Remote access has changed in form but not function over time.


The VPN serves the needs of roadwarriors everywhere.

Our current public VPN is based on the PPTP protocol, geared for mobile users to make connections back to home base. In the tradeoff between security and ease of client configuration, it was certainly chosen for the latter. Other VPN technologies such as IPSec and OpenVPN see use for other special needs.

Client connections are authenticated using the MSCHAPv2 authentication protocol. This is the least insecure option that does not require cleartext password retrieval, and can be tied to our Windows domain for unified logon. Once authenticated, the user's connection is tunneled (GRE) onto the guest network.

Ideas for this setup were influenced by the last phase of the legacy campus dial-up service.

RAS (Dial-up)

Dial-up survived past the millenium: analog phone line modem connections in 2005! We resurrected our modem pool primarily for our cell phone users, because cell phone data plans were even more of a rip off at the time.

Clients dial in and authenticate using PAP, CHAP, MSCHAP, or MSCHAPv2 authentication protocols. RADIUS is tied to the enterprise LDAP cluster for unified logon. Once authenticated, the user's PPP connection is terminated on the guest network.

ctime: 2005-11-16