VPN2

Alternative VPN gateway vpn2.mpcdf.mpg.de

Due to the current situation with regard to COVID-19, usage of the MCPDF VPN service has increased significantly. So far the service is running stable, but under heavy load.

To take some load off the primary VPN server and be able to handle further increases in usage, a temporary second VPN gateway is now available:

vpn2.mpcdf.mpg.de

../../../_images/capture_001_23032020_085236.png

(Should you not see “vpn2” in the list, connect once to vpn.mpcdf.mpg.de)

Please take note of the following changes:

• You do not have to select a group (AllUsers, IPP etc.) anymore. Group “GENERAL” is for all users, with the correct profiles being assigned automatically based on the information in our user database.
• Sessions will run in “Split Tunnel” mode by default. This means only connections to the Garching campus (130.183.0.0/16) and select other services (SAP, IPP intranet) go through the VPN.
../../../_images/vpn2_tunnel_all.pngIf necessary, you can route all traffic through the VPN by putting a “!” before your username (see screenshot).
This can be required for access to certain external services such as publications, ebooks etc. only allowing access from MPG addresses or if you are connecting from an untrusted public network.
• You will be assigned private IP addresses from the following ranges:
10.187.0.0/22: AllUsers To outside (NAT): 130.183.212.64
10.187.4.0/22: IPP To outside (NAT): 130.183.212.128
10.187.8.0/23: MPCDF To outside (NAT): 130.183.212.7
The private adresses will be translated to public adresses from the old range 130.183.212.0/24 when accessing outside resources.
This means there generally should not be any difference or problems.
However if you are accessing internal resources that are only reachable from certain IPs, those rules might need to be adjusted.
• vpn2.mpcdf.mpg.de might need to be temporarily shut down / rebooted for some final config adjustments during the next few days. We aim do maintenance outside of normal working hours (8am - 5pm). You can also of course always use the old vpn.mpcdf.mpg.de
• Some users might get an error (“secure gateway rejected the connection

  • other error”) when connecting to the new gateway for the first time. Please just try a second time and the connection should be successfully established.