IRMACS network connections

You have several ways of making use of the IRMACS computing facilities:

IRMACS workstations

IRMACS SAGE server

Wireless network options

In case it helps: with Linux, the following entry in /etc/wpasupplicant.conf seemed to work:

network={
        ssid="irmacs"
        key_mgmt=IEEE8021X
        eap=TTLS
        identity=<your IRMACS login>
        password=<your IRMACS password>
        phase2="auth=PAP"
}

IRMACS VPN

If you connect using SFU, SFU-SECURE or eduroam, you will not be inside the irmacs firewall, so hydrogen will not be accessible. In order to access hydrogen, you can make use of the IRMACS VPN (again, use IRMACS credentials to authenticate).

VPN via NetworkManager on Linux

Under linux, NetworkManager 0.7.0 with vpnc 0.5.1 seems to work fine. The following information is needed to set up the VPN using vpnc:

Gateway: portal.irmacs.sfu.ca
Group Name: KerbGroup

Under "optional" you can specify your Irmacs user name. You can specify to only use the VPN connection for the irmacs address range using 142.58.52.0/23. The Group Password is Etu9*3Tv@ (this is not really a secret, since it's posted in obfuscated form in the irmacs.pcf file anyway, and the obfuscation is easily undone using cisco-decrypt).

VPN via vpnc's configuration files on Linux

Under linux, vpnc 0.5.1 seems to work well (probably better than Cisco's own vpnclient software, but I did not try). Configuration goes in /etc/vpnc/default.conf:

IPSec gateway portal.irmacs.sfu.ca
IPSec ID KerbGroup
IPSec obfuscated secret 440FD5657B03F5C1A39AE2F3865AC5BE45CF5C1C1A4B3493AA954B2294AE7FA99B628E6DA7DB407A473305A8037A7E7384B484ED796AB9D9
NAT Traversal Mode cisco-udp
Xauth username <IRMACS user name>

If you only want your traffic to IRMACS computers tunnelled, you have to configure a "split" network, and you probably want to keep your original DNS as well. The following settings could go somewhere in /etc/vpnc/vpnscript (let me know if you know a more elegant solution!):

CISCO_SPLIT_INC=1                    #-- number of networks in split-network-list
CISCO_SPLIT_INC_0_ADDR=142.58.52.0   #-- network address
CISCO_SPLIT_INC_0_MASK=255.255.254.0 #-- subnet mask (for example: 255.255.255.0)
CISCO_SPLIT_INC_0_MASKLEN=23         #-- subnet masklen (for example: 24)
CISCO_SPLIT_INC_0_PROTOCOL=0         #-- protocol (often just 0)
CISCO_SPLIT_INC_0_SPORT=0            #-- source port (often just 0)
CISCO_SPLIT_INC_0_DPORT=0            #-- destination port (often just 0)

MODIFYRESOLVCONF=''
RESTORERESOLVCONF=''

Days9Network (last edited 2008-11-14 13:42:10 by anonymous)