gogs/git issues and VPN access to the Auton Lab

Predrag Punosevac predragp at andrew.cmu.edu
Tue Nov 3 11:45:37 EST 2020 

Dear Autonians,

I know that many of you were annoyed by the fact that in order to use our
internal instance of Gogs you had to use X2Go for GUI access to one of the
shell gateways first.

https://gogs.io

After a bit of consideration the following solution proposed by Gus Welter
seems to be the easiest. Locate on your machine the following file or
create a new one

~/.ssh/config

use your favorite editor and create an entry as follows:

Host gogs
         Hostname lop2.autonlab.org (you could do any other shell gateway)
         User $yourusername
         IdentityFile ~/.ssh/$your_private_key  (could be left out if you
insist on using LDAP password)
         Port 22
         LocalForward 2222 git.int.autonlab.org:80


Then just ssh to gogs. Open the web browser on your own computer and type
in the search bar

http://localhost:2222

Magic will happen. I will update documentation shortly.


After further consideration, evaluation of various VPN technologies:
OpenSSH, IKEv2, OpenVPN, tinc, WireGuard, AnyConnect (CISCO proprietary
version as well as open source *ocserv *clone)  the following decision was
made:

We will continue to provide world wide access to the Auton Lab
infrastructure via shell gateways OpenSSH for people who don't have the
Auton Lab provided/supported desktops. However, I will add the additional
4th shell gateways. FYI (will be updated in the documenation as well) There
is a minor difference between

lop2.autonlab.org
lop1.autonlab.org (I will replace dead gateway with the new one)

and

bash.autonlab.org
lion.auton.cs.cmu.edu

The first two shell gateways have no VPN overhead. The second two shell
gateways are just the desktops which are connected via OpenVPN to the
computing nodes. As a matter of fact any Auton Lab desktop is potentially
shell gateway but the login is restricted only to the desktop owner. The
desktops use OpenVPN to connect to the Auton Lab LAN zone. Unless your ISP
is blocking UDP port 1194 (not uncommon) and you have a very complicated
NAT (network address translation) set up at home there is no reason that a
desktop which you take home will stop having VPN access to the lan zone.

Upon the insistence of Robert Edman I agreed to create and distribute
certificates/keys and configuration files to any Auton Lab member who would
like to set up OpenVPN access from her/his home computer to our VPN
gateway. However, I am not willing to give any support beyond that and
furthermore I am not willing to answer any emails regarding your personal
machines and home networks.


Most Kind Regards,
Predrag Punosevac
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.srv.cs.cmu.edu/pipermail/autonlab-users/attachments/20201103/0937f23f/attachment-0001.html>

More information about the Autonlab-users mailing list