Difference between revisions of "How To Use VPN"

From ECE Information Technology Services
Jump to navigationJump to search
 
(14 intermediate revisions by 5 users not shown)
Line 1: Line 1:
==Background==
+
Access to ECE resources such as workstations, printers, and network shares is limited to ECE subnets, the ECE VPN, and the "ubcprivate" wifi networkAll other access is blocked by the ECE firewall.
UBC IT Services offers a VPN service so that members of the UBC community can
 
access UBC services that would otherwise be inaccessible from outside the UBC
 
network.  For example, you can access the various student records, financial
 
records and human-resource records systemsAdditionally, you can access the
 
library's systems, including e-journals, without using the library's proxy
 
server.
 
  
UBC IT Services offers the ability to create 'pools' of users within their VPN
+
For access to the ECE VPN and ubcprivate, contact it@ece.ubc.ca.  In your request, please specify your CWL username and your affiliation with ECE.
service so that users who log into the VPN service can be granted additional
 
access rights.
 
  
ECE IT Services has established several pools:
+
==Connecting to the UBC VPN==
* ''ece'' for ECE Faculty, Staff and Students [active deployment]
+
A Cisco AnyConnect VPN client can be downloaded from https://myvpn.ubc.ca.
* ''ece.prof'' for ECE Faculty and Staff [active deployment, but to be deprecated in favour of the ''ece'' pool]
 
* ''ece.grad'' for ECE Graduate Students [pending deployment]
 
* ''ece.ugrd'' for ECE Undergraduate Students [pending deployment]
 
* ''ece.othr'' for ECE Guests and Visitors [pending deployment]
 
  
Membership in one pool or the other is determined by ECE IT Services and is not
+
The client should connect to the server <code>myvpn.ubc.ca</code>Log onto the VPN using your CWL credentials.
automatic'''Please note that, at this time, only the ''.ece'' pool is in
 
active deployment.'''
 
  
[Aside: Why ''ece.prof'' rather than something more descriptive such as
+
If you have been granted access to the ECE VPN, append <code>.ece</code> to your CWL loginFor example, if your CWL login is <code>''spock''</code>, log on as <code>''spock''.ece</code>(Without the <code>.ece</code> suffix, you would be placed on the UBC network, but outside the ECE firewall.)
''ece.faculty_and_staff''? The pool's name consists of two parts: an
 
organizational unit name, ''ece'', and a group name, ''prof''.  The group name
 
is limited to four characters by the VPN system's software.]
 
  
==Steps to Using Pool-Based VPN==
+
==Connecting to the ubcprivate wifi network==
===First, Ensure Normal VPN Connectivity===
+
If you have been granted access to ubcprivate, append <code>.ece</code> to your CWL login.  For example, if your CWL login is <code>''spock''</code>, log on as <code>''spock''.ece</code>.
To use [http://it.ubc.ca/services/email-voice-internet/myvpn UBC IT Services' VPN service], you will need a [http://cwl.ubc.ca CWL ID] and you
 
will need to [http://it.ubc.ca/services/myvpn/setup-documents configure your computer].
 
 
 
===Next, Attempt Pool-Based VPN Connectivity===
 
To use a pool, connect to the VPN service as before but use a slightly
 
different, qualified username: ''<cwl_id>.<pool>''.  For example, if you
 
successfully logged into the VPN service with a username of ''lucaf'' and you
 
are a member of the ''ece'' pool, then you would use the qualified
 
username of ''lucaf.ece'' to log into the pool.
 
 
 
Using this qualified username will log you into the pool and your VPN tunnel
 
endpoint will be given an IP address from a specific, exclusive range.  The ECE
 
firewall is configured to allow this IP address range to access services
 
normally only accessible from within the ECE network.  For example, by using
 
the pool, you will no longer need to run an ssh tunnel to access license
 
servers and you will be able to access ECE file servers (e.g.,
 
''\\foo.ece.ubc.ca\lucaf'') directly.
 
 
 
===Restrictions===
 
Please note that the only pools currently active are the ''ece' and ''ece.prof'' pool.  The other pools are pending decisions regarding firewall access rules and the larger task of automating the process of adding / deleting students from the
 
ece.ugrd and ece.grad pools (many systems at UBC are in need of
 
interconnection and automation).
 
 
 
Since we have to manually inform UBC IT Identify & Access Management about which CWL IDs should be moved into the pools, if you are able to use VPN service with an unqualified CWL ID but not with a qualified CWL ID (e.g., ''lucaf'' works but ''lucaf.ece'' doesn't), please [mailto:help@ece.ubc.ca email help@ece.ubc.ca] requesting that we add your CWL ID to the appropriate pool. Please ensure that you provide us with your CWL ID as we are not able to look them up ourselves. 
 
 
 
Again, the only pools that are active are the '''ece'' and ''ece.prof''
 
pool.
 
 
 
==Some Additional Considerations==
 
If you use UBC IT Services' Wireless service, you will know that you are
 
required to authenticate with an authentication gateway before you are able to
 
send traffic to the UBC network and the Internet.  You have two choices for
 
authenticating with the gateway: one is to use the web login form (the actual
 
gateway) and the other is to use the VPN service (which bypasses the gateway).
 
If you use the VPN service with the qualified username, then you can send
 
traffic to the ECE network, also.
 
 
 
Whether you are at home or on the road using an ISP's network with VPN, at UBC
 
using UBC's wireless network with VPN, or in your office/lab using ECE's
 
network without VPN, you can have (almost) the same access.
 
  
 
==See Also==  
 
==See Also==  
 
* [[How To Tunnel Connections Through SSH]]
 
* [[How To Tunnel Connections Through SSH]]

Latest revision as of 12:29, 9 March 2021

Access to ECE resources such as workstations, printers, and network shares is limited to ECE subnets, the ECE VPN, and the "ubcprivate" wifi network. All other access is blocked by the ECE firewall.

For access to the ECE VPN and ubcprivate, contact it@ece.ubc.ca. In your request, please specify your CWL username and your affiliation with ECE.

Connecting to the UBC VPN

A Cisco AnyConnect VPN client can be downloaded from https://myvpn.ubc.ca.

The client should connect to the server myvpn.ubc.ca. Log onto the VPN using your CWL credentials.

If you have been granted access to the ECE VPN, append .ece to your CWL login. For example, if your CWL login is spock, log on as spock.ece. (Without the .ece suffix, you would be placed on the UBC network, but outside the ECE firewall.)

Connecting to the ubcprivate wifi network

If you have been granted access to ubcprivate, append .ece to your CWL login. For example, if your CWL login is spock, log on as spock.ece.

See Also