Virtual Private Network (VPN)

Summary: If you need to connect to UCInet from off campus, Virtual Private Network (VPN) may be the solution for you. VPN allows you to connect to on campus-only resources like the Library and encrypts the information you are sending over the network, protecting your data.

Peer-to-peer file sharing services and other high-bandwidth applications should not be used while using the VPN service. You may be automatically blocked from using the VPN if your bandwidth exceeds the maximum bandwidth limit.

3 Ways to Access the VPN

WebVPN

Need to access a UCI only website? Use the WebVPN. If you need to use an application, try the VPN Software option.

Software VPN for Mac/Windows/Linux

VPN Software Versions

Client Current VersionUpdated
Windows Vista-10 AnyConnect 32/64 bit3.1.13015January 11, 2016
Mac OS 10.8, 10.9, 10.11 - AnyConnect 32/64 bit3.1.13015January 11, 2016
Mac OS 10.6 - 10.7 AnyConnect Intel 32/64 Bit3.1.05182October 21, 2014
Linux AnyConnect 32/64 bit3.1.13015January 11, 2016

iOS, Android, Chromebook


← Knowledgebase

VPN FAQ

Network Traffic Encryption
When you connect to another site using a VPN, your traffic is encrypted so that if anyone intercepts the traffic, they cannot see what you are doing unless they can break the encryption.  Your traffic is encrypted from your computer through the network to the VPN concentrator hardware at UCI.  At that point the traffic is un-encrypted and sent out over the campus network.  If you are using software like ssh, your traffic on the campus network is still encrypted because ssh encrypts its traffic.

Access UCI Resources
When you are using a VPN connection, it will appear to systems on campus that you are also on campus – you will have a UCI IP address instead of the one you have at home.  This allows you to connect to resources that you would not be able to from home, and bypass any port blocking at the campus border router.

Windows File Shares
The VPN offers a way for authorized users to mount Microsoft Windows file shares from off campus. As of November 5th, 2002, aVPN is required to use “shares” from outside of UCInet because of special port blockades.

Please click here if this helped you.
23 people found this helpful. Permalink


You need VPN if:

  • You mount a Windows disk share from your work computer on your home computer.
  • You need to access restricted services.
  • You use network protocols like NetBIOS to a host or service on campus.
  • You are using a public network, (for example, in a hotel, coffee shop, or airport), especially if it is a wireless network.

You don’t need VPN if:

  • You check your UCI e-mail via IMAP with SSL/STARTTLS encryption.

Downsides to using VPN if it is not needed.

  • Slows down your connection
  • Uses resources others could be using
  • Adds a step to connect to UCI

Please click here if this helped you.
3 people found this helpful. Permalink


VPN service can be connected from any off-campus Internet location or UCInet Mobile Access (wireless) network. It will not work from the campus dial-in modems or any host on campus.

Please click here if this helped you.
7 people found this helpful. Permalink


UCI has two types of VPN tunnels, a “split” tunnel and a “full” tunnel. 

Split Tunnel
The “split” tunnel only sends traffic destined for UCI over the VPN connection.  All other traffic goes through your normal cable modem/dsl connection.  Use the “split” tunnel for connections to and from UCI only. If you are using online Library resources, use the “full” tunnel.

It allows you to talk directly to the Internet, but when your machine “talks” to UCI network addresses the traffic is put through the established VPN tunnel to the UCI VPN node, where it is decrypted and given a UCInet network address.

This is useful for people who need access to things at UCI which require a UCInet IP address (such as connecting to a system that restricts access to UCI hosts only), or to use services which are blocked for security reasons at the campus firewall (such as NetBIOS ports, used in mounting shared drives and other ports used by Microsoft Windows). Only traffic to/from UCI is sent through the VPN connection, so if you were to access Yahoo, it would go through your regular network connection (cable modem, dsl, etc).

Full Tunnel
The “full” tunnel sends all your internet traffic through the VPN connection, and then out to the internet through UCI’s connection.

The “full” tunnel is useful for people who need to access sites off-campus that need a UCI IP address to allow access to a resource. The UCI Library has links to resources such as these. If you wanted to access the Oxford English Dictionary (OED), you can’t get to it with a split tunnel because it’s off campus and your off-campus packets aren’t network address translated to UCI addresses. By using the “full” tunnel, this problem is circumvented. However, note that *all* your traffic is sent through the VPN connection and then out UCI’s internet connection.

You should use the “full” tunnel VPN connection with care since heavy use can cause an increase in UCI’s internet connection costs, and is likely slower than the split tunnel method.

Please click here if this helped you.
4 people found this helpful. Permalink


Timeouts
Once you bring up your VPN client and initiate a connection, you will remain connected as long as you’re actively using it. If the connection is idle for one hour, it will “timeout”. If you are not going to use your computer, it is best to take down the connection yourself, to free-up a tunnel for someone else to use. In either case, when you later come back to your computer you will need to re-initiate a connection if you still need to use the VPN.

Limitations
There is a limit of 2 VPN tunnels which may be simultaneously established under one UCInetID.

The campus VPN provides off-campus users access to university resources not normally available to remote users and is thus a critical resource. The VPN appliance handles connections for all users through the same 100 Mb interface. Users of bandwidth-intensive applications that are not related to the University’s academic mission can detrimentally impact other users on the VPN.

For this reason, Gnutella, Kazaa, Bit Torrent, E-Donkey, and other peer to peer (p2p) file sharing programs (as well as internet gaming and other recreational, high-bandwidth applications) are not allowed on the VPN.

Please click here if this helped you.
6 people found this helpful. Permalink


For those of you who would like to allow or restrict access from VPN users, here are the possible address ranges that VPN users will be using.

128.195.64.100 - 128.195.79.254

CDR Format

128.195.64.0/20

Please click here if this helped you.
19 people found this helpful. Permalink


Installing the VPN Client

  1. Download the Anyconnect VPN client if you have not done so already.
  2. In your Downloads folder, double-click the anyconnectx.dmg file to open it. An icon will appear on the desktop called AnyConnect, and a separate window will open.
  3. Double-click on AnyConnect.mpkg to run the installer, then follow the steps to complete the installation.

Starting the VPN Client

  1. In your Applications folder, go to the Cisco folder and double-click the Cisco AnyConnect Secure Mobility Client.
  2. Enter vpn.uci.edu in the Ready to Connect to field, then press the Connect button.
  3. Select your desired connection profile from the Group drop-down menu:
    • UCIFULL – Route all traffic through the UCI VPN.
      • IMPORTANTUse UCIFULL when accessing Library resources.
    • UCI – Route only campus traffic through the UCI VPN. All other traffic goes through your normal Internet provider.
  4. Enter your UCInetID and password, then click OK.
  5. A banner window will appear. Click Accept to close that window. You are now connected!

Disconnecting the VPN Client

When you are finished using the VPN, remember to disconnect.

  1. Click the AnyConnect client icon located in the menu bar near the top right corner of your screen.
  2. Select Quit.

Please click here if this helped you.
166 people found this helpful. Permalink


Getting Started

  1. Download the Anyconnect VPN client if you have not done so already.
  2. Click Run on the Open File – Security Warning dialog box.
  3. Click Next in the Cisco AnyConnect Secure Mobility Client Setup dialog box, then follow the steps to complete the installation.

Starting the VPN Client

  1. Go to Start->Programs->Cisco->Cisco AnyConnect Secure Mobility Client to launch the program.
  2. Enter vpn.uci.edu in the Ready to Connect to field, then press the Connect button.
  3. Select your desired connection profile from the Group drop-down menu:
    • UCIFULL – Route all traffic through the UCI VPN.
      • IMPORTANTUse UCIFULL when accessing Library resources.
    • UCI – Route only campus traffic through the UCI VPN. All other traffic goes through your normal Internet provider.
  4. Enter your UCInetID and password, then click OK.
  5. A banner window will appear. Click Accept to close that window. You are now connected!

Disconnecting the VPN Client

When you are finished using the VPN, remember to disconnect.

  1. Right-click the AnyConnect client icon located in the system tray near the bottom right corner of your screen.
  2. Select Quit.

Please click here if this helped you.
271 people found this helpful. Permalink


Installing the VPN Client

  1. Download the Anyconnect VPN client if you have not done so already.
  2. From the commandline, go to the directory where you downloaded the file.
  3. As root, untar the gzip’d tar file [tar xzvf anyconnect-xxx]. NOTE: Leave off the brackets when entering the command. This will create a directory called anyconnect-xxx (where ‘xxx’ equals the current version number).
  4. Go to the anyconnect-xxx directory and then go to the vpn directory, and once you are there type [./vpn_install.sh]
  5. The VPN client will be installed on your system and the vpnagentd process will be started. This process will be started each time your system is booted.

Starting the VPN Client

  1. To start the client type now, type [/opt/cisco/anyconnect/bin/vpnui]. Note: if you are not running a GUI, you can enter interactive mode by entering [/opt/cisco/anyconnect/bin/vpn]
    • NOTE: If you are using a desktop environment, you should be able to find the client in one of your menus as well (e.g. in a RHEL environment, look in Applications -> Internet).
  2. In the “Connect to:” box, type vpn.uci.edu and press Return on your keyboard. Note: in interactive mode type [connect vpn.uci.edu]
  3. In the “Group” menu that will appear, select the tunnel you wish to use, usually “UCI” or “UCIFull”. (See the differences in the Tunnels below.)
  4. Enter your UCInetID and password in the appropriate boxes and click “Connect”.
  5. You should get a banner box. When you do, click “Accept” and you are now connected.

Possible Error Messages

If you get one of the following messages when you try to connect to the campus VPN service:

“Connection attempt has failed due to server certificate problem”
“AnyConnect cannot confirm it is connected to your secure gateway”

this means that the AnyConnect client cannot validate the certificate on the campus VPN service.

To remedy this, get a copy of the README and the setup-certs.tar.gz files from ftp://ftp.uci.edu/linux-anyconnect-cert-fix. Follow the directions in the README file to install the InCommon certificate files on your system.

Ubuntu Linux

If you are using Ubuntu Linux and are having problems using the VPN, Jeff Stern has instructions for making the AnyConnect VPN work on Ubuntu. See
http://www.socsci.uci.edu/~jstern/uci_vpn_ubuntu/ for more information.

VPN Connection Tunnels

  • Split Tunnel (UCI)
    The “split” tunnel only sends traffic destined for UCI over the VPN connection. All other traffic goes through your normal cable modem/dsl connection. Use the “split” tunnel for connections to and from UCI only. If you are using online Library resources, use the “full” tunnel. It allows you to talk directly to the Internet, but when your machine “talks” to UCI network addresses the traffic is put through the established VPN tunnel to the UCI VPN node, where it is decrypted and given a UCInet network address. This is useful for people who need access to things at UCI which require a UCInet IP address (such as connecting to a system that restricts access to UCI hosts only), or to use services which are blocked for security reasons at the campus firewall (such as NetBIOS ports, used in mounting shared drives and other ports used by Microsoft Windows). Only traffic to/from UCI is sent through the VPN connection, so if you were to access Yahoo, it would go through your regular network connection (cable modem, dsl, etc).
  • Full Tunnel (UCIFull)
    The “full” tunnel sends all your internet traffic through the VPN connection, and then out to the internet through UCI’s connection. The “full” tunnel is useful for people who need to access sites off-campus that need a UCI IP address to allow access to a resource. The UCI Library has links to resources such as these. If you wanted to access the Oxford English Dictionary (OED), you can’t get to it with a split tunnel because it’s off campus and your off-campus packets aren’t network address translated to UCI addresses. By using the “full” tunnel, this problem is circumvented. However, note that *all* your traffic is sent through the VPN connection and then out UCI’s internet connection. You should use the “full” tunnel VPN connection with care since heavy use can cause an increase in UCI’s internet connection costs, and is likely slower than the split tunnel method.

Linux Openconnect Client

Note: Using the Linux openconnect software is not supported by OIT. If you have problems using this, OIT will not be able to help you. These instructions are provided for you if you want to use something other than the supported Cisco AnyConnect client on your Linux system.

Some Linux distributions include a VPN client called openconnect that can be used with the the UCI VPN service. The instructions below are for Fedora Linux. Other distributions may be similar.

(Jeff Stern has a page on setting up Openconnect for Debian/Ubuntu users, at http://www.socsci.uci.edu/~jstern/uci_vpn_ubuntu/ubuntu-openconnect-uci-instructions.html .)

  1. Make sure openconnect is installed. As root type “yum install openconnect”. This will install openconnect and anything it depends on. You will need vpnc installed as well, in case installing openconnect does not install it.
  2. In a terminal window:
    su root
    (give root password)
    openconnect -s /etc/vpnc/vpnc-script -u xxxxxx -v vpn.uci.edu

    (replace xxxxxx with your UCInetID)

  3. You will be prompted for the Group to use. Pick one of the options, usually UCI or UCIFull.

You will be prompted for your password. After you give the client your password you will be logged in. You can minimize the terminal window while you do your work (don’t close it or you will lose your VPN connection). When you are done type ^C (control-c) to terminate openconnect and your VPN session will be logged out.

Please click here if this helped you.
10 people found this helpful. Permalink


Download and Configure Cisco AnyConnect

  1. From your iOS device, download and install the Cisco AnyConnect App from the iTunes Store.
  2. Open the app.
  3. Tap the Add VPN Connection.
  4. Type in UCI in the Description field
  5. Type in vpn.uci.edu in the Server Address field
  6. Tap Save.

Using the Cisco AnyConnect App

  1. Toggle the AnyConnect VPN switch to ON.
  2. Select a Group if needed.
  3. Type in your UCInetID in the Username field.
  4. Type in your UCInetID password in the Password field.
  5. Tap Connect.
  6. You should now be connected.
  7. Remember to switch to OFF when you are done.

Please click here if this helped you.
73 people found this helpful. Permalink


Download and Configure Cisco AnyConnect

  1. Download the Cisco AnyConnect app from the Google Play Store.
  2. Open the app.
  3. Select Add VPN Connection
  4. Description: UCI
  5. Server Address: vpn.uci.edu
  6. Select Done or Save.

Using the Cisco AnyConnect App

  1. Open the app.
  2. Select the UCI connection from the “Choose a connection” area.
  3. Choose the UCIFull or UCI group, and then enter your UCInetID and password.
  4. You may also need to choose to Trust the application the first time you connect.
  5. Remember to disconnect when you are finished.

Please click here if this helped you.
34 people found this helpful. Permalink


  1. Download and install the Cisco AnyConnect VPN from the Chrome Web Store.
  2. Go to Settings in Chrome and create a VPN entry.
    • Connection to Name = UCI
    • Server = vpn.uci.edu
  3. Go to Settings and click on “VPN”, then select “Cisco AnyConnect” and “UCI.”

Please click here if this helped you.
33 people found this helpful. Permalink


Before You Begin

The WebVPN service is a clientless, Web-based version of VPN, built to be compatible with as many different computers as possible. However, there are a few basic requirements:

  • A connection to the Internet
  • Cookies enabled in the browser

Please note that some websites will not work with the WebVPN. If you cannot access a site via the WebVPN, please use the Software VPN.

WebVPN Basics

Do not use the WebVPN service to connect to banking, financial, or other Web pages where you have to enter personal information (name, address, social security number, banking login and password, etc). The WebVPN service intercepts any certificates from the Web site, which prevents your browser from checking the certificates for validity.

  1. Using your Web browser, go to https://vpn.uci.edu
  2. Login with your UCInetID and password. Click Login.
    WebVPN Login
  3. In the WebVPN window, you may choose a Library resource from the Web Bookmarks list or type in an address in the Address field.
    (This will connect through UCI’s VPN allowing you to access UCI restricted resources while encrypting your network traffic.)
    Note: Only Web pages browsed from the UCI Library Online Resources link or entered in the provided “Enter Web Address” fields use the WebVPN.
    web vpn links
  4. If you clicked the UCI Library Online Resources link, you will see the following page. Browse to the resource you need or use the Search feature. If you need help, you can use the “Ask a Librarian” feature.
    library resources
    Note: The Library Web page is being passed through the WebVPN, as shown in the address bar. The browser toolbar will be in the right top corner. See more information on the Browser toolbar below.
  5. If you typed in a Web address, the Web site you requested will appear in your browser window. If you look at the address bar in your browser, you will notice that the address is being passed through UCI’s VPN.
    The browser toolbar will also appear in the right corner of the browser window.
    webvpn address toolbar
  6. To visit another restricted site, click the Go To Address button in the browser toolbar. If you type in a Web address directly in the browsers’s address field you will be logged out of the WebVPN.
  7. When you are done using the WebVPN, click the Exit icon [ a red X ] in the upper-right of your screen to log out.

Please click here if this helped you.
29 people found this helpful. Permalink


← Knowledgebase