home overview research resources outreach & training outreach & training visitors center visitors center search search

RBVI's Virtual Private Network (VPN) "How To" Guide

Introduction

In order to provide secure access to our Resource Center and associated computer services, the Resource for Biocomputing, Visualization, and Informatics (RBVI) has installed hardware and software to support Virtual Private Network (VPN) connections from anywhere on the Internet. The RBVI VPN service allows reliable, high-performance remote-access to the RBVI and other UCSF restricted sites (e.g., certain RBVI computing resources, UCSF Library databases and journals). This is accomplished by the creation of a secure, encrypted communications channel or "tunnel" between a remote host and a VPN concentrator located in our data center. The RBVI VPN system is based on a Cisco 3020 concentrator. Remote users will need to download and install the Cisco VPN client software and the RBVI-specific configuration profile in order to use the system. If the Cisco VPN client is already installed on your computer, then only need to download the RBVI-specific configuration profile. (See below for details).

Initial steps to access the RBVI VPN

1. Login with your User ID and Kerberos password -- Authentication to the RBVI VPN is accomplished via Kerberos, a secure network authentication system. If you have never initialized your Kerberos password, you will need to do so prior to using the VPN system. Go to the CGL Change Password page and enter your current password (the same one you use for logging into Socrates or for accessing your Socrates e-mail account), then either enter this same password or choose a new password in the "Enter new password" field. Be sure to click on the "Change Password" button at the bottom of the page when you're done. You can verify that Kerberos authentication is working for your account by visiting the Kerberos Authentication Test page. If you have problems getting Kerberos authentication to work for you, please send e-mail to kerberos-help@cgl.ucsf.edu.
2. Download VPN Client Software and/or RBVI Profile -- Download VPN client for:
   • Windows
   • Mac OS X (version 10.3 and earlier)
   • Mac OS X (version 10.4 ONLY for Intel and PPC)
   • Mac OS X (version 10.5 for Intel and PPC)
   • Linux
   • RBVI Profile
3. Install Client or Import Profile -- Operating system specific client installation and profile import procedures for:
   • Windows
   • Mac OS X
   • Linux

 

---

Windows - Installing the VPN client

After downloading the Cisco VPN client zip file for Windows to a temporary location on your system, double click on the icon (sample below) to unzip.

Then, click on the vpnclient_setup icon to install.

 

Windows - Start VPN Client

On the remote system, navigate to Start -> All Programs -> Cisco Systems VPN Client -> VPN Client and start the Client.

 

Windows - Import RBVI specific profile

Import the RBVI Profile by starting VPN client and navigating to Connection Entries -> Import. This will allow browsing to the downloaded RBVI Profile.

 

Windows - Starting VPN session to the RBVI VPN

Select the RBVI_VPN connection entry in VPN_Client (Note: Users who have previously installed the Cisco VPN client to connect to other organizations might have more than one Connection Entry), and click on Connect.

A Login panel should appear. Enter your username and Kerberos password to start the VPN session. There will messages at the bottom of the client indicating negotation and connection set up. Afterwards a panel will pop up, welcoming you to the RBVI VPN. Click Continue to start VPN session.

 

---

Mac OS X - Installing the VPN client

After downloading the compressed Cisco VPN client for Mac OS X to your computer's desktop, double click on the .dmg "diskimage" file (sample below).

This mounts the disk image. Double click on the resulting "CiscoVPNClient" virtual disk to see its contents.

Double click the Cisco VPN Client.mpkg file to install the VPN client software. You must have OS X Administrator rights to install this software. Note: After installing the VPN client, restart your system. This is a one-time only requirement. After system restart, proceed to the following section.

 

Mac OS X - Start VPN Client

Navigate to Applications -> VPN Client and start the VPN Client.

 

Mac OS X - Import RBVI specific profile

Import the RBVI Profile by starting VPN client and clicking on Import. This will allow browsing to the downloaded RBVI Profile.

 

Mac OS X - Starting VPN session to the RBVI VPN

Select the RBVI_VPN connection entry in VPN_Client (Note: Users who have previously installed the Cisco VPN client to connect to other organizations might have more than one Connection Entry), and click on Connect.

A Login panel should appear. Enter your username and Kerberos password to start the VPN session. There will messages at the bottom of the client indicating negotation and connection set up. Afterwards a panel will pop up, welcoming you to the RBVI VPN. Click Continue to start VPN session.

 

---

Linux - Installing the VPN client

The Cisco VPN client for Linux is a command-line base program. Therefore the installation and connection instructions will not include the graphics one sees in the Windows or Mac procedures above.

1. Unpack the downloaded file using the following command, which will create a folder named vpnclient with the necessary installation files:

• zcat vpnclient-linux-4.6.00.0045-k9.tar.gz | tar -xv

2. Go to the vpnclient folder, and run ./vpn_install.  Hit enter to accept the defaults.

Your Cisco VPN client should now be installed. The following steps outline how to start the vpn service and how to connect to the RBVI VPN.

1. To run the VPN client, start the vpn service manually run /etc/init.d/vpnclient_init start
2. To connect to the RBVI VPN, run vpnclient connect RBVI NOTE: RBVI is the profile file downloaded in an earlier step. DO NOT add the .pcf extension as it seems to confuse the program.