VPN Overview. The path for wireless VPN users



Similar documents
Setting up a VPN connection Windows XP

Tufts VPN Client User Guide for Windows

Florida Atlantic University VPN Client Installation Guide

Installation and Configuration of VPN Software

Phone: Fax: Box: 230

Chapter 2 Preparing Your Network

For paid computer support call

Verizon Remote Access User Guide

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

VPN SOFTWARE - WINDOWS XP & WINDOWS 64-BIT INSTALLATION AND CONFIGURATION INSTRUCTIONS

Phone: Fax: Box: 230

Installing the Microsoft Network Driver Interface

McAfee.com Personal Firewall

CruzNet Secure Set-Up Instructions for Windows Vista

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

1. Set Daylight Savings Time Create Migrator Account Assign Migrator Account to Administrator group... 4

WatchGuard Mobile User VPN Guide

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Vantage RADIUS 50. Quick Start Guide Version 1.0 3/2005

The ECU Wireless system uses a captive portal authentication system. There are three steps to configure your computer for wireless access:

SATO Network Interface Card Configuration Instructions

LRDC Computing Services

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

University Computing & Telecommunications Virtual Private Networking: How To/Self- Help Guide Windows 8.1 Operating System.

Connecting to the FILTER Virtual Private Network (VPN)

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

Chapter7 Setting the Receiving PC for Direct Upload. Setting the Receiving PC for Direct Upload For Windows For Macintosh...

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

AirStation VPN Setup Guide WZR-RS-G54

Dial-up Installation for CWOPA Users (Windows Operating System)

Using a VPN Connection

Using Remote Web Workplace Version 1.01

How To Connect To Ecs.Org From A Pc Or Mac Or Ipad (For A Laptop) With A Network Connection (For Mac) With The Ipad Or Ipa (For Pc Or Ipac) With An Ipa Or Ip

Linksys Gateway SPA2100-SU Manual

1. Hardware Installation

MODEM AND DIAL-UP. Installation/Configuration (Windows 95/98/Me/NT/2000/XP)

How to Setup Virtual Private Network Access for Windows XP

Global VPN Client Getting Started Guide

Installing Novell Client Software (Windows 95/98)

Internet Guide. Prepared for 55 John Street

How To Set Up Hopkins Wireless On Windows 7 On A Pc Or Mac Or Ipad (For A Laptop) On A Network Card (For Windows 7) On Your Computer Or Ipa (For Mac Or Mac) On An Ipa Or

Undergraduate Academic Affairs \ Student Affairs IT Services. VPN and Remote Desktop Access from a Windows 7 PC

Setting up VPN connection: DI-824VUP+ with Windows PPTP client

Global VPN Client Getting Started Guide

Phone: Fax: Box: 230

VPN: Virtual Private Network Setup Instructions

Setting Up VPN Connection to use Internet Access. 2. Right click on the appropriate VPN connection and click properties

Print Server Application Guide

VPN Connection and Configuration

ShadowControl ShadowStream

How to Remotely View Security Cameras Using the Internet

Contents. VPN Instructions. VPN Instructions... 1

Defender EAP Agent Installation and Configuration Guide

Getting Your Multifunction Back On Your Network After A Router Or Network Change

DSL Self-install Kit Instructions

Campus VPN. Version 1.0 September 22, 2008

Configuring the WT-4 for ftp (Ad-hoc Mode)

How do I Install and Use the Cisco VPN Any Connect Client for the Berkeley Campus?

How to setup a VPN on Windows XP in Safari.

Purple Sturgeon Standard VPN Installation Manual for Windows XP

Configuration Guide. Remote Backups How-To Guide. Overview

IIS, FTP Server and Windows

Mac OS X: INSTALLING TUNNELBLICK

Setting up VPN Access for Remote Diagnostics Support

Creating client-server setup with multiple clients

Hallpass Instructions for Connecting to Mac with a Mac

STATIC IP SET UP GUIDE

Viking VPN Guide Mac OSX RDP Usage

Setting Up Your FTP Server

Safety and Health Grant Program Database Remote Access Installation Guide

Working Together - Your Apple Mac and Microsoft Windows

Installing the SSH Client v3.2.2 For Microsoft Windows

QUANTIFY INSTALLATION GUIDE

How To Remotely View Your Security Cameras Through An Ezwatch Pro Dvr/Camera Server On A Pc Or Ipod (For A Small Charge) On A Network (For An Extra $20) On Your Computer Or Ipo (For Free

Instructions for use the VPN at the Warsaw School of Economics

owncloud Configuration and Usage Guide

From a Finder window choose Applications (shown circled in red) and then double click the Tether icon (shown circled in green).

Virtual Office Remote Installation Guide

Nortel VPN Client. Customer Care Center Office of Enterprise Technology (OET) for Windows Vista 64-bit Operating System

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Networking. General networking. Networking overview. Common home network configurations. Wired network example. Wireless network examples

Setting Up Scan to SMB on TaskALFA series MFP s.

Quick Scan Features Setup Guide. Scan to Setup. See also: System Administration Guide: Contains details about setup.

WestermoConnect User Guide. VPNeFree Service

Mac OS VPN Set Up Guide

Sophos UTM. Remote Access via PPTP Configuring Remote Client

Software Installation Requirements

Configuring a Windows 2003 Server for IAS

CallPilot. Release 2.0. My CallPilot User Guide

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

TAMUS Terminal Server Setup BPP SQL/Alva

P-660R-T1/T3 v2 Quick Start Guide

VPN Network Access. Principles and Restrictions

Information Services. Accessing the University Network using a Virtual Private Network Connection (VPN), with Windows XP Professional

Configuring the OfficeConnect Secure Gateway for a remote L2TP over IPSec connection

Manufacturing Representative SSL VDM Login User s Guide

APSCN VPN Settings for Windows 7 2. APSCN VPN Settings for Windows XP 8. APSCN VPN Settings for MAC OS 15

AT&T Global Network Client v6.8.0 and Passport IP Setup Instructions for Broadband VPN Access

Transcription:

VPN Overview The path for wireless VPN users First, the user's computer (the blue computer) connects to an access point in the uiuc-wireless-net network and is assigned an IP address in that range (172.21.0.0 /20). Machines on this subnet are not allowed to access anything outside that network without authenticating through the VPN server. Next, when the user runs the VPN client, the computer makes a VPN connection request which is routed to the VPN server (the blue path in the diagram). The router sends VPN connection requests from the uiuc-wirelessnet to the VPN server, but drops any requests for other campus locations or the Internet from uiuc-wireless-net. The VPN server takes the user's authentication request and communicates with the Radius server and the Kerberos server to determine whether the user is authenticating correctly. If so, the VPN server establishes an encrypted tunnel with the wireless computer over the blue path (using the computer's real ID). The VPN server takes the encrypted communications the client computer sends to it, unencrypts the information, and forwards the information along to its destination with its identity represented as a part of the VPN-assigned network address range (shown as the orange block above). Requests from computers in the uiuc-vpn-net address range (orange) are allowed access to both campus resources and the Internet. Requests that would not be permitted if the router received them unencrypted from uiuc-wireless-net (blue) are permitted after the VPN server has begun representing the computer's identity as part of the uiuc-vpn-net address range (orange). The VPN server is the only machine which knows the blue computer's true identity and location; it exchanges information over the encrypted tunnel it established with that machine, and redirects the data as though it originated in an unencrypted form from a machine with a uiuc-vpnnet (orange) IP address.

The path for remote wired VPN users The path for remote wired users is the same as that described above for wireless users, with one exception. Rather than coming from an access point and using an original IP in the wireless network range, the machine is coming from a third-party ISP before making its VPN connection request and being routed to the VPN server. For the diagram above to represent the remote wired users' path, all that changes is the network name and IP range assigned to the cloud around the blue computer. Security basics Note that from the blue computer to the VPN server and back, all transmissions are encrypted. From the VPN server out to the rest of the world, communications are NOT encrypted. The goal of the VPN server is not to make wireless transmissions end-to-end secure; the goal is to permit wireless users to access resources on the UIUC network without revealing sensitive data such as login names and passwords to anyone close enough to "overhear" it. Without the VPN server, a hacker could overhear and interpret a wireless computer's transmissions by standing close enough to connect to the same access point. (Wired systems start off a little more secure. It's more difficult for a hacker to intercept communication traveling across a series of wires than to intercept everything passing through the air around an access point.) In banking terms, wireless "security" without a VPN server would be roughly equivalent to storing money on a table in the middle of a room and expecting passers-by not to walk off with it. The VPN server effectively puts your valuables (password and data) in a safety deposit box (encryption), and each person communicating with the VPN server is given a key which accesses only one safety deposit box (the data sent to and from their own machine). The VPN server carries the transmissions securely into the wired part of the UIUC network. From that point on, however, the wireless users' communications are subject to the same protections and vulnerabilities as any wired computer on the UIUC network. Installation and configuration for Windows VPN Installation Before beginning this process, make sure you have downloaded and saved the identification certificate on your hard drive in a location you can find (http://www-commeng.cso.uiuc.edu/software/vpnclient.html). Store the certificate in a place where you can keep it permanently on your hard drive. 1. Double-click on the downloaded.exe file (http://www-commeng.cso.uiuc.edu/software/vpnclient.html) to start the installation process, and follow the prompts as given. (In most cases, the installation utility will automatically locate and install the correct networking drivers. If it cannot do so automatically, see the "Manually Installing the Network Driver" section on http://www.cisco.com/univercd/cc/td/doc/product/aggr/vpn5000/client/index.htm for your platform.) 2. Restart your machine when prompted.

3. After the restart, run the VPN client. A window like the following will appear: 4. In the Configuration tab (shown above), click the "Add..." button. 5. In the Login Properties box which appears, select the Certificate radio button, and select "Manual" from the drop box (as shown). Your login name will be your Network ID (in lower case) followed by @UIUC.EDU (in upper case), like the example shown. The Primary VPN Server's IP address is 128.174.1.98; there is no Secondary VPN Server. When you have entered this information, click OK. 6. Next, you will be prompted for a root certificate. Click the Browse button and navigate to where you saved the certificate. It will appear in the Root Certificates list (as shown). (Note: Do not move or delete the certificate after directing the VPN client to use this location, unless you also change the

configuration to recognize a new location or new certificate.) You're now finished with initial configuration. You can exit the VPN client now. Starting a new VPN session 1. When you want to make a VPN connection, you'll need to have established your regular network connection first. If your network connection is not established first, the VPN system will not know what IP address to communicate with. o o For cable modem, DSL, and Ethernet users, you'll already be connected. For dialup users, you'll need to follow your usual dialup procedure and log in to your ISP. 2. After this connection has been established, double-click the VPN client icon to start it again. 3. Return to the Configuration tab, select the login configuration you want to use from the list of configurations available, and click the Connect button to establish a connection. The system will prompt you with a "RADIUS login" screen (as shown). Enter your Network ID (NetID/Kerberos) password in the Password box. Then click OK. 4. You should receive a message at the bottom of the main window indicating that you have successfully connected to the VPN server. Clicking the General tab will give you connection information. 5. When you are finished working through the VPN connection:

1. Click the Configuration tab 2. Then click the Disconnect button 3. Then click the Exit button. (If you're using a dialup connection, you'll need to disconnect it separately using your normal disconnect procedure.) UIUCLIBRARY Specific Settings Note: Access to the Library s network shares (G:\ or H:\ drives, etc.) is limited to machines running Windows 2000, Windows NT, and Windows XP. Operating systems such as Windows 95, 98, and ME, will not be able to connect to network shares. Settings to change Under your TCP/IP properties, there will be an option such as below to enable NetBIOS over TCP/IP. Depending on the OS version, the setting may be in several places. Typically you will need to right click on your Network Neighborhood (My Network Places) icon and choose the properties option. Set NetBIOS over TCP/IP to Enable The Client for Microsoft Networks also must be installed under your network connection properties.

Connecting to network shares Note: Access to the Library s network shares is limited to machines running Windows 2000, Windows NT, and Windows XP. Operating systems such as Windows 95, 98, and ME, will not be able to connect to network shares. The network shares you most commonly have available to you are as follows: o Groupfiles, also the G drive \\libsys5.library.uiuc.edu\groupfiles o Home directory, also the H drive \\libsys5.library.uiuc.edu\username$ o Web pages, also the W drive on libgrenlil \\www.library.uiuc.edu\deptwebshare To connect to a network drive, click on the start menu and choose run. Type in the above bold line depending on the share you wish to connect to. You should get a prompt for your username and password. For your username, type in your NT domain account as follows: UIUCLIBRARY\username your password is your NT domain password. *note* the italicized items need to be replaced with your pertinent information Further security issues Since Enable NetBIOS over TCP/IP is needed to connect to network shares on the library servers, any drives you have shared on your computer can also be accessed over a TCP/IP connection. This poses a problem if you have File and Printer Sharing enabled on your computer. If you do not need to share a file or printer from your computer, uninstall or disable this service.