Viewable by the world
Group Access to IT Frequently Asked Questions (FAQ)
Can VIEW the space: itfaq-editors ,  anonymous ,  itfaq-MFA-EDITORS ,  itfaq-itss ,  all-lbnl-users ,  mpsg-staff ,  itfaq-editors-lite ,  mpsg-mpsg-helpdesk ,  google-collab-documentation-management , 
Can EDIT the space: itfaq-editors-lite ,  itfaq-editors ,  mpsg-staff ,  google-collab-documentation-management ,  mpsg-mpsg-helpdesk , 
Can ADMINISTER the space:
Individual Access to IT Frequently Asked Questions (FAQ)
Can VIEW the space: pbutler@lbl.gov ,  arica@lbl.gov ,  scwine@lbl.gov ,  jbrown@lbl.gov ,  asultan@lbl.gov ,  cyoungquist@lbl.gov ,  mnsmitasin@lbl.gov ,  t.l@lbl.gov ,  psbanerjee@lbl.gov ,  adstone@lbl.gov ,  pltura@lbl.gov ,  mtdedlow@lbl.gov ,  pramos2@lbl.gov ,  derrickjohnson@lbl.gov ,  chaserandall@lbl.gov ,  rsimon@lbl.gov ,  jekrous@lbl.gov ,  lecorrales@lbl.gov ,  ghamm@lbl.gov ,  gabe@lbl.gov ,  asharma@lbl.gov ,  jwelcher@lbl.gov ,  tecampbell@lbl.gov ,  milesgreen@lbl.gov ,  pbuffon@lbl.gov ,  sarahermosillocanedo@lbl.gov , 
Can EDIT the space: pbutler@lbl.gov ,  tecampbell@lbl.gov ,  mtdedlow@lbl.gov ,  arica@lbl.gov ,  scwine@lbl.gov ,  jwelcher@lbl.gov ,  cyoungquist@lbl.gov ,  pltura@lbl.gov ,  asultan@lbl.gov ,  pramos2@lbl.gov ,  t.l@lbl.gov ,  adstone@lbl.gov ,  mnsmitasin@lbl.gov ,  gabe@lbl.gov ,  jekrous@lbl.gov ,  ghamm@lbl.gov ,  lecorrales@lbl.gov ,  psbanerjee@lbl.gov ,  asharma@lbl.gov ,  rsimon@lbl.gov ,  derrickjohnson@lbl.gov ,  milesgreen@lbl.gov ,  jbrown@lbl.gov ,  pbuffon@lbl.gov , 
Can ADMINISTER the space: mnsmitasin@lbl.gov ,  tecampbell@lbl.gov ,  jekrous@lbl.gov ,  adstone@lbl.gov ,  t.l@lbl.gov ,  lecorrales@lbl.gov ,  jbrown@lbl.gov ,  derrickjohnson@lbl.gov ,  pbuffon@lbl.gov , 

Versions Compared

Old Version 15

changes.mady.by.user Ian Vaino

Saved on

compared with

New Version Current

changes.mady.by.user Richard Simon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

LBL-VPN is switching to MFA -- see more details here: https://go.lbl.gov/MFAVPN

What is a Virtual Private Network (VPN)?

A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network, such as the LBNL network. The encrypted connection helps ensure that sensitive data is safely transmitted . It and prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely. The LBL-VPN also makes the device logically appear on the LBNL network, this can be useful to access resources that are restricted to the LBNL network

Why do I need to use the LBL-VPN?

Maybe you don't?  The majority of Lab services are already easily accessible from any place on the Internet, with no special configuration requiredwithout using the LBL-VPN. You can access Gmail, Google Calendar, Drive, and the rest of the Google Suite with no special setup. You can access many other Lab web applications, such as Training and LETS without special configurations. without LBL-VPN. Zoom and video conferences doesn't need LBL-VPN. The the vast majority of Lab Business Systems, such as LETS and eBuy, are accessible without LBL-VPN.

However, there are a few cases situations where you will might need additional technology in place to work from home. The most common cases are using applications that are only accessible from the Lab network (such as FMS) or accessing files on a shared drive.

Typical VPN use cases at LBL include:

  • Anyone working at home who needs to access resources at LBL that are not available on the internet, such as shared folder, or protected web sites.
  • Users on travel or on remote assignment who need access to otherwise restricted LBNL network resources.
  • Any LBL remote user who wants their data to be encrypted across the Internet.

to use the LBL-VPN:

  • To access access resources at LBNL that are not available to the Internet; we're keeping a list at Berkeley Lab VPN Information
  • If you believe the network you are using is untrustworthy, for example a hotel or coffee shop, and you want additional security, use the LBL-VPN. 
  • To circumvent network filtering, the most notable example being traveling to China, where traffic is heavily filtered

How do I use the LBL-

...

VPN?

The instructions for setting up Cisco AnyConnect can be found here.found here.

What login credential do I use to login to the LBL-VPN?

User your Berkeley lab identity or (LDAP) credential to login to the LBL-VPN. Do not use your AD credential, it will not work. 

Can I use the LBL-VPN on a personally-owned computer?

Yes, you can. Use of VPN is recommended when accessing Lab resources from any computer, including those that are personally owned.Be advised, however, note that while connected to LBLLBNL's VPN, all of your computer's network traffic will be routed through LBLLBNL's network. When you connect to browse the web, watch Netflix, for exampleor download a torrent file, your request network traffic is encrypted, tunneled to the Lab , decrypted, then before being routed to Netflixits final destination. For all practical purposes, you are "on siteyour computer is "at the Lab," and for that reason you may want to review the the Lab's policy for appropriate computer use:https://commons.lbl.gov/display/rpm2/Acceptable+Use+of+Information+Technology.  It is highly recommended that you review what is running to running on your computer before you connect to VPN. 

Is it possible for me to choose when my traffic is tunneled through the Lab, and when it goes out "in the clear"?

No, it is not possible. While connected to LBL's VPN, all traffic will be routed through the VPN "tunnel", and subject to monitoring by LBNL.
If you do not want traffic to be tunneled, disconnect from VPN and access the Internet directly through your local provider.

Note: Due to this restriction, local area network devices, such as printers, will be unavailable to you while connected to LBL-VPN. 
However, directly connected devices (e.g. via USB), should continue to work. 

When my LBL-

...

VPN tunnel is enabled, will network performance decrease?

While there is some overhead associated with VPN security features, end-users typically do not detect any performance degradation.  

What are the IP ranges used by the VPN?

When you are assigned IP addresses by the VPN, you will get one IPv4 address in the range 131.243.144.0/20 and one IPv6 address in the 2620:83:8000:165::/64

Where can I get Cyber Security information about the LBL-VPN?

Additional details about the LBL-VPN, including the subnets, use cases, and pros and cons are at Berkeley Lab VPN Information

Additional VPN resources:

Children Display





Pop away