PA VPN Setup
Written by Todd Green   
Friday, 03 February 2006 04:50

This page covers the installation and use of the client software required to use the University of Utah School of Computing Virtual Private Network (VPN) service, found at: https://vpn.cs.utah.edu .

Suggestions for additions and modifications to this page are welcome through e-mail to: .

 

Accessing Web Sites via a VPN

If you only would like to access a web site on campus that requires you to come from University IP address space, or would like your traffic to be SSL encrypted to sites which only provide HTTP access, please use the campus WebVPN with your uNID. After authenticating there will be a text input box where you can enter the URL.

 

No client installation is required. If you would like full VPN access for all networking traffic, please read on.

 

Accessing the School of Computing's VPN

Currently the School's VPN is provided by the Global Protect Client of our Palo Alto Firewall.  There are clients for Windows, Mac OS X, and Linux.  To download a client go to https://vpn.cs.utah.eduand login with your SoC Active Directory username and password.  After installing the client you have three portals to choose from depending on how you'd like to tunnel your traffic:

  1. vpn-world.cs.utah.edu - Tunnel all traffic through the VPN
  2. vpn-uofu.cs.utah.edu - Tunnel only University of Utah traffic through the VPN
  3. vpn-soc.cs.utah.edu - Tunnel only School of Computing traffic through the VPN

 

vpn.cs.utah.edu is an alias for vpn-uofu.cs.utah.edu

 

Using native IPsec clients with PSK (Pre-Shared Key)

While not officially supported, you may use your native IPsec client to access the VPN (Mac OS X, Apple iOS, Android etc.)  Windows' client is not a pure IPsec client and is not supported at all.  The PSK information is available after you authenticate with the VPN.  Android must be at least version 4.0.3, and some kernels with 4.0.3 have a bug that cause it to not work with IPsec.

 

Issues with the Latest High Sierra (MacOS) Release

In the latest versions of Mac OS X, Apple Computer has changed how kernel modules are loaded.  In short, Apple has an approved list of drivers and the Palo Alto Global Protect driver is not on that list.  Fortunately, adding your own driver to the approved lists is a simple task:

 

  1. Boot into Recovery Mode.  (Usually this is performed by holding down ⌘-R as the machine boots.)
  2. Open a terminal in Recovery mode.
  3. Enable Palo Alto's key by entering: "spctl kext-consent add PXPZ95SK77" in the terminal.
  4. Reboot.

 You will only have to perform this task one time.  The Palo Alto driver will be recognized from that point on.