Viewable by the world
Group Access to IT Frequently Asked Questions (FAQ)
Can VIEW the space: itfaq-editors ,  anonymous ,  itfaq-MFA-EDITORS ,  itfaq-itss ,  all-lbnl-users ,  mpsg-staff ,  itfaq-editors-lite ,  mpsg-mpsg-helpdesk ,  google-collab-documentation-management , 
Can EDIT the space: itfaq-editors-lite ,  itfaq-editors ,  mpsg-staff ,  google-collab-documentation-management ,  mpsg-mpsg-helpdesk , 
Can ADMINISTER the space:
Individual Access to IT Frequently Asked Questions (FAQ)
Can VIEW the space: pbutler@lbl.gov ,  arica@lbl.gov ,  scwine@lbl.gov ,  jbrown@lbl.gov ,  asultan@lbl.gov ,  cyoungquist@lbl.gov ,  mnsmitasin@lbl.gov ,  t.l@lbl.gov ,  psbanerjee@lbl.gov ,  adstone@lbl.gov ,  pltura@lbl.gov ,  mtdedlow@lbl.gov ,  pramos2@lbl.gov ,  derrickjohnson@lbl.gov ,  chaserandall@lbl.gov ,  rsimon@lbl.gov ,  jekrous@lbl.gov ,  lecorrales@lbl.gov ,  ghamm@lbl.gov ,  gabe@lbl.gov ,  asharma@lbl.gov ,  jwelcher@lbl.gov ,  tecampbell@lbl.gov ,  milesgreen@lbl.gov ,  pbuffon@lbl.gov ,  sarahermosillocanedo@lbl.gov , 
Can EDIT the space: pbutler@lbl.gov ,  tecampbell@lbl.gov ,  mtdedlow@lbl.gov ,  arica@lbl.gov ,  scwine@lbl.gov ,  jwelcher@lbl.gov ,  cyoungquist@lbl.gov ,  pltura@lbl.gov ,  asultan@lbl.gov ,  pramos2@lbl.gov ,  t.l@lbl.gov ,  adstone@lbl.gov ,  mnsmitasin@lbl.gov ,  gabe@lbl.gov ,  jekrous@lbl.gov ,  ghamm@lbl.gov ,  lecorrales@lbl.gov ,  psbanerjee@lbl.gov ,  asharma@lbl.gov ,  rsimon@lbl.gov ,  derrickjohnson@lbl.gov ,  milesgreen@lbl.gov ,  jbrown@lbl.gov ,  pbuffon@lbl.gov , 
Can ADMINISTER the space: mnsmitasin@lbl.gov ,  tecampbell@lbl.gov ,  jekrous@lbl.gov ,  adstone@lbl.gov ,  t.l@lbl.gov ,  lecorrales@lbl.gov ,  jbrown@lbl.gov ,  derrickjohnson@lbl.gov ,  pbuffon@lbl.gov , 

Versions Compared

Old Version 12

changes.mady.by.user Jennifer Brown

Saved on

compared with

New Version Current

changes.mady.by.user Richard Simon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

LBL-VPN is switching to MFA -- see more details here: https://go.lbl.gov/MFAVPN

What is a Virtual Private Network (VPN)?

A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network built for the private use of a particular institution over the shared public infrastructure. VPNs work by establishing secure "tunnels" for the transfer of information.  Because the data which passes through such tunnels is encrypted, it is protected from unauthorized access. Additionally, the VPN tunnel end-points (aka peers) authenticate with each other to prevent identity spoofing, and verify all received data to ensure that it has not been altered during transmission.

LBNL uses VPN technology to provide secure connections for remote access users. Because LBL-VPN users are assigned an IP address in the lbl.gov domain, they can access Laboratory resources as if they were on-site.

LBL-VPN is a software-based VPN service. Employees wishing to use LBL-VPN must install VPN client software on their computer(s). The software is available, free of charge, from https://software.lbl.gov

Who can benefit from a VPN?

In general, three groups of people can benefit from LBL-VPN service: 

  • Home users with Internet connectivity who need to access otherwise restricted LBNL network resources
  • Users on travel or on remote assignment who need access to otherwise restricted LBNL network resources
  • Any LBNL remote user who wants their data to be encrypted across the Internet while communicating with LBLnet.

How can I sign up for VPN service?

No signup is needed. Download the software from LBL's Software Download Page and install it on your computer. Use your LDAP User Name and password to connect with LBL-VPN.

How much does it cost?

VPN is provided free of charge to LBNL employees.

Are iOS and Android devices supported?

Yes, modern iOS and Android devices are supported.

How do I change or recover my VPN password?

LBL-VPN authenticates user connection requests based on their LDAP username and password. 
Your LDAP (Berkeley Lab Identity) password may be changed here: https://password.lbl.gov 
If you don't know or have forgotten your LDAP password, you can reset your password at https://password.lbl.gov.

When I'm working through a VPN tunnel at home, is all my traffic tunneled through the Lab?

, such as the LBNL network. The encrypted connection helps ensure that sensitive data is safely transmitted and prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely. The LBL-VPN also makes the device logically appear on the LBNL network, this can be useful to access resources that are restricted to the LBNL network. 

Why do I need to use the LBL-VPN?

Maybe you don't?  The majority of Lab services are accessible from any place on the Internet, without using the LBL-VPN. You can access Gmail, Google Calendar, and the rest of the Google Suite without LBL-VPN. Zoom and video conferences doesn't need LBL-VPN. The the vast majority of Lab Business Systems, such as LETS and eBuy, are accessible without LBL-VPN.

However, there are a few situations where you might need to use the LBL-VPN:

  • To access access resources at LBNL that are not available to the Internet; we're keeping a list at Berkeley Lab VPN Information
  • If you believe the network you are using is untrustworthy, for example a hotel or coffee shop, and you want additional security, use the LBL-VPN. 
  • To circumvent network filtering, the most notable example being traveling to China, where traffic is heavily filtered

How do I use the LBL-VPN?

The instructions for setting up Cisco AnyConnect can be found here.

What login credential do I use to login to the LBL-VPN?

User your Berkeley lab identity or (LDAP) credential to login to the LBL-VPN. Do not use your AD credential, it will not work. 

Can I use the LBL-VPN on a personally-owned computer?

Yes, you can, however, note that while connected to LBNL's VPN, all of your computer's network traffic will be routed through LBNL's network. When you browse the web, watch Netflix, or download a torrent file, your network traffic is tunneled to the Lab before being routed to its final destination. For all practical purposes, your computer is "at the LabYes.  When you connect to Yahoo, for example, your request is encrypted, tunneled to the Lab, decrypted, then routed to www.yahoo.com. For all practical purposes, you are "on site," and for that reason you may want to review the the Lab's policy for appropriate computer use:https://commons.lbl.gov/display/rpm2/Acceptable+Use+of+Information+Technology. 

Is it possible for me to choose when my traffic is tunneled through the Lab, and when it goes out "in the clear"?

While connected to LBL-VPN, you are not able to choose which traffic gets tunneled through LBLnet and which does not.
If you do not want your traffic to be tunneled (and subject to monitoring by LBNL), disconnect from VPN and access the Internet directly through your local provider.

Note: Due to this restriction, local area network devices, such as printers, will be unavailable to you while connected to LBL-VPN. 
However, directly connected devices (e.g. via USB), should continue to work. 

...

When my LBL-VPN tunnel is enabled, will network performance decrease?

While there is some overhead associated with VPN security features, end-users typically do not detect any performance degradation.  

What are the IP ranges used by the VPN?

When you are assigned IP addresses by the VPN, you will get one IPv4 address in the range 131.243.144.0/20 and one IPv6 address in the 2620:83:8000:165::/64

Where can I get Cyber Security information about the LBL-VPN?

Additional details about the LBL-VPN, including the subnets, use cases, and pros and cons are at Berkeley Lab VPN Information

Additional VPN resources:

Children Display





Pop away

Computers manufactured after 2002 easily meet the system requirements for LBL-VPN.