Virtual Private Networks at LBL
What is a Virtual Private Network?
A VPN is a network built for the private use of a particular institution over the shared public infrastructure. VPNs work by establishing secure “tunnels” for the transfer of information. Because the data which passes through such tunnels is encrypted, it is protected from unauthorized access. Additionally, the VPN tunnel end-points (aka peers) authenticate with each other to prevent identity spoofing, and verify all received data to ensure that it has not been altered during transmission.
LBNL uses VPN technology to provide secure connections for remote access users. Because LBL-VPN users are assigned an IP address in the lbl.gov domain, they can access Laboratory resources as if they were on-site.
LBL-VPN is a software-based VPN service. Employees wishing to use LBL-VPN must install VPN client software on their computer(s). The software is available, free of charge, from https://software.lbl.gov.
Who can benefit from a VPN?
In general, three groups of people can benefit from LBL-VPN service:
- Home users with Internet connectivity who need to access otherwise restricted LBNL network resources
- Users on travel or on remote assignment who need access to otherwise restricted LBNL network resources
- Any LBNL remote user who wants their data to be encrypted across the Internet while communicating with LBLnet.
How can I sign up for VPN service?
No signup is needed. Download the software from LBL’s Software Download Page and install it on your computer. Use your LDAP User Name and password to connect with LBL-VPN.
How much does it cost?
VPN is provided free of charge to LBNL employees.
Modern Windows, LInux, and OSX Operating Systems are supported.
Modern iOS devices are supported. Modern Android mobile devices are supported.
Chromebooks and other devices which only support L2TP VPN are not supported (but other workarounds may be available such as using the OTP Gateway).
How To Install
Click here to find out how to install the VPN software on your system.
Frequently Asked Questions
How do I change or recover my VPN password?
LBL-VPN authenticates user connection requests based on their LDAP username and password.
Your LDAP password may be changed here: https://password.lbl.gov
If you don’t know or have forgotten your LDAP password, you can reset your password at https://password.lbl.gov.
When I’m working through a VPN tunnel at home, is all my traffic tunneled through the Lab?
Yes. When you connect to Yahoo, for example, your request is encrypted, tunneled to the Lab, decrypted, then routed to www.yahoo.com. For all practical purposes, you are “on site,” and for that reason you may want to review the Lab’s policy for appropriate computer use:http://www.lbl.gov/Workplace/RPM/R9.01.html.
Is it possible for me to choose when my traffic is tunneled through the Lab, and when it goes out “in the clear”?
While connected to LBL-VPN, you are not able to choose which traffic gets tunneled through LBLnet and which does not.
If you do not want your traffic to be tunneled (and subject to monitoring by LBNL), disconnect from VPN and access the Internet directly through your local provider.
Note: Due to this restriction, local area network devices, such as printers, will be unavailable to you while connected to LBL-VPN.
However, directly connected devices (e.g. via USB), should continue to work.
When my VPN tunnel is enabled, will network performance decrease?
While there is some overhead associated with VPN security features, end-users typically do not detect any performance degradation.
Computers manufactured after 2002 easily meet the system requirements for LBL-VPN.
For the system requirements specific to your operating system, visit the ‘manufacturer’s page’ URL accompanying the VPN client downloads on https://software.lbl.gov