start
    type=tunnel
    keyexchange=ikev2
    mobike=yes
    fragmentation=yes
    installpolicy=yes

    ike=aes256-sha2_256-ecp384!
    esp=aes256-sha2_256-ecp384!

    dpddelay=10s
    dpdtimeout=60s
    dpdaction=restart

    authby=secret

    left=<console private IP>
    leftid=<console private IP>
    leftsubnet=<domain control network>

conn <yoursite>
    right=<your endpoint public static IP>
    rightid=<your endpoint public static IP or dns name>
    rightsubnet=<your private network to route>
Last modified 4 years ago Last modified on Nov 2, 2021, 1:37:34 PM
Note: See TracWiki for help on using the wiki.