|
This page covers the installation and use of the client software required to use the University of Utah School of Computing Virtual Private Network (VPN) service, found at: https://vpn.cs.utah.edu . Suggestions for additions and modifications to this page are welcome through e-mail to:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
Accessing Web Sites through the VPN If you only would like to access a web site on campus that requires you to come from University IP address space, or would like your traffic to be SSL encrypted to sites which only provide HTTP access, you can simply go to https://vpn.cs.utah.edu and enter your SoC username Active Directory (Windows) password. After authenticating there will be a text input box where you can enter the URL. If you are using a web browser that requires the root cert be trusted, such as IE, please install the UofU's root cert: http://www.it.utah.edu/services/networking/UofU_Public_CA_Cert.cer and the SoC's root cert: http://www.cs.utah.edu/soc.cer. Otherwise if your brower pops up a security alert asking you to trust the certificate, please do so. No client installtion is required. If you would like full VPN access for all networking traffic, please read on.
Obtaining the Client and Login Information
The first step is to download the appropriate client for your system. If you are running Linux, please proceed to the the Linux Client Installation and Use section. If you are running Windows or MacOS X, their clients are available simply by pointing your browser to https://vpn.cs.utah.edu and selecting the client for your operating system. When you access the VPN Web page, you will be prompted for your username and password. Use your School of Computing Active Directory (Windows) account username and password to login. Once you are on the system, you can download the client required for your computer by clicking on the appropriate choice on the main page. After you have downloaded the client, click on VPN Group Name and Password on the VPN Web page, to obtain the group name and password required for the VPN client to connect.
Windows Client Installation and Use After you have downloaded the Windows VPN client, double click on the it and you will be prompted for where to extract the installation files. It would be wise to use an easy to find directory, such as C:\tmp\VPN , as shown in this example. 
After the self-extracting ZIP file is processed, enter the directory you have specified for the extraction and run the vpnclient_setup.exe application. The installer will prompt for license acceptance and installation destination. It is recommended to use the default setting: C:\Program Files\Cisco Systems\VPN Client\ 
You can use any text that you wish for the Connection Entry and Description fields. You must enter vpn.cs.utah.edu in the Host field. Make sure that the Group Authentication button is selected and enter in the Group name and Password that you obtained from the previous step into the appropriate fields. Be sure that the Password and Confirm Password fields match. You will not need to change any other settings for the client to connect to the School of Computing VPN server. Once you have at least one connection entry established, the VPN client will display it's standard start screen each time it is run. 
To connect to the School of Computing VPN, simply select the connection entry in the list and click on the Connect button at the top of the window. You will be prompted for your personal login information. As with the VPN Web site, use your School of Computing Windows user name and password. 
You should now be connected to the VPN server. You can tell the status of the client on the taskbar, where a small yellow padlock icon should appear. If the padlock icon is in a locked position, you are connected and running network traffic across the VPN. If the padlock icon is open, you are not connected. If you encounter any difficulties or have addition questions about this process, please contact our support staff at
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
. Macintosh Client Installation and Use The Macintosh OSX client comes as a disk image, which is standard for Macintosh software installs. Once downloaded, that image should automatically be mounted and you should be able to look at its contents. 
Double-click on the icon for Cisco VPN Client.mpkg which should launch the installer application. The installer will prompt for you to agree to the license, and once you click through a couple of agreements, you will be asked to select a location to install the software. Select the hard disk of your machine. 
Then you will be prompted for your username and password (or for any admin account on your Mac), and the install should run and complete. When the installation is finished, you will need to launch the client from your Applications folder. 
The first time you run the client, click on the icon for creating a new connection, and fill in the details: This can be any string, although some characters are not allowed (I have have run into problems with spaces in this entry, which I believe is a bug). SoC is a good recommended value. Again, this can be anything you like- it is just there to help you distinguish between different connections, if you use this VPN client for more than one location. This must be vpn.cs.utah.edu Make sure this is checked, and fill in the name and password you got above for information on how to obtain the VPN Group Name and Password.) Please note that this information has intentionally been left out of the image below. You will not need to change any other settings for the client to connect to the School of Computing VPN server 
To connect to the School of Computing VPN, simply select the connection entry in the list and click on the Connect button at the top of the window. You will be prompted for your personal login information. As with the VPN Web site, use your School of Computing Windows user name and password. 
You should now be connected to the VPN server. You can tell the status of the client at the bottom of the VPN Client window. To disconnect from the VPN, just click on the disconnect icon. If you encounter any difficulties or have addition questions about this process, please contact our support staff at
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
. LINUX Client Installation and Use
The best support found to date for using the VPN system with Linux, is in the vpnc client. Installed by default on many distributions, use your package manager to install the vpnc package if it is not already present. If your distribution does not have a package available, the source can always be obtained at http://www.unix-ag.uni-kl.de/~massar/vpnc/ . Compiling the software is beyond the scope of this documentation. Please refer to the software README for further information on compiling vpnc. The default location for the configuration files for vpnc is /etc/vpnc/. You can have any number of configuration files you wish. Our example files are located by going to https://vpn.cs.utah.edu and clicking on "Linux VPNC Configuration Files". This is a gzip'd tar file which should be extracted by running the following as root: cd /etc/vpnc
tar zxvf /path/to/vpnc-conf.tgz
Choose which config file you wish to use based on your tunneling needs. Descriptions of the tunneling options are available by following the "VPN Group Name and Password" link on the same page where you downloaded the config files. Typically, you will only need to edit the "Xauth username" entry to work with our system. Replace "replace_this_with_your_SoC_username" with your SoC username and you should be set. Once you have changed the username in the configuration file, you can call that configuration file and connect to the VPN system using vpnc-connect /etc/vpnc/my_config.conf
where "my_config.conf" is the name of your chosen configuration file. This should be run as root and if vpnc isn't in your path you'll need to specify the full pathname to the binary or add it to your path. The default SuSE location is /usr/sbin/vpnc-connect. VPNC should make the connection and prompt you for your password. Use your Active Directory (Windows) password. VPNC will automatically set the default route for the system to run through the VPN server. When you wish to disconnect from the VPN system, use The VPN connection will be dropped and your system's previous default route will be restored. NOTE: Some Linux distributions do not use the vpnc-connect script, but instead call vpnc directly instead. Note also that you will need to change or disable any iptable or ipchain firewalls running to allow for the new network settings. Another issue which has cropped up, is that VPN files can have different formatting. For example, the University of Utah's primary VPN system uses .pcf files, rather than the standard VPN formatted files. In order to use them with VPNC, you need to obtain the Perl script, pcf2vpn, found at http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc, which can convert the formats back and forth. Wireless Network (802.11) Connetions
If you need access to the school's internal resources from an outside wireless network, such as the secure.utah.edu or insecure.utah.edu wireless networks, you will need to use the VPN system to do so. |