|
|
Dan Albrich
Microcomputer Network Specialist
dalbrich@oregon.uoregon.edu
Joe St Sauver, Ph.D.
Director, User Services and Network Applications
joe@oregon.uoregon.edu
In the old days, when all off-campus users simply dialed into the UO modem
pool, UOnet was always only a phone call away. Once you were successfully dialed
into one of the UO's modems from home, you were connected to UOnet just as if
you were on campus, and everything worked exactly the way you expected it to.
But then along came broadband high-speed home DSL and cable modem services.
DSL and cable modem services were, and are, both better and worse than using
a UO dialup for off-campus access. On the one hand, DSL and cable modem service
are a lot faster than dialup modems. On the other hand, because DSL and cable
modem service are offered by third-party service providers rather than the university
itself, when you use a DSL or cable modem service you lose your UO affiliation--i.e.,
the UO no longer has any way of telling that the person coming in over that
cable or DSL modem service is UO faculty, staff , or student.
Because we can't identify you as affiliated with the UO, you can't use site-licensed
databases, nor can you take advantage of any UO-only services such as our local
news server or our outbound email servers.
Moreover, whenever you connected from a non-UO Internet service provider, some
of you may have had a vague and indefinable sensation that connecting from a
commercial ISP was in some way riskier or less secure than connecting directly
via UOnet.
VPNs (virtual private networks) magically fix those two problems. When you
use a VPN to connect from off campus, two things happen:
Anyone who connects to the UO from a cable modem or via a DSL service provider
but needs to have a UO IP address to access local resources should consider
using this new VPN service.
If you are connecting from an on-campus hard-wired connection or if you are dialing in to one of the UO's dialin modems, you should not use the VPN software.
Fig. 1. Diagram showing three different ways your PC can connect to networked
hosts at the UO.
We've answered some common questions about VPN below:
Q - Do I have to use the VPN software?
A - No, you don't. Use of the VPN software is currently discretionary--and
for many users, it's not needed.
Q - Why wouldn't I want to use VPN software everywhere, all the time, even
from hardwired on-campus connections?
A - First, you should understand that when you use a VPN, your computer
has to do a lot of work encrypting your network traffic, and the overhead associated
with doing that limits how fast you can go (you'll still go plenty fast, but
not as fast as if you were unencrypted).
Second, using a VPN adds another level of complexity which you may want to avoid
if you don't need it.
Third, you already have a UOnet address if you're connecting from on campus,
so one of the VPN's big two advantages (getting a UO network address) is moot.
Q - Even if I'm connecting from on campus, wouldn't it still be worthwhile
getting the encryption that using a VPN gives me?
A - The encryption that a VPN gives you is inferior to the end-to-end
encryption you get when you use ssh or when you connect to a secure web site
using an SSL-enabled browser (see "c" versus "b" in
the diagram above).
VPN encryption encrypts traffic from your PC running the VPN software all the
way to the VPN concentrator running here on campus...but no further.
When you're using the VPN, your traffic flows over UOnet unencrypted at least
part of the way, just as it does on a regular hardwired network connection from
an office (see "b" versus "a" in the diagram above).
Bottom line, if you're already connecting from a hardwired on-campus connection,
a VPN doesn't really give you any improvement in security.
Q - Is this VPN the same thing as the UO Library's proxy server?
A - No. The library's proxy service is designed solely to facilitate
access to a limited set of library-purchased site licensed web-accessible online
resources. If you use the VPN software, you won't need to use the library's
proxy server.
Q - Where can I get the VPN software?
A - The VPN software and documentation for it are available at http://micro.uoregon.edu/getconnected/
Q - How does the VPN know who I am?
A - When you connect with the VPN, you log in with your Darkwing, Gladstone,
or Oregon email address and password, which we accept as proof of who you are.
(The VPN uses the same mechanism for proving who you are as our dialup modem
pool.)
Q - Can I use other email addresses to verify my identity, such as my departmental
email account on a departmentally provided email server?
A - No, you can use only your Darkwing, Gladstone, or Oregon email address
and password to authenticate.
Q - How do I know the VPN is actually working?
A - The initial connection looks similar to a dialup modem connection.
You'll be prompted for your username and password. Type in your full email username,
including the machine address (e.g., jersmith@gladstone.uoregon.edu, jersmith@darkwing.uoregon.edu,
jersmith@oregon.uoregon.edu). Your password is the one you use for that email
account.
When you're connected, a window appears confirming you've made a successful
connection. After you click "OK" on that window, a small yellow
padlock icon appears in the system tray. If you double-click on the padlock
icon, you'll see a window showing connection statistics and a "Disconnect"
button. (You'll need to double-click on the padlock icon to end your session
normally.)
Q - If I'm connected using the VPN, does the UO's Acceptable Use Policy
apply?
A - Yes. In particular, if you're dialed in with the VPN client, you
should not allow family members or roommates to use your system until you disconnect
from the UO VPN. Once you've disconnected from the UO VPN, what you do over
your cable modem connection or DSL service is strictly a matter for you and
your cable modem or DSL service provider.
Q - Once I'm connected via the VPN, what can I access?
A - Once you're connected via the VPN, you can access anything you could
get from a regular on-campus ethernet connection, including:
Q - Will Novell IPX, AppleTalk , or IP multicast work over the VPN?
A - The only supported protocol is TCP/IP. This means that standard applications
such as web and email will work, but certain types of server connections may
not. In addition, IP/TV and other multicast applications will not work through
the VPN connection. If you have a particular network application that doesn't
work via the UO VPN, you may wish to call us to ask for advice about possible
workarounds.
Q - How do I disconnect from the VPN?
A -Double-click on the padlock icon in the system tray to reveal the "Disconnect"
button. Click it to disconnect. Note that open network sessions will be dropped
when you disconnect from the VPN.
Q - Is there a Mac version of the VPN software?
A - At this time, only Mac OS X is supported, and the OS X client is free. A
commercial application does exist for traditional Mac OS 8/9 that you can purchase
if you wish. See http://micro.uoregon.edu/getconnected/ for details.
Q - What If I'm Using a Linux workstation, or a Sun Sparc?
A - A VPN client is available for both Linux and Sparc. See ftp://ftp.uoregon.edu/vpn/3000
If you're not sure if the VPN software is for you, or if you're having problems using it, feel free to contact Microcomputer Services for help. Stop by 151 McKenzie Hall weekdays any time between 9 am and 5 pm, call us at 346-4412, or send email to microhelp@lists.uoregon.edu