- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: VPN on VMS
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-07-2007 05:13 PM
тАО12-07-2007 05:13 PM
Is it possible to set up a VPN connection directly between two Alphas located at two different sites? Can one of those sites be residential?
I'm using OpenVMS 8.3 on each and running TCP/IP services. I'm also running DECnet Phase V.
Thanks.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-07-2007 08:35 PM
тАО12-07-2007 08:35 PM
SolutionIt depends on your definition of VPN. You can use SSH but I am not aware of any way to tunnel DECnet phase V through an SSH connection. Perhaps Colin Butcher knows of a method.
According to the OpenVMS roadmaps IPSec is coming, but not for a while (2009). http://h71000.www7.hp.com/openvms/roadmap/openvms_roadmaps.htm?jumpid=/go/openvms/roadmaps
I assume you want the two Alphas to be able to communicate using DECnet Phase V vs. just having a user on one Alpha SSH to the other Alpha over the internet.
Re: "Can one of those sites be residential?"
What is different about residential? Dynamic ip address? ISP filtering? Please explain.
Depending on what your requirements are, SSH may be good enough. If you want LAN to LAN (aka Site to Site) VPN, you should at least consider using dedicated devices for the VPN.
Linksys BEFVP41's are "consumer grade" Routers that act as IPSec VPN endpoints. They work reasonably well. As long as one end has a static IP address, they can maintain a VPN connection, and reestablish a new one even if the dynamic IP address is changed. They have hardware encryption chips so the performance is better than for the cheaper Linksys BEFSX41 that does VPN in software. The BEFVP41 are around $110 each, and you will need one on each end. They have ethernet connections for the WAN and LAN (4-port switch), so you will need something that has ethernet handoff.
A similar device I have never used is the D-Link DI-804HV, which is cheaper than the BEFVP41 and gets better reviews on Amazon than the BEFVP41, but it is a discontinued product.
For more money (around 5 times as much) you can get more flexible devices like the Cisco871-SEC-K9, but setting them up without a static IP at each end is more involved.
Jon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-07-2007 09:52 PM
тАО12-07-2007 09:52 PM
Re: VPN on VMS
Great info. Thanks. I have AT&T DSL at home and Cavalier DSL at the shop. DECbet copies would be great but I'll settle for TCP/IP stuff.
I also have a buddy in Sweden. It would be nice to be able to let him login with his VAXstation.
I was going to talk to AT&T about it, but it's kind of painful because they only know about PC stuff.
Thanks again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-07-2007 10:12 PM
тАО12-07-2007 10:12 PM
Re: VPN on VMS
You should also take a look at the STunnel support. OpenVMS STunnel (available for all three architectures: Itanium, Alpha, and VAX) is described on the HP OpenVMS www site at: http://h71000.www7.hp.com/opensource/opensource.html#stunnel
From the Release Notes (available from the above URL):
"SSL for OpenVMS product is a port of OpenSSL (www.openssl.org) to OpenVMS Alpha & I64. This is a supported layered product that ships with OpenVMS version 7.3-1 or later. The kit also can be downloaded from the HP OpenVMS web site http://h71000.www7.hp.com/openvms/products/ssl/ssl.html)."
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2007 01:37 AM
тАО12-08-2007 01:37 AM
Re: VPN on VMS
On the other hand... if you just want 'simple' access to an OpenVMS server at home from the outside, then you may be able to convince your (DSL) router to do the right thing.
When I needed this once, while travelling, I used a port map defintion to poke a tiny hole through the firewall into the right local target.
You may also check out the 'DMZ' options on the router. Again, sorry if this is too simplistic, but just in case...
fwiw,
Hein.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2007 04:02 AM
тАО12-08-2007 04:02 AM
Re: VPN on VMS
Telnet, rsh, ssh, and so on?
So far as I know, TCPIP knows nothing about
VPNs, but if you have external gizmos which
provide one, it dosn't need to know anything
about them. One IP router looks the same as
another to it.
> Can one of those sites be residential?
Why should VMS care? antinode.org is
entirely residential, with a DSL connection
through a Cisco 678 DSL modem/router (which
seems to be much more suitable than the junk
which Qwest is offering nowadays).
> I also have a buddy in Sweden. It would be
> nice to be able to let him login with his
> VAXstation.
What stops him now? Your DSL gizmo? (Which
is what, by the way?) If you have a DSL
modem/router, or a DSL modem with a separate
IP router, then you should be able to tell
the (NAT-capable) router to pass FTP (ports
20,21), ssh (port 22), Telnet (port 23),
rexec,rlogin (ports 512,513), X (ports 6000,
6001, ...), and so on to the machine of your
choice. I routinely log into my main Alpha
from other sites, usually by Telnet. (It
also does DNS and SMTP, and the FTP and HTTP
servers.)
> DECbet copies would be great but I'll
> settle for TCP/IP stuff.
I don't use it, but I gather that DECnet Plus
can do DECnet over IP.
It often helps to (define and) state your
actual requirements, rather than ask how to
implement what may be the wrong solution (a
VPN).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2007 06:27 AM
тАО12-08-2007 06:27 AM
Re: VPN on VMS
Particularly for a home configuration involving an old VAXstation, I'd agree with the other responses that the easiest way to set up a VPN (if you actually need one) would involve consumer-grade router boxes.
- Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2007 12:59 PM
тАО12-08-2007 12:59 PM
Re: VPN on VMS
Thank for you for all of your responses, advice, and interest. As Steve pointed out, here is my situation.
At home, I have DSL through AT&T. I have a 2-Wire 2701HG-B Gateway. The 2-wire allows me to implement DMZ for one computer on the inside of its Firewall.
So in order for me to serve web pages with my Alphaserver OpenVMS 8.3 eBusiness web server, I set the DMZ for the Alpha's DHCP assigned (by the 2-Wire) IP address.
This is changing the subject al little, but tne trouble is, I'm using dynamic IP addressing. Static would cost me an additional $69/month, in addition to the $24/month just to have DSL. So you can see why I wouldn't buy static!!!!
BTW, so every time the DSL line drops and comes back, I the 2-wire assigns a new address to the DMZ computer, which is no longer the Alpha's IP name (e.g., decxchange.com). It assigns DMZ to
So to fix this, I need to shut down and restart TCPIP services on the Alpha, reassign DMZ on the 2-wire, then go to AT&T's "Small Business" web site, and reassign address forwarding.
This happens WAY to often, and I just don't have time to babysit it. OK, so that's another issue that needs to be fixed. Back to the subject at hand.
On the other end, a small business in town, they have DSL through a company called Cavalier. It looks like he has just a DSL modem given to him by Cavalier. So I was going to call Cavalier next week and find out how his IP addresses are assigned to his PCs and what kind of firewall (if any?) is in use.
So I wanted to put another one of my Alphas in his busines's shop and set up either or both a TCP/IP and DECnet OSI Phase V link between home and his shop. I wanted to setup a web site that Alphas at either location could be a backup to each other.
Now all of your ideas look promising and I'm going to investigate them. I still have a lot to learn at this level of internet setup, as you probably can see.
Thanks for having a constructive conversation with me. Any other useful comments are welcomed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2007 01:33 PM
тАО12-08-2007 01:33 PM
Re: VPN on VMS
Can you configure your DSL unit to forward
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2007 05:55 PM
тАО12-08-2007 05:55 PM
Re: VPN on VMS
> 2-Wire) IP address.
That would seem to be the first thing to
change. I don't see how NAT will be able to
locate a moving target. Around here, all the
normal systems have static (10.0.0.x) IP
addresses. The Cisco 678 is configured to
offer DHCP (at 10.0.0.224 - .239) for
transient client-only systems who happen to
visit. Anything which wants to be a server
of any sort should have a static address, at
least internally.
> Static would cost me an additional
> $69/month [...]
Do I have the only good ISP in the country?
Having been at 209.98.249.184 for years, I
don't need to worry about it, but I gather
that a dynamic DNS provider can be used to
cope with a changing external address.
Internally, it's up to you to create a stable
environment.
I have a couple of friends with Cable TV or
DSL who have only simple-minded non-routing
Cable or DSL modems, but they also have them
connected to (cheap and nasty) IP routers,
which gives them capabilities similar to
mine.