VPN connection to MAX IV
MAX IV users can access the MAX IV computers from external locations with a VPN connection. Currently, active users with a DUO account can establish a connection to the white network that comprises computers and servers outside the beamlines and accelerators and log in to the offline cluster to access data and files stored at MAX IV, for example to prepare an experiment or reprocess the data. External access to the beamline network during experiments is available for commissioning users at BioMAX. Since the Summer of 2019 the VPN to MAX IV can be initiated from any computer either standalone or part of an internal network infrastructure. The only restriction is that only one connection is allowed from the same machine at one time.
Before connecting to MAX IV, users must ensure that they enter a cell phone number in DUO where they can receive an SMS. This is required for the user to receive an otp (“one time password”) for two-step authentication; if preferred, for subsequent logins it is possible to activate a mobile application as an otp authenticator. The next step is to install a VPN client, like Pulse Secure. Note: At the moment, VPN to MAX IV should not be initiated from a machine that is part of a internal network infrastructure with network mounted disks, (since the connection to those may be lost), only from stand-alone computers or laptops.
Using Pulse Secure
The Pulse Secure client provides an interface for users to connect to MAX IV and it is easy to install in many platforms. To download and install Pulse Secure, follow these steps:
- In a web browser, open https://vpn-white.maxiv.lu.se . Select the “DUO User Realm” and use the username and password from your DUO registration. A new page will ask you to enter a otp code sent to your phone. Note that the otp will expire after a while, so if you cannot type it in immediately, you will have to enter your user name and password again to receive a new code.
- Download the Pulse Secure VPN application launcher and install it on your computer (Note: You must have administrator permissions to be able to do this!):
- On Windows computers, a launcher script will be downloaded automatically; after installing it, it will download and install the application. If the installation is successful, you will see the pulse secure icon in your program tray.
- For Linux and Macs, select the appropriate installer from the displayed list, download and install it.
- OpenConnect on Linux. This client seems to work well in recent versions. Use the “pulse” protocol for openconnect version 8.04 or newer. Use the “juniper” or “nc” protocol for older versions.
- After the installation is completed, create a connection to in Pulse Secure:
- The name of the connection can be anything you choose that allows you to identify it easily (e.g., “White MAX IV”).
- The name of the server is vpn-white.maxiv.lu.se. (Users connecting to the BioMAX beamline network for remote experiments must use a different server; please consult the BioMAX specific documentation).
- The user name and the password are the DUO account credentials; select DUO Users as the realm. The server, user name and realm will be stored under the connection profile. Finally, type the otp code you receive on your phone after authenticating.
After establishing the VPN connection, the next step is to open a remote desktop at MAX IV. Please see how to connect to the offline MAX IV HPC with the ThinLinc client.
If you prefer not to have the otp sent in an SMS, you can set up an application like Pocket Pass or similar mobile app to generate the otp. To activate this, you need to connect to the MAX IV network following the above described procedure. Once in the MAX IV network, follow these instructions.