home
overview
research
resources
outreach & training
outreach & training
visitors center
visitors center
search
search
home
overview
research
resources
outreach & training
outreach & training
visitors center
visitors center
search
search
RBVI's Virtual Private Network (VPN) "How To" Guide
Introduction
In order to provide secure access to our Resource Center and associated computer services, the Resource for Biocomputing, Visualization, and Informatics (RBVI) has installed hardware and software to support Virtual Private Network (VPN) connections from anywhere on the Internet. The RBVI VPN service allows reliable, high-performance remote-access to the RBVI and other UCSF restricted sites (e.g., certain RBVI computing resources, UCSF Library databases and journals). This is accomplished by the creation of a secure, encrypted communications channel or "tunnel" between a remote host and a VPN concentrator located in our data center.Initial steps to access the RBVI VPN
If you're using a Mac with OSX 10.6 or later, just refer to the configuration instructions given below.
All other platforms require that you download and install the Cisco VPN client software and the RBVI-specific configuration profile in order to use the system. If the Cisco VPN client is already installed on your computer, then only need to download the RBVI-specific configuration profile. Here are the steps to follow:
- Login with your User ID and Kerberos password -- Authentication to the RBVI VPN is accomplished via Kerberos, a secure network authentication system. If you have never initialized your Kerberos password, you will need to do so prior to using the VPN system. Go to the CGL Change Password page and enter your current password (the same one you use for logging into Socrates or for accessing your Socrates e-mail account), then either enter this same password or choose a new password in the "Enter new password" field. Be sure to click on the "Change Password" button at the bottom of the page when you're done. You can verify that Kerberos authentication is working for your account by visiting the Kerberos Authentication Test page. If you have problems getting Kerberos authentication to work for you, please send e-mail to kerberos-help@cgl.ucsf.edu.
- Download VPN Client Software and/or RBVI Profile -- Download VPN client for:
- Install Client or Import Profile -- Operating system specific client installation and profile import procedures for:
Windows - Installing the VPN client
After downloading the Cisco VPN client zip file for Windows to a temporary location on your system, double click on the icon (sample below) to unzip.
Then, click on the vpnclient_setup icon to install.
Windows - Start VPN Client
On the remote system, navigate to Start -> All Programs -> Cisco Systems VPN Client -> VPN Client and start the Client.
Windows - Import RBVI specific profile
Import the RBVI Profile by starting VPN client and navigating to Connection Entries -> Import. This will allow browsing to the downloaded RBVI Profile.
Windows - Starting VPN session to the RBVI VPN
Select the RBVI_VPN connection entry in VPN_Client (Note: Users who have previously installed the Cisco VPN client to connect to other organizations might have more than one Connection Entry), and click on Connect.
A Login panel should appear. Enter your username and Kerberos password to start the VPN session. There will messages at the bottom of the client indicating negotation and connection set up. Afterwards a panel will pop up, welcoming you to the RBVI VPN. Click Continue to start VPN session.
Mac OS X 10.5 and earlier - Installing the VPN client
After downloading the compressed Cisco VPN client for Mac OS X to your computer's desktop, double click on the .dmg "diskimage" file (sample below).
This mounts the disk image. Double click on the resulting "CiscoVPNClient" virtual disk to see its contents.
Double click the Cisco VPN Client.mpkg file to install the VPN client software. You must have OS X Administrator rights to install this software.
Note: After installing the VPN client, restart your system. This is a one-time only requirement. After system restart, proceed to the following section.
Mac OS X - Start VPN Client
Navigate to Applications -> VPN Client and start the VPN Client.
Mac OS X - Import RBVI specific profile
Import the RBVI Profile by starting VPN client and clicking on Import. This will allow browsing to the downloaded RBVI Profile.
Mac OS X - Starting VPN session to the RBVI VPN
Select the RBVI_VPN connection entry in VPN_Client (Note: Users who have previously installed the Cisco VPN client to connect to other organizations might have more than one Connection Entry), and click on Connect.
A Login panel should appear. Enter your username and Kerberos password to start the VPN session. There will messages at the bottom of the client indicating negotation and connection set up. Afterwards a panel will pop up, welcoming you to the RBVI VPN. Click Continue to start VPN session.
OSX 10.6 and later - Configuring the built-in VPN client
(Note you can set up a VPN connection on a iPhone in a similar manner as described here. Just go to Settings --> General --> Network --> VPN --> Add VPN Configuration.)
Open System Preferences --> Network, then click the plus sign to create a new service. Choose VPN as the interface and Cisco IPSec as the VPN type, then enter "RBVI VPN" as the service name.
You should now see a new interface in the left window pane named "RBVI VPN". Highlight this interface to display the configuration fields and enter the following information:
Server Address: vpn.cgl.ucsf.edu
Account Name: ***Your RBVI Username***
Password: leave this blank
Also check the box that says "Show VPN status in menu bar". Now click on Authentication Settings to access the Machine Authentication screen. Select Shared Secret and enter the Shared Secret provided by this link. Then enter "rbvi_vpn" in the Group Name field. Finally click on OK, and then Apply.
Since you checked the "Show VPN status..." box, an icon will now be displayed on the right hand side of the top menu bar, next to the Bluetooth icon (it sort of looks like a minature luggage tag). If you click on this icon the first item should be "Connect to RBVI VPN." Just select that and type your password in the panel that pops up. Upon successfull authentication a welcome screen will appear indicating you've connected to the RBVI VPN. To disconnect an active VPN connection, click on the same menu bar icon and select Disconnect.
The network VPN settings are on a per-computer basis. So if different user on your Mac tries to connect to the RBVI VPN, a panel will pop up defaulting to your user ID. Other users can't connect without a password (that's why you left the password field blank in the configuration steps above), so it's no big deal. Just something to be aware of.
Linux - Installing the VPN client
The Cisco VPN client for Linux is a command-line base program. Therefore the installation and connection instructions will not include the graphics one sees in the Windows or Mac procedures above.
- Unpack the downloaded file using the following command, which will create a folder named vpnclient with the necessary installation files:
- zcat vpnclient-linux-4.6.00.0045-k9.tar.gz | tar -xv
Your Cisco VPN client should now be installed. The following steps outline how to start the vpn service and how to connect to the RBVI VPN.
- Go to the vpnclient folder, and run ./vpn_install. Hit enter to accept the defaults.
- To run the VPN client, start the vpn service manually run /etc/init.d/vpnclient_init start
- To connect to the RBVI VPN, run vpnclient connect RBVI NOTE: RBVI is the profile file downloaded in an earlier step. DO NOT add the .pcf extension as it seems to confuse the program.