IRMACS network connections

You have several ways of making use of the IRMACS computing facilities:

In case it helps: with Linux, the following entry in /etc/wpasupplicant.conf seemed to work:

        identity=<your IRMACS login>
        password=<your IRMACS password>

If you connect using SFU, SFU-SECURE or eduroam, you will not be inside the irmacs firewall, so hydrogen will not be accessible. In order to access hydrogen, you can make use of the [ IRMACS VPN] (again, use IRMACS credentials to authenticate).

Under linux, vpnc 0.5.1 seems to work well (probably better than Cisco's own vpnclient software, but I did not try). Configuration goes in /etc/vpnc/default.conf:

IPSec gateway
IPSec ID KerbGroup
IPSec obfuscated secret 440FD5657B03F5C1A39AE2F3865AC5BE45CF5C1C1A4B3493AA954B2294AE7FA99B628E6DA7DB407A473305A8037A7E7384B484ED796AB9D9
NAT Traversal Mode cisco-udp
Xauth username <IRMACS user name>

If you only want your traffic to IRMACS computers tunnelled, you have to configure a "split" network, and you probably want to keep your original DNS as well. The following settings could go somewhere in /etc/vpnc/vpnscript (let me know if you know a more elegant solution!):

CISCO_SPLIT_INC=1                    #-- number of networks in split-network-list
CISCO_SPLIT_INC_0_ADDR=   #-- network address
CISCO_SPLIT_INC_0_MASK= #-- subnet mask (for example:
CISCO_SPLIT_INC_0_MASKLEN=23         #-- subnet masklen (for example: 24)
CISCO_SPLIT_INC_0_PROTOCOL=0         #-- protocol (often just 0)
CISCO_SPLIT_INC_0_SPORT=0            #-- source port (often just 0)
CISCO_SPLIT_INC_0_DPORT=0            #-- destination port (often just 0)