EPICS Home

Experimental Physics and Industrial Control System


 
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  2025  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  2025 
<== Date ==> <== Thread ==>
Subject: Re: caxy-1.0.0 released; CA tunneling with SSH
From: Till Straumann <[email protected]>
To: Martin Konrad <[email protected]>
Cc: "[email protected]" <[email protected]>
Date: Wed, 20 Jun 2012 15:22:04 -0500 
Don't I need root access to do that (mess with a tap interface)?

Also, what if everything besides ssh is firewalled?

- T.

On 06/20/2012 03:07 PM, Martin Konrad wrote:

Hi Till,

http://www.slac.stanford.edu/~strauman/epics/caxy/

I think there is another way how you can access your IOCs from the
outside that is no on your list: You can use a VPN tunnel.

If you use OpenVPN you need to make sure that you use the TAP interface
on server and client. On the server side (inside machine) you can simply
bridge the tapX interface together with your ethX interface (if you
configure OpenVPN correctly this should happen automatically).

+you should not need to patch your JCA/CAJ/CSS for this - everything
should be transparent
+OpenVPN is widely supported (even on smartphone)
-once you are connected you can access everything (not restricted to CA,
this might be a security issue)

Did you try this approach as well?

Best regards

Martin
Replies:
Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
References:
caxy-1.0.0 released; CA tunneling with SSH Till Straumann
Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
Navigate by Date:
Prev: Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
Next: Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  2025 
Navigate by Thread:
Prev: Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
Next: Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  2025