Getting by without a VPN client

This page outlines tasks that many people feel they need the VPN client to use. We intend to fill this page with helpful tips, so please send mail to systems if you have a question that's not addressed here -- you may be surprised to learn that you don't need the VPN for something that previously required it. Also, the lab is trying to find ways to allow people access to internal data without having to use separate VPN software.

Authenticated Wireless

If you're on-site, you can connect to the ArgonneG-Auth or ArgonneA-Auth networks using your Argonne credentials. This serves functionally the same as a VPN or wired connection.

Using E-Mail

We support encrypted mail reading and sending. See configuring your e-mail client.

Web VPN

If you only need to read web documents, you can use the Web VPN at http://vpn.anl.gov without installing anything. This uses your Argonne Domain Credentials.

SOCKS Proxy

Open a SOCKS proxy connection with the following command:

ssh -D 32000 login.mcs.anl.gov

Then configure your web client to use SOCKS proxy on localhost using the port number you used above (32000 in this example).

You can find extensions for Chrome and Firefox to quickly switch between these configurations.

Please note that as long as you have your SOCKS proxy on, *all* your web traffic is routed to the host through which you connected (login.mcs.anl.gov in the example above).

Remote Desktop (includes Kronos and TMS)

If you're using a Mac or Linux machine, simply do the following on a commandline:

ssh -L 3389:tsc.anl.gov:3389 username@terra.mcs.anl.gov

Then connect to "localhost" with your rdesktop client. When you're done, you can close the SSH connection.

Reading journals (Proxy via SSH)

Some sites require you come from an Argonne host to read their online journals. If you SSH port forward port 3131 to proxy, you can use "localhost" as a proxy. Here's an example from OS X. From a commandline:

ssh -L 3131:proxy.mcs.anl.gov:3131 login.mcs.anl.gov

Then, for in your browser preferences specify "localhost" as the proxy, and "3131" as the port for http and https. Don't forget to turn this off when you're done (as well as closing the SSH connection).

If you're onsite and using wireless, you can also use the instructions below.

Remote filesystems

See The FUSE project and SSHFS for linux. For OS X, see MacFuse and SSHFS. An alternative for SSHFS for OS X is Secure Remote Disk which supports SSH agents.

Printing

Linux and Mac users can print to our lpd server from wireless without any VPN. Windows users can copy the file to their home filesystem and either print from a linux workstation (terra, shakey, etc) or by using the Remote Desktop method above to connect to termserv.mcs.anl.gov (instead of tsc.anl.gov) and print from there.

Automatic Proxy Configuration

If you'd like to automatically use our web proxy when on our wireless or VPN network, you can accomplish this by using the autoconfiguration URL of:

http://www.mcs.anl.gov/proxy/proxy.pac

Depending on your browser, instructions on putting this into place differ. Here's a quick summary, and if you need more help, ask at systems@mcs.anl.gov.

Note: If you ever find things are not working as expected, quit your browser and restart it to get a fresh copy of the configuration.

Safari or Camino

Safari and Camino use the main OS Settings. You get to these in System Preferences (on the Dock or in the Apple Menu), under Network. The easiest way to find it is to type "proxy" in the search box in the upper-right corner of the System Settings window. Enter the URL above in the PAC File URL: box.

Firefox

You'll find the Proxy settings under Advanced, in Network (under the heading "Connection"). Use the "Automatic proxy configuration URL", and enter the URL above.

Internet Explorer

In your Control Panel, under Internet Options, select the Connections tab, then the LAN settings button. Check the "Use automatic configuration script" box, and enter the URL above into the box.