ADCS Home > Software > VPN

VPN at the University: Frequently Asked Questions.

The University supports VPN client software that is compatible with its servers and routers.

When to use VPN | General | Versions | More documentation

When should you use VPN?

If both these connection and data conditions apply, then you need the security offered by VPN.

1. The connection:

• you are using a wireless connection on campus
• you are connecting to the University from a non-University of Minnesota ISP (Internet Service Provider), such as through AOL or MSN
• you are connecting from campus locations on the Morris, Crookston, and Duluth coordinate campuses and need to access PeopleSoft (or, more rarely, you are connecting from a Twin Cities department that is not directly connected to the University's backbone Ethernet service and connects to the University's backbone through a departmentally managed LAN). February 2003 Peoplesoft note: previously departments in these situations used "Citrix" to connect to PeopleSoft; those with Citirx client software can no longer connect to OIT's Citrix server.

2. The data/information: you will, or might, transmit sensitive data such as passwords, credit card information, social security numbers or any confidential information by any means while connected to the Internet; you need access to restricted University resources.

I know I should use VPN, but I am confused about when I should start it up.

1. First: connect to the Internet as usual from your non-University ISP. For example, cable and DSL modem users are usually already connected; while those who have traditional modem access must dial up first.
2. Then: once you have successfuly connected to the Internet, start up the VPN client software and use it to connect to the University's VPN server.
3. Disconnect: security software such as VPN places greater demands on your system, often resulting in slower performance. If you no longer need the security VPN offers, disconnect from the VPN server.

[VPN home]

General

• How does it work?
  Briefly, the software allows your computer to connect to a University of Minnesota VPN server and appear to the U's network as though you are inside the network and directly attached to it even though you are not using a University Ethernet connection or a UM modem pool connection.

• Does VPN offer virus protection?
  No. VPN provides security by encrypting and decrypting data that passes through a VPN connection; it does not offer protection from viruses or other malware.

• Will other VPN clients work?
  Other non-Cisco clients may work. However, we support only the VPN client software that we distribute.
• What about PDAs or pocket PCs?
  Cisco does not currently have any plans for a VPN Client for these products.

• What about certificates?
  The VPN 3000 client does not need a digital root certificate.
  
  
• Firewalls
  Firewalls can filter or prohibit VPN traffic.
  • You may have to reconfigure or turn off your firewall to allow VPN traffic
  • If you are running a firewall, NTS recommends that you let the firewall pass protocol 50 (ESP) and allow port 500 to allow IPSEC to work.

  • Red Hat Linux users: Red Hat Linux has relatively tight IP firewalling that prevents the VPN client from properly functioning. If your VPN client on 'vpnclient connect' replies with 'Remote peer is no longer responding', shut down your ip tables support (/etc/init.d/iptables stop) and try 'vpn connect' again.

     /sbin/iptables -A INPUT -p udp -m udp --dport 500 -j ACCEPT
    

    You can put the above rules in /etc/sysconfig/iptables, but there is supposed to be a better method of injecting this change: something with iptables-restore, etc., and the use of /sbin/service. Once the above line is in /etc/sysconfig/iptables, start up the firewall support again (/etc/init.d/iptables start).
• Proxy servers
  Some proxy servers may interfere with VPN's need to establish a one-to-one relationship between
  the client computer and the server.

• NAT: Network Address Translators
  Because NAT implementations vary, you may need to turn it off when you are accessing the University's VPN server.
• What about server names?
  The Windows VPN 3000 client has been customized to include the server name. For those who need to enter the server name, it is: tc-vpn-1.umn.edu
  
  

[VPN home]

Versions

• Which versions of VPN software are supported?
  Only the VPN 3000 client is supported.

• Windows XP and VPN 3000
  Answers to questions some XP users may encounter when they install the VPN 3000 client:
  
  
  1. XP logo reference:
     "The software you are installing . . . has not passed Windows Logo testing to verify its compatibility with Windows XP." Answer: choose Continue until it stops prompting.
  2. IPSec Policy Agent question:
     "The VPN client cannot be installed if the Windows IPSec Policy Agent is enabled . . . Do you want the installer to disable the IPSec Policy Agent?" Answer: choose "Yes" to disable the agent and to proceed with the installation.

• Upgrading from VPN 5000 to VPN 3000
  Upgrading and installing is easier: Windows users will find that the VPN 3000 install wizard recognizes some older versions of the VPN software and will even automatically offer to uninstall the older version. For Windows users installing and configuring VPN 3000 is much simpler than setting up the older VPN 5000 client. There are fewer steps and fewer customized settings that users must enter or select; for example, in the new VPN 3000 client the host/server information is pre-configured to an appropriate address; you will not need to change it. (By contrast, the older version 5000 required you to enter server names.)

[VPN home]

More documentation

Please visit the Download section of the main VPN page for installation and user guides.