Skip to main content
  • Paul Scherrer Institut PSI
  • PSI Research, Labs & User Services

Digital User Office

  • Digital User Office
  • DE
  • EN
  • FR
Paul Scherrer Institut (PSI)
Search
Paul Scherrer Institut (PSI)

Hauptnavigation

  • Our ResearchOpen mainmenu item
    • Current topics from our research
    • Future Technologies
    • Health Innovation
    • Energy and Climate
    • Fundamentals of Nature
    • Large Research Facilities
    • Brochures
    • 5232 — The magazine of the Paul Scherrer Institute
    • Research Divisions & Labs (only english)
  • IndustryOpen mainmenu item
    • Overview
    • Technology Transfer
    • Expertise
    • Spin-off Companies
    • Park Innovaare
  • Proton TherapyOpen mainmenu item
    • Overview
    • Physician & Patient Information
  • CareerOpen mainmenu item
    • Overview
    • Job Opportunities
    • Working at PSI
    • Personnel Policy
    • Equal Opportunities, Diversity & Inclusion
    • Training and Further Education
    • Vocational Training
    • PSI Education Centre
    • Career Center
    • Support Program "PSI Career Return Program"
    • PSI-FELLOW/COFUND
  • Visit to PSIOpen mainmenu item
    • Overview
    • Visitor Centre psi forum
    • Schülerlabor iLab
    • Public Events
    • How to find us
  • About PSIOpen mainmenu item
    • PSI in brief
    • Strategy
    • Guiding principles
    • Facts and figures
    • Organisational structure
    • For the media
    • Suppliers and customers
    • Customers E-Billing
  • DE
  • EN
  • FR

Digital User Office (mobile)

  • Digital User Office

You are here:

  1. PSI Home
  2. About PSI
  3. Computing
  4. Services
  5. Connection and Logins
  6. VPN

Secondary navigation

Computing

  • IT ServiceDesk
  • Services Expanded submenu item
    • PSI Pocket
    • Videoconference
    • Email
    • Connection and Logins Expanded submenu item
      • SSH Hop
      • VPN
      • Onsite Internet
      • WLAN
    • Data Transfer/CVS
      • FTP
      • AFS
      • Subversion CVS
    • Items for Rent
  • Security/Regulations
  • IT in der Forschung
  • Quicklinks
  • About Us
  • Contact

Dieser Inhalt ist nur in englischer Sprache verfügbar

VPN Access to the PSI Intranet

To access intranet resources users outside the PSI must connect through a Virtual Private Network (VPN).

By connecting through the VPN a host becomes effectively part of the PSI intranet, regardless of its original location. The system will appear on the Internet with a PSI address, and traffic will pass through the PSI Firewall.

Thus the following rules apply to all users of the VPN Software.

Rules

  1. Users of the VPN Client must adhere to the Usage and Monitoring of IT Resources at PSI / Nutzung und Überwachung der EDV-Ressourcen am PSI
  2. An up-to-date Virus scanning tool 1 must be installed and running on the client.
  3. The client os must be fully patched, especially through os and application security fixes.
  4. AIT may monitor the VPN Traffic to prevent misuse 2.
  5. No Network services (webserver, P2P etc.) may be offered on VPN Clients.
  6. AIT supports users by providing installation help (this page) and the VPN client software. Additional support can only be provided for PSI standard installations.

Notes:

  1. A good, for home use free virus scanner is available from Avira Free Antivirus.
  2. AIT will not access your home system. Only traffic flowing through the PSI Network will be monitored.

FAQ

Wich Password must I use (with SecurID)
The password is a 12-digit number comprised of your PIN, followed by the current number shown by your Token: rsa password.png

 

After installing I can't access my PC anymore from other systems.
If you are connected through the VPN, access to the PC is not possible, except through your secure channel. Otherwise your system would open up a tunnel from the Internet to the PSI net, bypassing the Firewall.

How will the VPN software affect throughput?
When you're at home, measurements indicate that the throughput between your PC and the network at work may reduced by somewhat less than 10 percent, depending upon the type of traffic being generated. Whilst any amount of performance degradation is undesirable, it is the cost of doing business securely and offering an improved access possibility.

Will AIT have access to my PC, when I'm connected through VPN.
No, your PC will become part of the PSI network, but that is not enough for anyone to get access to your system. When you connect to the PSICH Domain, AIT could, in principle, run the same scripts on your home system as it does on your office machine. However AIT will not execute any of these scripts on a system connected through VPN.
However AIT may monitor the network traffic you create. This is done automatically and AIT staff will only look at this if our monitoring software reports a problem. This software watches for hacker attacks (in and out :-)), network problems, viruses etc.

Is it possible to connect to PSI with a Windows XP system?
After April 8 2014, VPN is forbidden with XP clients. The firewall will block such clients. The reason for this is that Microsoft no longer provides security updates for Windows XP.

I have installed a firewall and now VPN doesn't work anymore.
VPN needs certain ports and protocols open. These are:

TCP Port: 443
UDP Port: 443
UDP Port: 500
UDP Port: 4'500

Problems with AFS via VPN (Windows)

  1. RDP session via VPN to PSI terminal server winterm3.psi.ch (requires SecurID token) or
  2. RDP, vnc, smb etc. via SSH tunnelling to hop.psi.ch (does not require a SecurID token)

PSI employees can tunnel the following TCP connection into the PSI LAN via hop.psi.ch

                TCP port number is used by

                22 SSH

                80/443 HTTP(S)

                445 Windows file server (e.g. fs00, fs01 or fs02)

                >1023 e.g. for RDP, VNC etc.

External employees can tunnel the following TCP connection into the PSI LAN via hop.psi.ch

                TCP port number is used by

                22 SSH

                3389 RDP

                5900 VNC

                If necessary, further connections can be released on request.           

documentation:

                https://www.psi.ch/en/computing/ssh-hop

                https://www.psi.ch/de/computing/ssh-hop

Sidebar

VPN Installation and Settings

Windows windows.gif
Linux windows.gif
Mac OSX apple.gif

top

Footer

Paul Scherrer Institut

Forschungsstrasse 111
5232 Villigen PSI
Switzerland

Telephone: +41 56 310 21 11
Telefax: +41 56 310 21 99

How to find us
Contact

Visitor Centre psi forum
School Lab iLab (in German)
Center for Proton Therapy
PSI Education Centre
PSI Guest House
PSI Gastronomie (in German)
psi forum shop

Service & Support

  • Phone Book
  • User Office
  • Accelerator Status
  • PSI Publications
  • Suppliers
  • E-Billing
  • Computing
  • Safety (in German)

Career

  • Working at PSI
  • Job Opportunities
  • Training and further education
  • Career Center
  • Vocational Training (in German)
  • PSI Education Center

For the media

  • PSI in brief
  • Facts and Figures
  • Media corner
  • Media Releases
  • Social Media

Follow us: Twitter (in English) LinkedIn Youtube Facebook Instagram Issuu RSS

Footer legal

  • Imprint
  • Terms and Conditions
  • Editors' login