This is an old revision of the document!
Virtual Scan will have a public facing wiki soon. Until then, this page is for client sites IT staff and vendors with information that is useful for allowing our remote access capabilities to work in an optimal manner.
The essentials: The VPN endpoint device at the facility needs access to the internet, outbound. No port forwarding or other inbound rules except for normal NAT out and back. It does not require DNS, but it helps. Typical traffic is UDP to port 1194 at 139.177.203.144 using an MTU under 1000. Using a OpenVPN with AES-256-CBC cipher and SHA256 Auth.
Required: If using VLAN's/ACL or physical separation, the VPN endpoint has to have access to the MRI and/or CT scanner's IP addresses. Which ports depend on the scanner. Typically: 22 (ssh), 23 (telnet), 5800 (vnc), 5900 (vnc), 7443 (vnc), 3389 (rdp).
The VPN endpoint needs upstream internet access to: IPV4: 139.177.203.144 IPv6: 2600:3c02::f03c:94ff:feca:42dd Protocol: UDP and TCP on port 1194 Just allowlisting the IP's and ports above are all that is required. If you are using very strict rules, you should add the following just in case: The backup: IPV4: 50.116.36.169 IPV6: 2600:3c02::f03c:94ff:fe83:6a7 Protocol: UDP and TCP on port 1194 and 1142 The backups backup: IPv4: 198.74.54.145 Protocol: UDP on port 443