I know that several people from MSU read this blog, so here is a question: why can’t I do VPN when I’m on campus? Whenever I try to establish some sort of ppt connection with the outside world I get stopped at the firewall. Wtf?
I’m relatively sure I’m not the only person who is running into this issue. At lest 2 other people that I talked to had a similar problem. I can totally understand why the university would lock down various p2p related ports but pptp?
In the past I got around this by leaving the RDP port open at one of the servers, but recently I was told to close it for security reasons. I don’t argue with that – it is clearly a sound thing to do. Unfortunately this means that the only way I can get remote desktop access to the server now is via VPN. And I can’t do VPN from campus…
Any suggestion how to get around this? My only solution right now is to use ssh tunneling to bounce my pptp traffic off of some external server. I’m not sure if that would work though…
Solutions go!
[tags]vpn, msu, montclair state, university, firewall, pptp, security[/tags]
As the various network upgrades were performed in the past, I believe that the Networking group was guided by the following (good) principle:
“Disable all and then enable only what needed/requested/approved”
If I get more info, I’ll let you know.
Yeah, that makes sense. But still – I imagine that quite a few people sometimes need to bring their work to school with them, and could really use a working vpn…
Anyways, thanks! :)
Wohoo! Miloš hooked me up! I think I will be able to use VPN on campus now. :mrgreen: :mrgreen: :mrgreen:
Milos is right. When I worked for networking we would have to get access per device in order to punch a hole through the firewall. There are a few tricks to get around things though … how did Milos hook you up?
Well… He asked the firewall wizards to make a rule for me that would allow me an outbound access to the specific IP that I need.
But I still haven’t been able to successfully VPN out.
I talked to Nick and he said he had similar problem, and a similar solution, but his rule did not go into effect for couple of months until MSU had a major power outage and the firewall got rebooted. :P
Sigh…
Heh heh, yea well, I was with MSU before we even had a firewall. They were late in the security game. I used to scan open netbios shares at MSU from home when I was still in high school. Back then if you came to the campus with a foreign laptop all you needed to have was a bootp client or know how to grab a DHCP address yourself. Now there is a registration/virus scan process, etc. Things have changed all the way over to the other side.
Basically they had so many campus wide issues with worms, DOS attacks, and hacks that they implemented an extremely strict policy that cripples some usability. There is a very complex art to having intelligent firewall rules. When I was setting up Via Video conference cameras, we had to punch holes to access it via telnet (it did not run SSH) and http. Pretty soon, incoming and outgoing connections had different issues, and after a while, anything besides basic browsing potentially needed an admin’s involvement.
Well, you got the admin involved and the allow rule was purportedly created. So it seems you need to find a way to make the firewall reboot. How good are you with electricityz? Heh. ;) Jk jk, I don’t want to end up in the Montclairion again. Hahaha!
My favorite MSU security mishap was when Dr. Zartiski’s monster cluster got totally 0wned and used to run DDOS attacks. Fun times.
Wait, what do you mean by “again”? What did you do to get into it the first time?
Haha, yea, galaxy – it was a clusterfuck, literally. I was running a sniffer trying to analyze all that BS IP traffic, it was meaningless.
First time? Oh , that livejournal “scandal”, back when some genius, *ahem*, at MSU put all our SSNs up where a webcrawler could cache. I thought the school should have been held somehow responsible or at the very least the person should have been fired. This, to MSU’s paper, was big news. ZOMG el jay is newzzz!!11 Shanywayz, it turns out that person is gone now , so things have a way of working themselves out.
I must have missed that – I never really read the Montclairion. I hear it is good for burning though. Ark took a pottery class at some point, and he said they would regularly raid the Student Center and take reams of Montclairions for burning in the glazing furnances. ;) So they quoted you in it or what?
And people should have been fired. Someone out there was responsible for “accidentally” putting these records in the open, or authorizing someone to do it. If they won’t take any disciplinary action against people who do stuff like that then this will continue to happen.