University of Saskatchewan

Information and Communications Technology (ICT)

Accounts & Passwords

Services & Support

Hardware & Software

Guides & Resources

About ICT


VPN - FAQs

1.What is a VPN?
2.How does a VPN work?
3.Why is a VPN necessary?
4.What operating systems are supported?
5.What VPN client software is supported?
6.Can I use the VPN Service for personal use?
7.How do I use the VPN software on my home computer?
8.What username and password do I use?
9.How do I access the Electronic Library Journals?
10.What IP address will I get?
11.Can I still get to other Internet sites?
12.I have connected successfully, but cannot access my files!
13.How fast is it?
14.Why does my VPN connection drop after a while?
15.Do I have to use the VPN software each time I want to access the University?
16.I am using Mac OS X. I have installed the VPN client. Whenever my computer wakes from the "sleep" mode, I cannot connect to the network. What is causing this?
17.What about Firewalls?

1 . What is a VPN?

VPN (virtual private network) is a means to connect your computer at a remote site (e.g. home) to the University network in a secure (encrypted) and authenticated (password) manner. The VPN service enables your home computer to appear as if you were directly connected to the U of S Network.


2 . How does a VPN work?

When you connect to an Internet service provider (e.g. Shaw, Sasktel or U of S), your computer is given a unique address on that provider's network and have full access to the Internet. With this access you can connect to the U of S webpages and e-mail servers, however, you will be denied access to U of S-specific services (e.g. Windows "Map Network Drive" feature on your University computer) because your computer is using an address other than a U of S network address.

Once you are connected to your Internet service provider you start up the U of S VPN service and log in using your NSID username and password. At this point a second "virtual" network interface is established over the Internet between your computer and the U of S VPN server. The server provides a U of S address for the virtual interface. From that point on any traffic from your machine to a U of S address is encrypted and sent over the Internet to the U of S VPN server where it is decrypted and sent to the appropriate U of S service.


3 . Why is a VPN necessary?

Computers communicate via ports. For example, Port 139 NetBIOS is used for all Windows file and printer sharing. This is a dangerous port on the Internet and the site for common hostile scans, worms, and attacks. To ensure a secure and reliable network, Feb 10, 2003, ports 135, 137-139 and 445 were blocked at the U of S campus border. The decision to block these ports was made in consultation with the IT Risk Management Committee and ITC. Port blocking will improve the security on the campus network; however, it may affect the tasks of some faculty and staff. If you have an off-campus computer that connects to on-campus Windows shares (e.g., Windows "Map Network Drive" feature, directories, files, or printers) or log in to Windows boxes on campus--from off campus you will not be able to do this. You will need to use the U of S VPN to securely access those files from your home (off-campus locations).


4 . What operating systems are supported?


5 . What VPN client software is supported?

The University is using the Cisco VPN client. Because of current limitations in the VPN equipment at the University, no other clients or VPN technologies can be supported at this time. More options maybe provided in the future.


6 . Can I use the VPN Service for personal use?

No. The U of S VPN Service is restricted to faculty and staff who have specific work-related needs.


7 . How do I use the VPN software on my home computer?

There are five steps to use VPN software:

1. Ensure your home computer is secure. Failure to address these areas leaves your computer and the campus vulnerable to attack:

All user accounts on your computer (e.g., Admin, Guest, etc.) must have passwords.
Your computer should have up-to-date virus software.
Ensure your Windows software is updated with service packs and security patches.

2. Know your Network Services ID username and password.

3. Contact your local college IT support staff to have your NSID enabled for the VPN service.

4. Download and install the U of S VPN client software.

5. Connect to the U of S VPN service, tunnel.usask.ca, using your NSID username and password.


8 . What username and password do I use?

Use your Network Services ID username and the password every time you connect using the VPN client. If you have forgotten your password, please contact the ICT Help Desk.


9 . How do I access the Electronic Library Journals?

Please refer to the Library connect guides.


10 . What IP address will I get?

The U of S VPN service will allocate you an address from the campus network range (i.e.128.233.x.x).


11 . Can I still get to other Internet sites?

Yes the VPN Client software will only encrypt data destined for the Campus Networks, all other traffic will be untouched. You should only connect with the VPN software when you need it. You do NOT need VPN software to access campus e-mail or access to campus websites.


12 . I have connected successfully, but cannot access my files!

The VPN software provides the same level of access as provided by a computer anywhere on campus. If you could NOT access your files from other computers on campus then you will not be able to using the VPN. Sharing files on your computer increases the security risks. Please consult with your local IT support before sharing.


13 . How fast is it?

Your speed will depend on your Internet connection (e.g. Sasktel Highspeed, Shaw Cable, dialup, etc.). VPN adds a small amount of overhead to your traffic.


14 . Why does my VPN connection drop after a while?

There is a 15 minute "idle" timeout. You must use the connection at least once every fifteen minutes, or it will automatically close.


15 . Do I have to use the VPN software each time I want to access the University?

1. If you require general access to the University (e.g. browsing U of S webpages, e-mail, etc.) then you do not need to use the VPN software.

2. If you need to connect to internal resources (e.g. mounting campus file shares from your home) then you need to use the VPN software.


16 . I am using Mac OS X. I have installed the VPN client. Whenever my computer wakes from the "sleep" mode, I cannot connect to the network. What is causing this?

There is a bug in Cisco VPN version 3.7.2 which causes OS X versions 10.2.3 and later to lose the network connection when the computer goes to sleep. The computer will successfully connect to the network again if it is restarted.

 

You should remove the Cisco VPN version 3.7.2 client. Run the "Terminal" application (in the Applications/Utilities folder). Type "sudo sr/local/bin/vpn_uninstall" (without the quotes). You will be prompted for the administrator's password. Enter "yes" when asked if you wish to uninstall. After the uninstall process has completed, reboot your computer. You may have to manually delete any aliases to the client program that you placed in your dock. Download and install for Macintosh (Intel) or Macintosh (PowerPC).


17 . What about Firewalls?

Firewalls control network access to (and from) your computer. This may interfere with use of the VPN. In particular, the network traffic that you want to pass to and from the University may be blocked by your firewall. The combination of VPN and a firewall will help increase the security of your computer. As there are several types of firewalls, these will be dealt with in more depth below.

  • Other software firewalls
  • These include such programs as Zone Alarm and Kerio Personal Firewall. With these, you will need to allow connections to tunnel.usask.ca, and to 128.233.0.0/255.255.0.0 (or particular subnets of interest). Consult your firewall's documentation on how to do this.
  • Hardware firewalls
  • Very often physical devices are used to control access. These are sold as home routers and contain firewall and network address translation features. These devices will have to be configured to allow traffic to go to tunnel.usask.ca unchanged.

+ If you run IPSec on your router, you will need to turn that off.

+ You will need to enable access to port 10000 on tunnel.usask.ca.