1. Home
  2. Docs
  3. Remote Access
  4. Getting by without a VPN client

Getting by without a VPN client

This page outlines tasks that many people feel they need the VPN client to use. We intend to fill this page with helpful tips, so please send mail to CELS Systems if you have a question that’s not addressed here — you may be surprised to learn that you don’t need the VPN for something that previously required it. Also, the lab is trying to find ways to allow people access to internal data without having to use separate VPN software.

Authenticated Wireless

If you’re on-site, you can connect to the Argonne-auth networks using your Argonne credentials. This serves functionally the same as a VPN or wired connection, but requires no approval or special resource access.

Using E-Mail

Argonne supports encrypted mail reading and sending via Outlook and Outlook Web Access (OWA). See Argonne’s documentation.

SSH Access

VPN is not required nor recommended for SSH access. See SSH (GCE) for details on which machines you can SSH to from anywhere in the world.


Argonne has set up a portal at dash.anl.gov to provide access to many business systems. Choose the “Light version” and you won’t need to install any additional software.

See My Argonne for more info.  See also: Printing and Downloading from Dash


If you have administrative rights on your machine, you can install and use sshuttle.  Each operating system has its own installation method, but after installation, you could do one of these commands:

sshuttle --dns -r homes-gce
  • (Routes argonne-bound traffic through the SSH tunnel)
sshuttle --dns -r homes-gce 0/0
  • (Routes all traffic through the SSH tunnel)

Please note: these instructions presume you have configured SSH as noted above such that “ssh homes-gce” works for you.  If you have used a different labeling scheme, update the commands accordingly.


Open a SOCKS proxy connection with the following command in GCE, using instructions from here:

ssh -D 32000 homes-gce

Then configure your web client to use SOCKS proxy on localhost using the port number you used above (32000 in this example).

You can find extensions for Chrome and Firefox to quickly switch between these configurations.

Please note that as long as you have your SOCKS proxy on, *all* your web traffic is routed to the host through which you connected (login.mcs.anl.gov in the example above).

This is useful for reading journals that require your connection originate at Argonne.

Browsers and configuration:

  • Firefox: Use Proxy Switcher. Sample config (assuming the port number chosen is 31000)
    • Switch to “Direct” when you are not proxying, switch to “Manual” when you are.
  • Chrome: Use Proxy SwitchyOmega. Sample config (assuming the port number chosen is 32000)
    • Switch to “Direct” when you are not proxying, switch to “ANL” or whatever you named the profile when you are.

Remote Desktop

If you’re using a Mac or Linux machine, simply do the following on a commandline:

ssh -L 3389:windows.cels.anl.gov:3389 homes-gce

Then connect to “localhost” with your rdesktop client. When you’re done, you can close the SSH connection.  The above instructions presume you’ve set up your SSH as documented here.

Remote filesystems

For Linux see: The FUSE project and SSHFS .

For OS X, see: Macfusion and SSHFS for OS X (Note that you will need to reconfigure Macfusion to point to the newer SSHFS binary, the instructions are at that same link ) Also see: FUSE for OS X.

Box is accessible from anywhere without a VPN.


See Printing for more details.