Posted April 3, 2012
- What is the VPN and why do you need it?
- Network Connect Configuration
- Terminal Services Configuration
- Using the VPN to download anti-virus while off-campus
- Known Issues
The University has installed a SSL VPN server to provide secure communications from sites outside of the university network (dial-up ISP, broadband ISP). VPN will provide access to services that may not be accessible from the outside, such as Outlook, Windows file sharing and Library resources.
The VPN is located online at https://vpn.uconn.edu
The VPN has 2 levels of functionality: Core Applications and Advanced Applications.
Core Applications can be access directly through the VPN browser. These applications are available to any operating system and all necessary software is run directly in the browser. These Core Applications are:
- Windows file access through your web browser
- Web Bookmarks
- Windows Terminal Service
Advanced Applications are not run through the VPN browser and rely on having the Network Connect client and a working Java runtime environment installed. The Network Connect client exists for Windows, Mac OS X, and Linux and needs to be installed locally. The first time you use Network Connect, you will need to follow the on-screen instructions to install the client, accepting any software that is published by Juniper Networks or trusted by the University of Connecticut. Please note that popup blocking software may interfere with the installation process of Network Connect; it is recommended that you allow popups from vpn.uconn.edu or, alternatively, temporarily disable such software.
Full VPN functionality supporting both core and advanced applications requires an operating system with a compatible browser and an installed, working, Network Connect client.
In order to access the VPN, visit https://vpn.uconn.edu and log in with your NetID and password. To enable the advanced functionality, click the ‘Start’ button next to the Network Connect icon at the bottom of the VPN menu. Once Network Connect is running, you should not use the browser provided by the VPN – instead, open a new browser or your other client side applications.
The Information Security Group highly recommends use of the Network Connect client for the most seamless user experience.
The Network Connect application is configured to work specifically based on the network you are connecting from. There are 2 specific configurations (on-campus, off-campus), explained in detail below.
- Using Network Connect from on-campus
- An on-campus network is defined as one of the following networks/network ranges
- UConn Wired Network –126.96.36.199 –188.8.131.52
- UConn Public Wireless Network –10.120.0.0 –10.120.255.255
- UConn Secure Wireless Network –184.108.40.206 – 220.127.116.11
When connecting from the above networks Network Connect is configured to:
- Send all traffic destined for a host on / inside the UConn network through the VPN Network Connect virtual interface
- Send all traffic destined for a host on the Internet / outside the UConn network through the physical network interface
This policy is configured to allow access to internal resources, such as Microsoft Exchange, when a user is logged onto the VPN; but all of the Internet access policies are still enforced.
Using Network Connect from Off-Campus
An off-campus network is defined as any network not specifically defined above as an on-campus network.When connecting from an off-campus network the Network Connect application is configured to:
- Send all traffic destined for any host through the VPN Network Connect virtual interface.
The Network Connect application is configured to be the primary interface so that all UConn resources are accessible to users from home, this includes:
- Access to all hosts on UConn networks
- Access to all hosts on the Internet that may normally only be accessible if you were physically present on the UConn campus (eg. External library databases)
Due to large volume of Remote Desktop Protocol (RDP) targeted attacks and the recent RDP vulnerability patched by Microsoft, the University has decided to block direct RDP access to computers on campus. Users may still gain access to their computers on the UConn network by using the VPN. For Windows users, the VPN offers Terminal Services, an application which allows the user to securely connect to their remote computers on the UConn Network.
To access the VPN’s Terminal Services advanced application, navigate to the Terminal Sessions menu
- Session Type – Select “Windows Terminal Service”.
- Bookmark Name – Enter a name for the session.
- Description – Enter a description for the session.
- Host: Enter name or IP address of remote host.
- Note: If you are unsure what the IP address for the computer you wish to start a terminal session for, you may find your IP address from the following http://myip.uconn.edu/
- Client Port / Server Port: Enter the port number here if you are not using the standard RDP port.
- Screen Size: Select a screen size.
- Color Depth: Select a color depth (note that slower connections may want to limit the color depth).
- Username: Enter local login username used on remote machine.
- Password: This may be left blank if you wanted to be prompted for authentication. Note: If you have network level authentication, insert your password here.
- Connect Devices: (optional)
- Display Settings: Check all that you wish to be applied to the session.
- Host: Enter name or IP address of remote host.
Click the “Add” button to create your terminal session.
- Network 101
- When you are connected to the UConn network your computer has (at least) one physical network interface, commonly referred to as a Network Interface Card (NIC). This is either the port where you connect the network cable, or the wireless card in the computer. When you launch the Network Connect application your computer is automatically configured with an additional virtual interface, used for VPN functionality. When a computer has 2 active interfaces, a routing table must be created so that the computer knows how to send traffic to other hosts on the network from either interface.
You must log into the VPN if you want to download Symantec Anti-Virus software while off-campus . The following direction will get you started:
- Please visit https://vpn.uconn.edu and log in with your NetID and password.
- Click the ‘Start’ button next to the Network Connect icon. This will launch (and install if necessary) the Juniper software
- You may get a message about installing Active X, please make sure that this is installed successfully.
- Once you have successfully connected to VPN, you should see a gold lock in your task bar.
- Once Network Connect is running, you should not use the browser provided by the VPN – instead, open a new browser.
- From the new browser session, go to http://antivirus.uconn.edu/ and click on the link for the appropriate operating system you own.
- Choose to save this file to your computer desktop.
- You will need to uninstall any other antivirus software currently installed on your computer.
- Install the Symantec AntiVirus software.
- Internet Explorer
The following is a list of problems that users are expected to encounter:
All Operating Systems:
- Browser-based popup blocking software may interfere with the installation of Network Connect. To avoid this possibility, allow popups for vpn.uconn.edu or temporarily disable popup blocking.
- New faculty who are able to successfully access HuskyPC, HuskyMail, and other NetID based services may have having difficulty logging into the VPN (invalid password, etc). If this occurs, please visit reset your password by visiting https://netid.uconn.edu/ResetPassword/