Accessing MacCHESS computers with VPN

MacCHESS data and resources are inside the CHESS firewall. If you need to connect to MacCHESS data or resources from an outside network location, you need to use Virtual Private Networking (VPN).

The most common reason for wanting to link up with MacCHESS computers from outside is to remotely operate a data collection session. However there might be other reasons, such as to process or retrieve data which was previously collected. Through the use of VPN software, you can reach the relevant MacCHESS computers as though you were on our lab network.

Get CLASSE IT credentials

About a week in advance, make contact with MacCHESS about remote access. We need to know who will be the primary contact. MacCHESS will issue time-limited CLASSE* IT credentials to the primary contact. This will consist of a username and instructions for securing your password. The credentials should last long enough to complete the planned access.

Set up VPN

Install OpenVPN on the computer you will use during data collection. CLASSE has a wiki page describing how to install and configure OpenVPN. (Your CLASSE IT credentials are required to access the wiki.) Here's a tip for Windows7 users: be sure to "Install as administrator." In addition to the software itself, you will need to install a configuration file and a certificate in the OpenVPN directory. These files are available from the wiki page. When you run OpenVPN and open a connection, you will be prompted for an account name and password. Use the CLASSE IT credentials you were assigned. You will be connected to CLASSE VPN server, and will have access to its additional network links inside the CHESS firewall.

This allows you to connect to the necessary MacCHESS workstation. Presuming you are collecting data at beamline F1, this will be data collection server ( You can verify the VPN connection by trying to open an SSH connection to landline. Use the specuser data collection account to login to landline. Leave the VPN connection open throughout data collection and retrieval. You will need to remember your CLASSE IT account name and password for the duration of the experiment. For future beamtime assignments, the account will be renewed.

* CLASSE, the Cornell Laboratory for Accelerator-based ScienceS and Education is the parent department of CHESS and MacCHESS.