Virtual Private Network Connection

From ITwiki

(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
{{Deprecated}}[[Category:Networking]]
{{Deprecated}}[[Category:Networking]]
-
Off-campus users needing to connect their computers to Stevens' campus network can
+
=VPN=
-
make Virtual Private Network (VPN) connections. VPN is a way to virtually become part
+
-
of the Stevens network while using your Internet Service Provider (ISP) to access the
+
-
Internet. VPN uses functions such as "tunnelling" through a firewall to maintain security
+
-
and encryption of data. Note: Effective as of September 8, 2003, you must use your
+
-
Stevens Pipeline user name and password to authenticate a VPN connection to
+
-
Stevens.
+
-
Using a VPN connection from off campus gives you remote access to the campus
+
==When and Why to use a VPN connection ==A VPN connection is used to encrypt all or part of your Internet traffic or to access services that are only available via the Stevens campus network when you are not on campus (the Library databases are an example of this type of service). You want to encrypt your traffic when sending/receiving sensitive data and/or the security of your local connection to the Internet is unknown or questionable; such as WiFi in a cyber cafe, airport, or hotel.  You cannot use a VPN connection to the Stevens VPN server while on campus, therefore you can not test while on campus.  Therefore, it is suggested you follow the implementation instructions when off campus and contact, the Information Technology Help Desk via a phone call to set-up and test your VPN connection if you bring your machine to them.  You do not need to use a VPN connection when sending email, if your email client is setup using authenticated SMTP.
-
network as though you were physically on campus. Benefits include being remotely
+
There are two setups possible when using the VPN server. The first is where all your traffic is encrypted and passes (tunneled) through Stevens, referred to as  “tunnel all traffic”.  The other is called “split tunnel”.  A “split tunnel” is where only traffic destined for Stevens is actually sent via the encrypted tunnel to Stevens.  Each setup has its benefits.  The “tunnel all traffic” must be used to access the library databases that require access via a Stevens network address and could/should be used when connecting to the Internet via a public WiFi where a malicious user may be looking at your traffic (sniffing).  The down side is that all your traffic gets sent to Stevens and therefore your Internet browsing will be slower and other applications will be slower and /or may not work.  Split tunnel is appropriate when you are at home or on a trusted network and would like to access certain restricted Stevens services that require you to be on the campus network to access.  An example of this would be using your network storage on storage01.
-
assigned a Stevens IP address; ability to [[map network drives]] such as
+
How do you know when to use which type of VPN:
-
'''\\storage01\public''', your '''\\storage01''' area, (for those
+
* First are you using a campus resource that requires a VPN connection?  If you are, then ask yourself, do you trust the security of the local network that you are using to connect to the Internet
-
who have an account on that server); ability to send email to off-campus users through
+
** If you trust the local network, use a split tunnel.
-
Stevens' [[mail]] server (called "relaying"); accessing Library databases more easily; and use
+
** If you do not trust the local network, tunnel all traffic
-
of existing network printing services.
+
* If you are not using a campus resource and you do not trust the local network and you are going do some on-line banking, ordering or exchanging personal data, on a web site shat does not sue secure certificates (SSL) be more secure and use the Stevens VPN to tunnel all traffic 
-
=== VPN connections should primarily be used in two situations ===
+
-
* When you need to do something securely on a campus server and you are on the Internet.
+
-
* When something you can do on-campus is not available remotely via your ISP.
+
-
If you are not doing the above tasks, VPN is not required.
+
-
=== Requirements ===
 
-
* Windows 2000, Windows XP, Windows Vista, MAC OSX, or Linux installed on your computer.
 
-
* A valid [[Campus Domain Account]] user name and password on Stevens' Pipeline.
 
-
* Internet Service Provider (ISP) access via dial-up, cable modem, DSL, or ISDN.
 
-
=== General Information ===
+
Which type of VPN connection to use, here are some guidelines. (If you are not using a VPN required resource or you are not actively sending or receiving sensitive data you should not be connected via VPN to campus)
-
Outgoing VPN connections (from within Stevens to somewhere outside) are not allowed.
+
-
Also keep in mind that most corporate LANs do not allow outgoing VPN connections.
+
-
Note that accessing the Library databases from off-campus using VPN connections will
 
-
be slow, as the security negotiations that take place while using VPN greatly decrease
 
-
your connection speed.
 
-
 
-
===[[HD: Split Tunneling]]===
 
-
 
-
Stevens VPN is now able to be used with [[HD: Split Tunneling]].  This concept allows all traffic that is associated with Stevens to be sent through the VPN connection while all other traffic is sent through your normal internet connection.
 
-
 
-
===[[HD: Split Tunneling]] should not be used in these situations===
 
-
 
-
* If you are trying to access the Library Databases, [[HD: Split Tunneling]] will not allow you to connect.
 
-
* If you are using the VPN in an unsecure place (ie a Hotel Wireless Connection).  Only the traffic that is sent through the VPN connection would be secure, all other traffic would be unsecure.
 

Revision as of 14:31, 7 January 2009

This article is Deprecated and may no longer apply to currently supported systems.

If you are experiencing issues related to software/resources mentioned on this page please search for a more current article.

VPN

==When and Why to use a VPN connection ==A VPN connection is used to encrypt all or part of your Internet traffic or to access services that are only available via the Stevens campus network when you are not on campus (the Library databases are an example of this type of service). You want to encrypt your traffic when sending/receiving sensitive data and/or the security of your local connection to the Internet is unknown or questionable; such as WiFi in a cyber cafe, airport, or hotel. You cannot use a VPN connection to the Stevens VPN server while on campus, therefore you can not test while on campus. Therefore, it is suggested you follow the implementation instructions when off campus and contact, the Information Technology Help Desk via a phone call to set-up and test your VPN connection if you bring your machine to them. You do not need to use a VPN connection when sending email, if your email client is setup using authenticated SMTP. There are two setups possible when using the VPN server. The first is where all your traffic is encrypted and passes (tunneled) through Stevens, referred to as “tunnel all traffic”. The other is called “split tunnel”. A “split tunnel” is where only traffic destined for Stevens is actually sent via the encrypted tunnel to Stevens. Each setup has its benefits. The “tunnel all traffic” must be used to access the library databases that require access via a Stevens network address and could/should be used when connecting to the Internet via a public WiFi where a malicious user may be looking at your traffic (sniffing). The down side is that all your traffic gets sent to Stevens and therefore your Internet browsing will be slower and other applications will be slower and /or may not work. Split tunnel is appropriate when you are at home or on a trusted network and would like to access certain restricted Stevens services that require you to be on the campus network to access. An example of this would be using your network storage on storage01. How do you know when to use which type of VPN:

  • First are you using a campus resource that requires a VPN connection? If you are, then ask yourself, do you trust the security of the local network that you are using to connect to the Internet?
    • If you trust the local network, use a split tunnel.
    • If you do not trust the local network, tunnel all traffic
  • If you are not using a campus resource and you do not trust the local network and you are going do some on-line banking, ordering or exchanging personal data, on a web site shat does not sue secure certificates (SSL) be more secure and use the Stevens VPN to tunnel all traffic


Which type of VPN connection to use, here are some guidelines. (If you are not using a VPN required resource or you are not actively sending or receiving sensitive data you should not be connected via VPN to campus)


Configure your computer to connect without Split Tunneling

In order to connect to the Stevens VPN, please follow the directions for your operating system below.


Configure your computer to connect using Split Tunneling

If you are trying to access the Library Databases, do NOT use Split Tunneling

In order to connect to the Stevens VPN using split tunneling, please follow the directions for your operating system below.

Personal tools