We have VPN and Proxy(III WAM) available here although for our online
resources VPN doesn't get you anything special you still go through proxy.
The regular URLs and Proxy URLs are in a PostgreSQL database and the page with
the links to online resources is dynamically fed based on your IP (HTTP
variable HTTP_X_FORWARDED_FOR). Apache forwards all requests to Zope server
so that's why I'm not checking REMOTE_ADDR variable. If your IP is not in our
domain, that is if the first two octets don't match, then you get a proxy link
which goes to our III authentication page. Online resources that are free get
the same URL for on campus and off campus not a PROXY link.
I use a simple python script to check the http variable
'HTTP_X_FORWARDED_FOR' and return 0 or 1 in the variable 'hostname' to a Zope
(python based WEB server) page. A simple IF conditional statement determines
which URL to display based on the return value of the script.
# call the python script ip_add_flag and set the return value to the variable
hostname
<dtml-call "REQUEST.set('hostname',ip_add_flag())">
<dtml-if hostname>
<A href="http://<dtml-var vdb_local_url>"><dtml-var vdb_title></a>
<dtml-else>
<A href="http://<dtml-var vdb_proxy_url>" target="new"><dtml-var
vdb_title></a> <font size=-2>(opens in a new window)</font>
</dtml-if>
The campus offers a VPN service but you don't get the usual campus domain IP so
we handle it the same as if it is any other off campus IP, our vendors are not
given this range either so it is not in the group of IPs for licensing certain
databases.
As far as user complaints, we have a form that a small group of people here
receive those submissions and they put it into TRAC and individually work
through the issues.
Don't know the ratio of Proxy:VPN users, I don't have a definitive range of VPN
IPs to work with. The campus VPN is used to be able to access certain
servers that are not normally accessible off campus because the vlan they are
in.
Thomas
On Monday 25 October 2010 09:33:55 Tim McGeary wrote:
> Hi all,
>
> I realize that some of you may not directly deal with this issue, but I
> was wondering if I could get some quick replies about how your
> institutions are handling access to off-campus resources via VPN and Proxy.
>
> Do you offer a VPN service? If so, do you split-tunnel the traffic so
> that the VPN only handles traffic to inside your campus IP? If you
> split-tunnel, do users complain about not being able to connect to
> external library resources (databases, journals, etc)?
>
> Do you offer a Proxy service? Will your proxy service work for users
> already connected to VPN?
>
> Do you know an estimated ratio of Proxy:VPN users?
>
> Thanks,
> Tim
>
--
==========================================
Thomas McMillan Grant Bennett Appalachian State University
Operations & Systems Analyst P O Box 32026
University Library Boone, North Carolina 28608
(828) 262 6587
Library Systems Help Desk: https://www.library.appstate.edu/help/
==========================================
|