Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019 
<== Date ==> <== Thread ==>

Subject: Re: caxy-1.0.0 released; CA tunneling with SSH
From: Till Straumann <strauman@slac.stanford.edu>
To: Martin Konrad <konrad@ikp.tu-darmstadt.de>
Cc: "tech-talk@aps.anl.gov" <tech-talk@aps.anl.gov>
Date: Wed, 20 Jun 2012 15:22:04 -0500
Don't I need root access to do that (mess with a tap interface)?

Also, what if everything besides ssh is firewalled?

- T.

On 06/20/2012 03:07 PM, Martin Konrad wrote:
Hi Till,
http://www.slac.stanford.edu/~strauman/epics/caxy/
I think there is another way how you can access your IOCs from the
outside that is no on your list: You can use a VPN tunnel.

If you use OpenVPN you need to make sure that you use the TAP interface
on server and client. On the server side (inside machine) you can simply
bridge the tapX interface together with your ethX interface (if you
configure OpenVPN correctly this should happen automatically).

+you should not need to patch your JCA/CAJ/CSS for this - everything
should be transparent
+OpenVPN is widely supported (even on smartphone)
-once you are connected you can access everything (not restricted to CA,
this might be a security issue)

Did you try this approach as well?

Best regards

Martin



Replies:
Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
References:
caxy-1.0.0 released; CA tunneling with SSH Till Straumann
Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad

Navigate by Date:
Prev: Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
Next: Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019 
Navigate by Thread:
Prev: Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
Next: Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019 
ANJ, 18 Nov 2013 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·