How To Use VPN

From ECE Information Technology Services
Revision as of 15:06, 15 May 2009 by Jazminl (talk | contribs) (New Page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search


Background

UBC IT Services offers a VPN service so that members of the UBC community can access UBC services that would otherwise be inaccessible from outside the UBC network. For example, you can access the various student records, financial records and human-resource records systems. Additionally, you can access the library's systems, including e-journals, without using the library's proxy server.

UBC IT Services offers the ability to create 'pools' of users within their VPN service so that users who log into the VPN service can be granted additional access rights.

ECE IT Services has established several pools:

  • ece.prof for ECE Faculty and Staff [active deployment]
  • ece.grad for ECE Graduate Students [pending deployment]
  • ece.ugrd for ECE Undergraduate Students [pending deployment]
  • ece.othr for ECE Guests and Visitors [pending deployment]

Membership in one pool or the other is determined by ECE IT Services and is not automatic. Please note that, at this time, only the ece.prof pool is in active deployment.

[Aside: Why ece.prof rather than something more descriptive such as ece.faculty_and_staff? The pool's name consists of two parts: an organizational unit name, ece, and a group name, prof. The group name is limited to four characters by the VPN system's software.]


Steps to Using Pool-Based VPN

First, Ensure Normal VPN Connectivity

To use [http://www.it.ubc.ca/security/VPN UBC IT Services' VPN service], you will need a CWL ID and you will need [http://www.itservices.ubc.ca/security/VPN/accessvpn.html to configure your computer].

Next, Attempt Pool-Based VPN Connectivity

To use a pool, connect to the VPN service as before but use a slightly different, qualified username: <cwl_id>.<pool>. For example, if you successfully logged into the VPN service with a username of lucaf and you are a member of the ece.prof pool, then you would use the qualified username of lucaf.ece.prof to log into the pool.

Using this qualified username will log you into the pool and your VPN tunnel endpoint will be given an IP address from a specific, exclusive range. The ECE firewall is configured to allow this IP address range to access services normally only accessible from within the ECE network. For example, by using the pool, you will no longer need to run an ssh tunnel to access license servers and you will be able to access ECE file servers (e.g., \\\\foo.ece.ubc.ca\\lucaf) directly.

Restrictions

Please note that the only pool that is active is the ece.prof pool. The other pools are pending decisions regarding firewall access rules and the larger task of automating the process of adding / deleting students from the ece.ugrd and ece.grad pools (or, at least, automating our side if UBC IT Services can't automate theirs; many systems at UBC are in need of interconnection and automation).

Since we have to manually inform UBC IT Services about which CWL IDs should be moved into the pools, if you are able to use VPN service with an unqualified CWL ID but not with a qualified CWL ID (e.g., lucaf works but lucaf.ece.prof doesn't), please email help@ece.ubc.ca requesting that we add your CWL ID to the appropriate pool. Please ensure that you provide us with your CWL ID as we are not able to look them up ourselves. Again, the only pool that is active is the ece.prof pool so please don't email us regarding the other pools.

Some Additional Considerations

If you use UBC IT Services' Wireless service, you will know that you are required to authenticate with an authentication gateway before you are able to send traffic to the UBC network and the Internet. You have two choices for authenticating with the gateway: one is to use the web login form (the actual gatway) and the other is to use the VPN service (which bypasses the gateway). If you use the VPN service with the qualified username, then you can send traffic to the ECE network, also.

Whether you are at home or on the road using an ISP's network with VPN, at UBC using IT Services' wireless network with VPN, or in your office/lab using ECE's network without VPN, you can have (almost) the same access.


See Also