Frequently Asked Questions About VPN

Introduction

The following is a list of frequently-asked questions about Virtual Private Networks (VPN).

Questions & Answers

What is a VPN?

A Virtual Private Network (VPN) provides an encrypted connection (secure tunnel) from outside networks or Internet Service Providers (ISPs) to the UNC-Chapel Hill internal network. UNC has installed a Cisco VPN concentrator that allows authorized users to access network resources from off campus using an ISP dial-in, DSL or cable modem service with Onyen authentication. You can work securely, just as if you were physically on campus.

The VPN application is used to gain a secure connection to the UNC network, which allows access to network resources that have been restricted to only allow connections for on campus computers. Unless you are running the Cisco VPN client you will not be able to use any UNC network resource.

Why should I use the VPN?

Some services require the user to have an on-campus IP address/unc.edu domain name to work correctly. Connecting to campus via an Internet Service Provider does not give your computer a campus address. However after establishing the VPN tunnel, your computer is assigned a campus IP address with a .unc.edu host name. You then have access to the same services that you can only use on campus.

The Cisco VPN client gains a secure connection to the UNC network. Once this connection has been granted, you can then use Remote Desktop (RDP), open network shares, or print to network printers as if you were on campus. The Cisco VPN client is only for gaining secure access to the network. If you are trying to use Remote Desktop (RDP) to connect to your office computer, you will need to connect with the Cisco VPN client before you will be able to use RDP.

How do I obtain and install the VPN?

How do I uninstall old versions of the VPN?

Who should use the VPN?

You should use the VPN if you are off-campus and need to access departmental servers and/or services that require a campus IP address. For example, you can access the library's e-journals by using the VPN without configuring your browser to work with the library's proxy server. A VPN connection is also required to use Remote Desktop (RDP) to connect to campus computers and to print to on-campus printers from off-campus. You should also use the VPN if you need to comply with federal regulations regarding data confidentiality.

Can I use the VPN on campus?

No. The VPN will not work on campus.

Can I get a static IP address?

The VPN concentrator assigns campus IP address from pools - just like DHCP. There is currently no way to assign a static address to a connection on the VPN concentrator.

How does a VPN work with my computer?

The VPN client software is installed on your home computer or laptop. After you connect to the on-campus VPN Concentrator, the software client creates a secure tunnel. UNC uses Cisco Unified VPN Clients which can be used on Windows, Mac OS X, Solaris, and Linux. You will be required to authenticate with your Onyen and password.

Can I still connect to sites outside of UNC-Chapel Hill's network with the VPN?

Currently only the Cisco IPSec client supports the split tunneling feature which sends only the communications that go directly to campus through the tunnel and lets other traffic go elsewhere directly. You will still be able to connect to sites outside of UNC, though you will not be protected with the strong encryption tunnel.

Will the VPN Client work on my Operating System?

The Cisco VPN client will work on Windows, Linux, Solaris, and Mac OS X.

There is a fundamental problem with using the Cisco VPN client on Windows XP. We recommend that you install at least Service Pack 1 before installing the VPN client. Please refer to Microsoft's Announcement for more information.

Some individuals have also noticed that the Cisco VPN client that ITS currently supplies via shareware.unc.edu will not build against newer 2.6-based Linux kernels.

Can I use an alternative to the Cisco VPN Client?

Unfortunately only clients that support split tunneling and the encryption protocol used on the Cisco VPN client will work. This means that most available alternatives, like the Microsoft VPN Client, are ineffective. Currently we only provide support for the Cisco VPN client.

Will I notice a difference in my network connection?

No, the split tunneling feature allows seamless connections to both on and off campus resources. The VPN Dialer software will minimize to your system tray after you successfully authenticate.

Can I use two VPN Clients at the same time?

No. If you have two Cisco clients installed and try to open a second instance, you will simply see the connection window. You can only have one IPSec connection at a time. Beginning a second instance of the client for Linux or Solaris will yield the following error message: A connection already exists. You will need to disconnect before making a new connection.

I changed my Onyen password and now I can no longer log into the VPN Client. What do I do?

To eliminate a saved password, you need to modify the connection entry profile; use the following procedure:

1. Select a connection entry in the display underneath the Connection Entries tab.

2. To modify the selected connection entry, do one of the following actions:

  • Display the menu and choose Modify.
  • Click the Modify icon on the toolbar above the Connection Entries tab.
  • Right-click the selected entry and choose Modify from the menu.

3. Click Erase User Password.

4. To save your changes, click Save, or to cancel your changes, click Cancel.

Note:
If you get a failed-to-authenticate message, you should enable Erase User Password on the VPN Client and verify that your password is valid. When you attempt to connect, the VPN Client prompts you to enter your password.

With Erase User Password in effect, the next time you connect, the authentication dialog box prompts you to enter your password.