Remote Network Access to PPPL Using a VPN
Updated January 10, 2008Introduction
These instructions are for use by Princeton Plasma
Physics Laboratory (PPPL) personnel and others who have a
legitimate reason for using computer resources at PPPL. Remote access
to non-public computer resources located
on PPPL networks requires
pre-authorization (users with approved, enabled computer accounts
and valid SecurID tokens).As an alternative to direct firewall authentication, PPPL has a Virtual Private Network (VPN) which allows offsite users secure, encrypted access to internal computer resources. VPN access is recommended for use under the following circumstances:
- when accessing PPPL from insecure locations such as airports, hotels, conferences, cyber cafes, etc.
- when accessing PPPL from any wireless network, including from home cable/DSL networks.
- any time added layers of security and encryption are desired from offsite.
Pre-requisites
Use of the PPPL VPN requires a valid computer account and SecurID token.Access to the PPPL VPN server does not require any special client software to be pre-installed on your computer. Access is done via a standard web browser, which automatically downloads the required ActiveX or Java controls.
Supported operating systems:
- Windows 2000 SP4
- Windows XP Pro and XP Home (both 32-bit and 64-bit)
- Windows Vista
- Windows 2003 Server
- MacOSX 10.3.x, 10.4.x, and 10.5.x on both PowerPC and Intel
- Various Linux platforms such as Fedora, Ubuntu, Debian, SuSe
*** MacOSX 10.5 (Leopard) is now supported as of January 10, 2008
Supported web browsers:
- Microsoft Internet Explorer 6.0 or 7 (Windows)
- Firefox 2.0.x (Windows, MacOSX, Linux)
- Safari 1.x on MacOSX 10.3.x systems
- Safari 2.x on MacOSX 10.4.x, 10.5.x systems
Required Software Settings:
ActiveX controls must be enabled on Windows browsers (this is the default setting).
Java must be installed and enabled on MacOSX and Linux browsers.
PoP-up Blocker:
If you have a pop-up blocker enabled, add PPPL's VPN server (vpn.pppl.gov) to the list of allowed sites for Popups.
VPN Access Instructions
To establish a VPN connection to PPPL, perform the following steps from your computer:1. Point your browser to http://vpn.pppl.gov. After several possible web/SSL certificate validation pages. you will be presented with a logon screen (view sample screen shot)
2. From the VPN Remote Access Logon page, enter your PPPL username and SecurID PIN/passcode. If your authentication is accepted, the PPPL VPN Network Access page should appear (view sample screen shot). If your browser has a pop-up blocker configured, you may see this screen. Add vpn.pppl.gov to the list of allowed sites for pop-ups and software downloads.
3. From the Network Access page, click on PPPL Network.
4. A small, ActiveX or Java window will appear on your screen (view sample screen shot)
Follow instructions to activate and download the required control (the download portion can take several minutes the first time PPPL's VPN system is used on a computer). Once this control/applet completes the connection, it should read:
Status: Network Access Connection Successfully Established (view sample screen shot)
5. Minimize both your Network Access browser window and your ActiveX/Java control window . They will both be needed later for session logout. Start new browser windows if web browsing is needed.
6. You are now able to make secure, encrypted connections between the authenticated computer and PPPL computer resources.
Session Logout
All VPN sessions should be logged out once access is complete. To
logout of a VPN session:1. Close the ActiveX/Java window by clicking on the "terminate" button
2. Select the "Logout" button from the Network Access window (view sample screen shot)
