Direkt zum Inhalt
  • Paul Scherrer Institut PSI
  • PSI Research, Labs & User Services

Digital User Office

  • Digital User Office
  • DE
  • EN
  • FR
Paul Scherrer Institut (PSI)
Suche
Paul Scherrer Institut (PSI)

Hauptnavigation

  • Unsere ForschungÖffnen dieses Hauptmenu Punktes
    • Aktuelles aus unserer Forschung
    • Zukunftstechnologien
    • Health Innovation
    • Energie und Klima
    • Grundlagen der Natur
    • Grossforschungsanlagen
    • Broschüren
    • 5232 — Das Magazin des Paul Scherrer Instituts
    • Research Divisions & Labs (only english)
  • IndustrieÖffnen dieses Hauptmenu Punktes
    • Übersicht
    • Technologietransfer
    • Kompetenzen
    • Spin-off-Firmen
    • Park Innovaare
  • Protonentherapie Öffnen dieses Hauptmenu Punktes
    • Übersicht
    • Arzt & Patienten Information
  • KarriereÖffnen dieses Hauptmenu Punktes
    • Übersicht
    • Stellenangebote
    • Arbeiten am PSI
    • Personalpolitik
    • Chancengleichheit, Diversität & Inklusion
    • Aus- und Weiterbildung
    • Berufsbildung / Lehrstellen
    • PSI Bildungszentrum
    • Career Center
    • Förderprogramm "PSI Career Return Program"
    • PSI-FELLOW/COFUND
  • Besuch am PSIÖffnen dieses Hauptmenu Punktes
    • Übersicht
    • Besucherzentrum psi forum
    • Schülerlabor iLab
    • Veranstaltungen am PSI
    • Der Weg zu uns
  • Über das PSIÖffnen dieses Hauptmenu Punktes
    • Das PSI in Kürze
    • Strategie
    • Leitbilder
    • Zahlen und Fakten
    • Organisation
    • Für die Medien
    • Für Lieferanten
    • Für Kunden (E-Billing)
  • DE
  • EN
  • FR

Digital User Office (mobile)

  • Digital User Office

Sie befinden sich hier:

  1. PSI Home
  2. Über das PSI
  3. Computing
  4. Dienste
  5. Verbindungen und Logins
  6. VPN

Sekundäre Navigation

Computing

  • IT ServiceDesk
  • Dienste Ausgeklappter Submenü Punkt
    • PSI Pocket
    • Videokonferenz
    • Mail
    • Verbindungen und Logins Ausgeklappter Submenü Punkt
      • SSH Hop
      • VPN
      • Öffentliches Internet
      • WLAN
    • Datenübertragung/CVS
      • FTP
      • AFS
      • Subversion CVS
    • Ausleihmaterial
  • Sicherheit und Weisungen
  • IT in der Forschung
  • Quicklinks
  • Über uns
  • Kontakt
Dieser Inhalt ist nur in englischer Sprache verfügbar

VPN Access to the PSI Intranet

To access intranet resources users outside the PSI must connect through a Virtual Private Network (VPN).

By connecting through the VPN a host becomes effectively part of the PSI intranet, regardless of its original location. The system will appear on the Internet with a PSI address, and traffic will pass through the PSI Firewall.

Thus the following rules apply to all users of the VPN Software.

Rules

  1. Users of the VPN Client must adhere to the Usage and Monitoring of IT Resources at PSI / Nutzung und Überwachung der EDV-Ressourcen am PSI
  2. An up-to-date Virus scanning tool 1 must be installed and running on the client.
  3. The client os must be fully patched, especially through os and application security fixes.
  4. AIT may monitor the VPN Traffic to prevent misuse 2.
  5. No Network services (webserver, P2P etc.) may be offered on VPN Clients.
  6. AIT supports users by providing installation help (this page) and the VPN client software. Additional support can only be provided for PSI standard installations.
Notes:
  1. A good, for home use free virus scanner is available from Avira Free Antivirus.
  2. AIT will not access your home system. Only traffic flowing through the PSI Network will be monitored.

FAQ

Wich Password must I use (with SecurID)
The password is a 12-digit number comprised of your PIN, followed by the current number shown by your Token: rsa password.png

 

After installing I can't access my PC anymore from other systems.
If you are connected through the VPN, access to the PC is not possible, except through your secure channel. Otherwise your system would open up a tunnel from the Internet to the PSI net, bypassing the Firewall.

How will the VPN software affect throughput?
When you're at home, measurements indicate that the throughput between your PC and the network at work may reduced by somewhat less than 10 percent, depending upon the type of traffic being generated. Whilst any amount of performance degradation is undesirable, it is the cost of doing business securely and offering an improved access possibility.

Will AIT have access to my PC, when I'm connected through VPN.
No, your PC will become part of the PSI network, but that is not enough for anyone to get access to your system. When you connect to the PSICH Domain, AIT could, in principle, run the same scripts on your home system as it does on your office machine. However AIT will not execute any of these scripts on a system connected through VPN.
However AIT may monitor the network traffic you create. This is done automatically and AIT staff will only look at this if our monitoring software reports a problem. This software watches for hacker attacks (in and out :-)), network problems, viruses etc.

Is it possible to connect to PSI with a Windows XP system?
After April 8 2014, VPN is forbidden with XP clients. The firewall will block such clients. The reason for this is that Microsoft no longer provides security updates for Windows XP.

I have installed a firewall and now VPN doesn't work anymore.
VPN needs certain ports and protocols open. These are:

TCP Port: 443
UDP Port: 443
UDP Port: 500
UDP Port: 4'500

Problems with AFS via VPN (Windows)

  1. RDP session via VPN to PSI terminal server winterm3.psi.ch (requires SecurID token) or
  2. RDP, vnc, smb etc. via SSH tunnelling to hop.psi.ch (does not require a SecurID token)

PSI employees can tunnel the following TCP connection into the PSI LAN via hop.psi.ch

                TCP port number is used by

                22 SSH

                80/443 HTTP(S)

                445 Windows file server (e.g. fs00, fs01 or fs02)

                >1023 e.g. for RDP, VNC etc.

External employees can tunnel the following TCP connection into the PSI LAN via hop.psi.ch

                TCP port number is used by

                22 SSH

                3389 RDP

                5900 VNC

                If necessary, further connections can be released on request.           

documentation:

                https://www.psi.ch/en/computing/ssh-hop

                https://www.psi.ch/de/computing/ssh-hop

 

Mit Sidebar

VPN Installation und Einstellungen

Windows windows.gif
Linux penguin.gif
Mac OSX apple.gif

top

Fussbereich

Paul Scherrer Institut

Forschungsstrasse 111
5232 Villigen PSI
Schweiz

Telefon: +41 56 310 21 11
Telefax: +41 56 310 21 99

Der Weg zu uns
Kontakt

Besucherzentrum psi forum
Schülerlabor iLab
Zentrum für Protonentherapie
PSI Bildungszentrum
PSI Guest House (in english)
PSI Gastronomie
psi forum-Shop

 

Service & Support

  • Telefonbuch
  • User Office
  • Accelerator Status
  • Publikationen des PSI
  • Lieferanten
  • E-Rechnung
  • Computing
  • Sicherheit

Karriere

  • Arbeiten am PSI
  • Stellenangebote
  • Aus- und Weiterbildung
  • Career Center
  • Berufsbildung
  • PSI Bildungszentrum

Für die Medien

  • Das PSI in Kürze
  • Zahlen und Fakten
  • Mediacorner
  • Medienmitteilungen
  • Social Media

Folgen Sie uns: Twitter (deutsch) LinkedIn Youtube Facebook Instagram Issuu RSS

Footer legal

  • Impressum
  • Nutzungsbedingungen
  • Editoren-Login