VPN (virtual private network) is a means to connect your computer at a remote site (e.g. home) to the University network in a secure (encrypted) and authenticated (password) manner. The VPN service enables your home computer to appear as if you were directly connected to the U of S Network.
When you connect to an Internet service provider (e.g. Shaw, Sasktel or U of S), your computer is given a unique address on that provider's network and have full access to the Internet. With this access you can connect to the U of S webpages and e-mail servers, however, you will be denied access to U of S-specific services (e.g. Windows "Map Network Drive" feature on your University computer) because your computer is using an address other than a U of S network address.
Once you are connected to your Internet service provider you start up the U of S VPN service and log in using your NSID username and password. At this point a second "virtual" network interface is established over the Internet between your computer and the U of S VPN server. The server provides a U of S address for the virtual interface. From that point on any traffic from your machine to a U of S address is encrypted and sent over the Internet to the U of S VPN server where it is decrypted and sent to the appropriate U of S service.
Computers communicate via ports. For example, Port 139 NetBIOS is used for all Windows file and printer sharing. This is a dangerous port on the Internet and the site for common hostile scans, worms, and attacks. To ensure a secure and reliable network, Feb 10, 2003, ports 135, 137-139 and 445 were blocked at the U of S campus border. The decision to block these ports was made in consultation with the IT Risk Management Committee and ITC. Port blocking will improve the security on the campus network; however, it may affect the tasks of some faculty and staff. If you have an off-campus computer that connects to on-campus Windows shares (e.g., Windows "Map Network Drive" feature, directories, files, or printers) or log in to Windows boxes on campus--from off campus you will not be able to do this. You will need to use the U of S VPN to securely access those files from your home (off-campus locations).
The University is using the Cisco VPN client. Because of current limitations in the VPN equipment at the University, no other clients or VPN technologies can be supported at this time. More options maybe provided in the future.
No. The U of S VPN Service is restricted to faculty and staff who have specific work-related needs.
There are five steps to use VPN software:
1. Ensure your home computer is secure. Failure to address these areas leaves your computer and the campus vulnerable to attack:
All user accounts on your computer (e.g., Admin, Guest, etc.) must have passwords.
Your computer should have up-to-date virus software.
Ensure your Windows software is updated with service packs and security patches.
2. Know your Network Services ID username and password.
3. Contact your local college IT support staff to have your NSID enabled for the VPN service.
4. Download and install the U of S VPN client software.
5. Connect to the U of S VPN service, tunnel.usask.ca, using your NSID username and password.
Please refer to the Library connect guides.
The U of S VPN service will allocate you an address from the campus network range (i.e.128.233.x.x).
Yes the VPN Client software will only encrypt data destined for the Campus Networks, all other traffic will be untouched. You should only connect with the VPN software when you need it. You do NOT need VPN software to access campus e-mail or access to campus websites.
The VPN software provides the same level of access as provided by a computer anywhere on campus. If you could NOT access your files from other computers on campus then you will not be able to using the VPN. Sharing files on your computer increases the security risks. Please consult with your local IT support before sharing.
Your speed will depend on your Internet connection (e.g. Sasktel Highspeed, Shaw Cable, dialup, etc.). VPN adds a small amount of overhead to your traffic.
There is a 15 minute "idle" timeout. You must use the connection at least once every fifteen minutes, or it will automatically close.
1. If you require general access to the University (e.g. browsing U of S webpages, e-mail, etc.) then you do not need to use the VPN software.
2. If you need to connect to internal resources (e.g. mounting campus file shares from your home) then you need to use the VPN software.
There is a bug in Cisco VPN version 3.7.2 which causes OS X versions 10.2.3 and later to lose the network connection when the computer goes to sleep. The computer will successfully connect to the network again if it is restarted.
You should remove the Cisco VPN version 3.7.2 client. Run the "Terminal" application (in the Applications/Utilities folder). Type "sudo sr/local/bin/vpn_uninstall" (without the quotes). You will be prompted for the administrator's password. Enter "yes" when asked if you wish to uninstall. After the uninstall process has completed, reboot your computer. You may have to manually delete any aliases to the client program that you placed in your dock. Download and install for Macintosh (Intel) or Macintosh (PowerPC).
Firewalls control network access to (and from) your computer. This may interfere with use of the VPN. In particular, the network traffic that you want to pass to and from the University may be blocked by your firewall. The combination of VPN and a firewall will help increase the security of your computer. As there are several types of firewalls, these will be dealt with in more depth below.
+ If you run IPSec on your router, you will need to turn that off.
+ You will need to enable access to port 10000 on tunnel.usask.ca.