Virtual Private Network Connection

From ITwiki

(Difference between revisions)
Jump to: navigation, search
m (Split Tunnelling section)
(Setup)
(41 intermediate revisions not shown)
Line 1: Line 1:
-
{{Deprecated}}[[Category:Networking]]
+
[[Category:Networking]]
==When and Why to use a VPN connection ==
==When and Why to use a VPN connection ==
-
A VPN connection is used to encrypt all or part of your Internet traffic or to access services that are only available via the Stevens campus network when you are not on campus (the Library databases are an example of this type of service).  You want to encrypt your traffic when sending/receiving sensitive data and/or the security of your local connection to the Internet is unknown or questionable; such as WiFi in a cyber cafe, airport, or hotel.  You cannot use a VPN connection to the Stevens VPN server while on campus, therefore you can not test while on campus.  Therefore, it is suggested you follow the implementation instructions when off campus and contact, the Information Technology Help Desk via a phone call to set-up and test your VPN connection if you bring your machine to them.  You do not need to use a VPN connection when sending email, if your email client is setup using authenticated SMTP.
+
'''Note: VPN is no longer necessary to access Library Databases.  Please refer to [[Library database]]'''
-
There are two setups possible when using the VPN server. The first is where all your traffic is encrypted and passes (tunneled) through Stevens, referred to as  “tunnel all traffic”.  The other is called “split tunnel”.  A “split tunnel” is where only traffic destined for Stevens is actually sent via the encrypted tunnel to Stevens.  Each setup has its benefits.  The “tunnel all traffic” must be used to access the library databases that require access via a Stevens network address and could/should be used when connecting to the Internet via a public WiFi where a malicious user may be looking at your traffic (sniffing).  The down side is that all your traffic gets sent to Stevens and therefore your Internet browsing will be slower and other applications will be slower and /or may not work.  Split tunnel is appropriate when you are at home or on a trusted network and would like to access certain restricted Stevens services that require you to be on the campus network to access.  An example of this would be using your network storage on storage01.
+
 
-
How do you know when to use which type of VPN:
+
A VPN connection is used to encrypt all or part of your Internet traffic or to access services that are only available via the Stevens campus network when you are not on campus (access to the Storage01 share server is an example of this type of service).  You want to encrypt your traffic when sending/receiving sensitive data and/or the security of your local connection to the Internet is unknown or questionable; such as WiFi in a cyber cafe, airport, or hotel.  You cannot use a VPN connection to the Stevens VPN server while on campus, therefore you can not test while on campus.  It is suggested you follow the implementation instructions when off campus, and contact the Information Technology Help Desk via a phone call to set-up and test your VPN connection.  You do not need to use a VPN connection when sending email, if your email client is setup using authenticated SMTP.
 +
 
 +
There are two setups possible when using the VPN server. The first is where all your traffic is encrypted and passes (tunneled) through Stevens, referred to as  “tunnel all traffic”.  The other is called “split tunnel”.  A “split tunnel” is where only traffic destined for Stevens is actually sent via the encrypted tunnel to Stevens.  Each setup has its benefits.  The “tunnel all traffic” method should be used when connecting to the Internet via a public WiFi where a malicious user may be looking at your traffic (sniffing).  The down side is that all your traffic gets sent to Stevens and therefore your Internet browsing will be slower and other applications will be slower and /or may not work.  Split tunnel is appropriate when you are at home or on a trusted network and would like to access certain restricted Stevens services that require you to be on the campus network to access.  An example of this would be using your network storage on storage01.  
 +
How do you know when to use which type of VPN?:
* First are you using a campus resource that requires a VPN connection?  If you are, then ask yourself, do you trust the security of the local network that you are using to connect to the Internet?   
* First are you using a campus resource that requires a VPN connection?  If you are, then ask yourself, do you trust the security of the local network that you are using to connect to the Internet?   
** If you trust the local network, use a split tunnel.
** If you trust the local network, use a split tunnel.
** If you do not trust the local network, tunnel all traffic
** If you do not trust the local network, tunnel all traffic
-
* If you are not using a campus resource and you do not trust the local network and you are going do some on-line banking, ordering or exchanging personal data, on a web site shat does not sue secure certificates (SSL) be more secure and use the Stevens VPN to tunnel all traffic   
+
* If you are not using a campus resource and you do not trust the local network and you are going do some on-line banking, ordering or exchanging personal data, on a web site that does not utilize secure certificates (SSL) be more secure and use the Stevens VPN to tunnel all traffic   
-
 
+
If you are not using a VPN required resource or you are not actively sending or receiving sensitive data you should not be connected via VPN to campus.  Type of VPN connection guidelines:
-
Which type of VPN connection to use, here are some guidelines.  (If you are not using a VPN required resource or you are not actively sending or receiving sensitive data you should not be connected via VPN to campus)
+
== Split Tunneling ==
== Split Tunneling ==
 +
The following table should be used to decide if you can use Split Tunneling or not.
 +
{| class="wikitable"
 +
|- align="center"
 +
! Description || Using a VPN required campus resource || Trusted local network || Type of VPN connection to use
 +
|- align="center" bgcolor="#AFDCEC"
 +
| '''Using [[Library Databases|Library Database]] (No longer necessary) || Yes || Does not matter || Tunnel All Traffic
 +
|- align="center"
 +
| '''Home on a wired connection and need access to network storage || Yes || Yes || Split Tunnel
 +
|- align="center" bgcolor="#AFDCEC"
 +
| '''Home on a securely set up wireless connection || Yes || Yes || Split Tunnel
 +
|- align="center"
 +
| '''Home on an insecurely set up wireless connection'''|| Yes || No || Tunnel All Traffic
 +
|- align="center" bgcolor="#AFDCEC"
 +
| '''Hot spot, convention, or other unknown/public local network''' || Yes || No || Tunnel All Traffic
 +
|- align="center"
 +
| '''Home on a wired connection''' || No || Yes || No VPN required
 +
|- align="center" bgcolor="#AFDCEC"
 +
| '''Home on a securely setup wireless connection || No || Yes || No VPN required
 +
|- align="center"
 +
| '''Home on an insecurely set up wireless connection'''|| No || No || Setup your wireless connection securely and<br />VPN will not be required
 +
|- align="center" bgcolor="#AFDCEC"
 +
| '''Hot spot, convention, or other unknown/public local network || No || No || Tunnel All Traffic
 +
|}
==Setup==
==Setup==
We recommend that you setup both the “Tunnel All Traffic” and the “Split Tunnel” VPN profiles, it only take a few minutes and once you have setup the first one the second goes faster.
We recommend that you setup both the “Tunnel All Traffic” and the “Split Tunnel” VPN profiles, it only take a few minutes and once you have setup the first one the second goes faster.
 +
 +
===Configure VPN automatically===
 +
 +
* [[Web VPN|Windows - Chrome]]
===Configure your computer to Tunnel All Traffic===
===Configure your computer to Tunnel All Traffic===
Line 23: Line 52:
In order to connect to the Stevens VPN, please follow the directions for your operating system below.
In order to connect to the Stevens VPN, please follow the directions for your operating system below.
-
* [[HD: VPN on Windows Vista Tunnel All Traffic|Windows Vista Tunnel All Traffic]]
+
* [[VPN on Windows 7 - Tunnel All Traffic|Windows 7]]
-
* [[HD: VPN on Windows XP Tunnel All Traffic|Windows XP Tunnel All Traffic]]
+
* [[VPN on Windows Vista - Tunnel All Traffic|Windows Vista]]
-
* [[HD: VPN on Mac OS X Tunnel All Traffic|Mac OS X (Tiger and Leopard) Tunnel All Traffic]]
+
* [[VPN on Windows XP - Tunnel All Traffic|Windows XP]]
-
* [[HD: VPN on Linux Tunnel All Traffic|Linux Tunnel All Traffic]]
+
* [[VPN on Mac OS X (Snow Leopard) - Tunnel All Traffic|Mac OS X 10.6 (Snow Leopard)]]
 +
* [[VPN on Mac OS X (Leopard) - Tunnel All Traffic|Mac OS X 10.5 (Leopard)]]
 +
* [[VPN on Mac OS X (Tiger) - Tunnel All Traffic|Mac OS X 10.4 (Tiger)]]
 +
* [[VPN on Linux - Tunnel All Traffic|Linux]]
 +
* [[VPN_on_iPhone_-_Tunnel_All_Traffic|iPhone]]
 +
* [[VPN on Android 4.X_-_ Tunnel all Traffic|Android 4.X]]
=== Configure your computer to connect using Split Tunneling ===
=== Configure your computer to connect using Split Tunneling ===
-
'''If you are trying to access the Library Databases, do NOT use Split Tunneling'''
 
-
In order to connect to the Stevens VPN using split tunneling, please follow the directions for your operating system below.
+
* [[VPN on Windows 7 - Split Tunneling|Windows 7]]
 +
* [[VPN on Windows Vista with Split Tunneling|Windows Vista]]
 +
* [[VPN on Windows XP with Split Tunneling|Windows XP]]
 +
* [[VPN on Mac OS X (Snow Leopard) with Split Tunneling|Mac OS X 10.6 (Snow Leopard)]]
 +
* [[VPN on Mac OS X (Leopard) with Split Tunneling|Mac OS X 10.5 (Leopard)]]
 +
* [[VPN on iPhone with Split Tunneling| iPhone]]
-
* [[HD: VPN on Windows Vista with Split Tunneling|Windows Vista with Split Tunneling]]
+
=== VPN Troubleshooting ===
-
* [[HD: VPN on Windows XP and 2000 with Split Tunneling|Windows XP and 2000 with Split Tunneling]]
+
* [[VPN Troubleshooting]]
-
* [[HD: VPN on Mac OS X with Split Tunneling|Mac OS X (Tiger and Leopard) with Split Tunneling]]
+
-
* [[HD: VPN on Linux with Split Tunneling|Linux with Split Tunneling]]
+

Revision as of 13:52, 30 July 2013

Contents

When and Why to use a VPN connection

Note: VPN is no longer necessary to access Library Databases. Please refer to Library database

A VPN connection is used to encrypt all or part of your Internet traffic or to access services that are only available via the Stevens campus network when you are not on campus (access to the Storage01 share server is an example of this type of service). You want to encrypt your traffic when sending/receiving sensitive data and/or the security of your local connection to the Internet is unknown or questionable; such as WiFi in a cyber cafe, airport, or hotel. You cannot use a VPN connection to the Stevens VPN server while on campus, therefore you can not test while on campus. It is suggested you follow the implementation instructions when off campus, and contact the Information Technology Help Desk via a phone call to set-up and test your VPN connection. You do not need to use a VPN connection when sending email, if your email client is setup using authenticated SMTP.

There are two setups possible when using the VPN server. The first is where all your traffic is encrypted and passes (tunneled) through Stevens, referred to as “tunnel all traffic”. The other is called “split tunnel”. A “split tunnel” is where only traffic destined for Stevens is actually sent via the encrypted tunnel to Stevens. Each setup has its benefits. The “tunnel all traffic” method should be used when connecting to the Internet via a public WiFi where a malicious user may be looking at your traffic (sniffing). The down side is that all your traffic gets sent to Stevens and therefore your Internet browsing will be slower and other applications will be slower and /or may not work. Split tunnel is appropriate when you are at home or on a trusted network and would like to access certain restricted Stevens services that require you to be on the campus network to access. An example of this would be using your network storage on storage01. How do you know when to use which type of VPN?:

  • First are you using a campus resource that requires a VPN connection? If you are, then ask yourself, do you trust the security of the local network that you are using to connect to the Internet?
    • If you trust the local network, use a split tunnel.
    • If you do not trust the local network, tunnel all traffic
  • If you are not using a campus resource and you do not trust the local network and you are going do some on-line banking, ordering or exchanging personal data, on a web site that does not utilize secure certificates (SSL) be more secure and use the Stevens VPN to tunnel all traffic

If you are not using a VPN required resource or you are not actively sending or receiving sensitive data you should not be connected via VPN to campus. Type of VPN connection guidelines:

Split Tunneling

The following table should be used to decide if you can use Split Tunneling or not.

Description Using a VPN required campus resource Trusted local network Type of VPN connection to use
Using Library Database (No longer necessary) Yes Does not matter Tunnel All Traffic
Home on a wired connection and need access to network storage Yes Yes Split Tunnel
Home on a securely set up wireless connection Yes Yes Split Tunnel
Home on an insecurely set up wireless connection Yes No Tunnel All Traffic
Hot spot, convention, or other unknown/public local network Yes No Tunnel All Traffic
Home on a wired connection No Yes No VPN required
Home on a securely setup wireless connection No Yes No VPN required
Home on an insecurely set up wireless connection No No Setup your wireless connection securely and
VPN will not be required
Hot spot, convention, or other unknown/public local network No No Tunnel All Traffic

Setup

We recommend that you setup both the “Tunnel All Traffic” and the “Split Tunnel” VPN profiles, it only take a few minutes and once you have setup the first one the second goes faster.

Configure VPN automatically

Configure your computer to Tunnel All Traffic

In order to connect to the Stevens VPN, please follow the directions for your operating system below.

Configure your computer to connect using Split Tunneling

VPN Troubleshooting

Personal tools