Draft – not complete
As a user of MAX IV one can access some of the internal resources via a VPN connection. Users with an active account in DUO can establish a connection to the “white network” which gives access to various web based services and the offline HPC system.
When on site at MAX IV, there is no need to use the VPN. Directly connecting to maxiv_guest wifi gives a faster connection and access to the same resources (see WiFi section).
Some beamlines allow for remote operation of the experiment. The degree of access varies between the beamlines, and hence there are specific VPN options for each beamline. For information about what level of remote access the beamline offers, see the individual beamline information at Beamlines & accelerators.
Multi factor authentication
To access MAX IV remotely you need to authenticate with your username and password, plus a One-Time Password. Before continuing with the download instructions, see the guidelines in the One Time Password section to setup your phone for generating an OTP.
VPN server and client software
MAX IV is now using a VPN administration software called pritunl. It is an open source software that is using OpenVPN and WireGuard under the hood for the VPN tunnel connection.
There are two endpoints at MAX IV relevant to Beamline users.
- https://pritunl-white.maxiv.lu.se (for access to compute resources and some administrational tasks)
- https://pritunl-blue.maxiv.lu.se (for remote experiments, only available during assigned beamtime)
The client software is available for most commonly used operating system. It can be downloaded at https://client.pritunl.com/#install That link will also be available after login to the MAX IV endpoint.
Client installation
All platforms will require local admin privileges to install the client.
The client software can be downloaded with a web browser from link above. Pick the download that best matches you platform.
Use you default web browser to login to https://pritunl-white.maxiv.lu.se/ or https://pritunl-blue.maxiv.lu.se/, after the successful SSO login the web page shows the “Download Client” button that will lead to the client download page (alternative to using the link above).
Configure the client
To configure Pritunl VPN client to work with MAX IV VPN service, you need to complete one-time configuration procedure.
Step 1: Open the VPN Endpoint URL (https://pritunl-white.maxiv.lu.se) in the browser and copy the “Profile URI Link“
Step 2: Start the Pritunl VPN client application (look for the “P” icon) and click on “Import” at the top right corner of the window.
Step 3: Paste the “Profile URI” link and click “Import” button.
Connecting to VPN
Upon successful configuration, the profiles available for your MAX IV account will appear in the client interface, examples below.
If you need to access both the compute resources and the experiment control, you need repeat the configuration for both end-points mentioned above (https://pritunl-white.maxiv.lu.se/ and https://pritunl-blue.maxiv.lu.se/).
Note: Depending on the operating system and your account type, you might be offered to choose between OpenVPN and WireGuard. These are 2 different protocols that the Client can use to setup a VPN connection. For generic use we recommend to choose OpenVPN option.
Click “Connect” or “OpenVPN” button to initiate the VPN connection.
After click, your browser will open SSO login page. Upon successful login the web page will show “Successfully authenticated connection” message and Pritunl client changes the status for “Online For” showing how log you’ve been connected to the VPN:
To terminate VPN connection, click “Disconnect” button.