Page tree
Skip to end of metadata
Go to start of metadata

Domains Supported: All    Platforms Supported: Windows, Mac OSX, Linux (Linux has unofficial client support)


Introduction

A VPN is a way of connecting your off-site computer directly to the University network. It allows you to access internal resources such as other computers, network storage, websites, journals using the applications already installed on your off-site computer. As both Eduroam and UniofCam wireless networks are external, VPN can be useful to use with these.

To use the VPN service you must be subscribed to the CSCS network connection and user account services.  You must install a VPN client on the PC you wish to connect from.

Please note that the VPN service requires a moderate amount of technical ability to use – If you are a beginner then we recommend using another service, such as Citrix Remote Desktop

If you just need to access email or files, there are simpler and quicker methods – see this summary

Supported Devices

Our VPN service is provided through our firewall which is manufactured by FortiGate. Connection to our VPN service requires the use of a software client called FortiClient which must be downloaded. Instructions for this and links to the download are provided alongside this document.
Currently we support the following devices:

  • PC – Windows XP and upwards
  • Mac OSX – Snow Leopard and upwards
  • Linux – Some variants, limited support but tested with Ubuntu and Debian

We do not officially support tablets or phones at this time.

Cost and Eligibility

The service is free to all users who have paid for a network connection, but by default your user account will not be configured to use the VPN (unless you are a member of the SLCU domain).
If you wish to use the VPN and are working within Zoology or the MINTS domain, please complete the form found at http://cscs.medschl.cam.ac.uk/user-services/remote-access/vpn-service/ and we will be happy to add you to the service.

Types of VPN

The VPN service currently offers two types of VPN – full tunnel mode and split tunnel mode. By default we will provide a split-tunnel VPN.

In Split Tunnel mode, only network traffic to the internal network is sent down the VPN connection. All other internet traffic is sent out as normal.This keeps your internet browsing as fast as it usually is.

In Full Tunnel mode, all traffic sent down the VPN connection, meaning internet browsing is also funnelled via the University Firewall. Although browsing will be slightly slower as a result, it will be more secure. Full Tunnel Mode is advised for users who access sensitive data, travel abroad extensively or are generally concerned about security. (Note: Full Tunnel is only available with the Addenbrookes VPN)


 

The VPN service is an SSL-VPN and therefore requires very little configuration on end user devices due to its simplicity. SSL-VPN uses the well-known HTTPS protocol to establish and maintain its connection and uses digital certificates to maintain authenticity of VPN listeners.

While connected to the VPN your device cannot be used as a server. Your connection into the internal network is "stateful" which means that if you try to access a resource within the internal network through the VPN, the resource you are connecting to is allowed to send data in reply to your device. The resources or clients within the internal network cannot establish the initial connection first.

Connecting to the VPN from within the CSCS/Zoology/SLCU network will result in a reduced level of network connectivity. You should never need to connect to the VPN if you are connected physically to the network. The only time you would want to use the VPN at work, would be if you were using Eduroam/UniOfCam or some kind of Wi-Fi hotspot.

  • No labels