Fermi National Laboratory

FERMILAB VPN Service

  Home     Documentation     Registration     Security Requirements     Help     FAQ  

Welcome to the Fermilab Virtual Private Network Service

Fermilab now provides a VPN (virtual private network) service to accommodate the needs of remote users. A VPN is a virtual private network that uses a public network (Internet) infrastructure to connect remote users to an enterprise network via an encrypted tunnel. The VPN tunnel allows a user to have the functionality of a direct dialup connection, but provides the convenience and higher bandwidth from using a local ISP for connectivity.

How A VPN Connection Works:

Fermilab VPN support is based on a remote access model. The user's remote system must be connected to the general Internet. The user needs to have the appropriate VPN client software on his system, and must have established a VPN account with the Laboratory. Once these elements are in place, the VPN client software can be used to establish a VPN tunnel from the remote system to a VPN concentrator located at the Laboratory. The VPN tunnel uses the Internet to create a virtual point-to-point connection between the remote system and the Laboratory network. All network traffic between the user's system and the Laboratory's campus network is sent within the VPN tunnel in encrypted format. Traffic through the tunnel uses a Fermilab campus network address for the remote system, making it appear to be directly attached to the Fermilab network. Traffic between the user's remote system and the rest of the Internet does not traverse the tunnel, and just follows the system's general Internet path. Once the remote user has completed his Laboratory-related work, the VPN tunnel can be taken down.

It should be noted that Fermilab supports only VPN connections with individual remote systems. Site-to-site connections, such as between a user's home network and the Fermilab campus network, are not supported. Users are also prohibited from using a VPN-connected system as a gateway for other remote systems via technologies such as Network Address Translation (NAT).

Benefits of Using the Fermilab VPN:

The FNAL VPN provides several advantages for users. It provides an encrypted tunnel into the lab so that traffic across the big bad internet can not be sniffed (as easily). It provides your machine with a local Fermilab address (131.225.247.x for now) and name so that you can access services or machines that are restricted to Fermilab only machines. VPN traffic is not affected by the border router blocks - some of these blocks are netbios, web servers, rpc, and printing.

User must agree to the VPN Security requirements before registering the service.

Clients are available for Linux, Mac OSX, Solaris, and Windows.

To use the VPN Service, you must register your account and configure your computer according to the documentation. You can access the registration page and the documentation from the toolbar at the top of this page.


(Address comments about page to csi-help@fnal.gov)
Security, Privacy, Legal Fermi National Accelerator Laboratory