Summary: If you need to connect to UCInet from off campus, Virtual Private Network (VPN) may be the solution for you. VPN allows you to connect to on campus-only resources like the Library and encrypts the information you are sending over the network, protecting your data.
A note for macOS users running versions prior to 10.9 (Mavericks)
Unfortunately the current AnyConnect VPN client will only run on macOS versions newer than 10.9 (Mavericks). Please update your operating system. Faculty and staff should partner their with their local CSC, and students should reach out to AntTech for assistance.
The OITHD cannot assist with OS upgrades, and we cannot implement any changes to the network to get your computer to connect to the VPN. We apologize for the inconvenience. You may continue to use the WebVPN at https://vpn.uci.edu
Versions older than macOS 10.9 are no longer supported by Apple, so our recommendation is that you upgrade to at least Mavericks. Your system could be vulnerable to attacks that are fixed in newer releases, and your system could be compromised and used to attack other systems (and possibly used to attack UCI when you are using the VPN).
In addition, there are bug fixes and security updates to the VPN client that necessitate it being updated to fix problems other users are having and to prevent security issues with older clients.
3 Ways to Access the VPN
- Download the Software VPN (Login Required)
- After you download the VPN client, here's how to install, configure & use the VPN Software
VPN Software Versions
|Windows Vista - 10||4.3.04027||January 2017|
|macOS 10.9 - 10.12||4.3.04027||January 2017|
|Linux AnyConnect||4.3.04027||January 2017|
Peer-to-peer file sharing services and other high-bandwidth applications should not be used while using the VPN service. You may be automatically blocked from using the VPN if your bandwidth exceeds the maximum bandwidth limit.
iOS, Android, Chromebook
What are some common error messages when using the Cisco VPN client?
The most common errors that our users see are:
- "Login failed"
- "AnyConnect was not able to establish a connection to the specified secure gateway"
- "The VPN client agent was unable to create the interprocess communication depot"
- "Login Denied. Your host does not meet the requirements to connect. Visit wiki page..."
- "The VPN connection failed due to unsuccessful domain name resolution"
- "MTU size too small"
- "On my Mac, some of the options are grayed out during installation or I'm getting the error 'a newer version is already installed'"
Why use the VPN?
Network Traffic Encryption
When you connect to another site using a VPN, your traffic is encrypted so that if anyone intercepts the traffic, they cannot see what you are doing unless they can break the encryption. Your traffic is encrypted from your computer through the network to the VPN concentrator hardware at UCI. At that point the traffic is un-encrypted and sent out over the campus network. If you are using software like ssh, your traffic on the campus network is still encrypted because ssh encrypts its traffic.
Access UCI Resources
When you are using a VPN connection, it will appear to systems on campus that you are also on campus – you will have a UCI IP address instead of the one you have at home. This allows you to connect to resources that you would not be able to from home, and bypass any port blocking at the campus border router.
Windows File Shares
The VPN offers a way for authorized users to mount Microsoft Windows file shares from off campus. A VPN is required to use “shares” from outside of UCInet because of special port blockades.
Who needs the VPN?
You need VPN if:
- You mount a Windows disk share from your work computer on your home computer.
- You need to access restricted services.
- You use network protocols like NetBIOS to a host or service on campus.
- You are using a public network, (for example, in a hotel, coffee shop, or airport), especially if it is a wireless network.
You don’t need VPN if:
- You check your UCI email via IMAP with SSL/STARTTLS encryption.
Downsides to using VPN if it is not needed.
- Slows down your connection
- Uses resources others could be using
- Adds a step to connect to UCI
Where can I use the VPN?
VPN service can be connected from any off-campus Internet location or UCInet Mobile Access (wireless) network. It will not work from any host on campus.
What are the VPN tunnels?
UCI has two types of VPN tunnels, a “split” tunnel and a “full” tunnel.
The “split” tunnel only sends traffic destined for UCI over the VPN connection. All other traffic goes through your normal cable modem/dsl connection. Use the “split” tunnel for connections to and from UCI only. If you are using online Library resources, use the “full” tunnel.
It allows you to talk directly to the Internet, but when your machine “talks” to UCI network addresses the traffic is put through the established VPN tunnel to the UCI VPN node, where it is decrypted and given a UCInet network address.
This is useful for people who need access to things at UCI which require a UCInet IP address (such as connecting to a system that restricts access to UCI hosts only), or to use services which are blocked for security reasons at the campus firewall (such as NetBIOS ports, used in mounting shared drives and other ports used by Microsoft Windows). Only traffic to/from UCI is sent through the VPN connection, so if you were to access Yahoo, it would go through your regular network connection (cable modem, dsl, etc).
The “full” tunnel sends all your internet traffic through the VPN connection, and then out to the internet through UCI’s connection.
The “full” tunnel is useful for people who need to access sites off-campus that need a UCI IP address to allow access to a resource. The UCI Library has links to resources such as these. If you wanted to access the Oxford English Dictionary (OED), you can’t get to it with a split tunnel because it’s off campus and your off-campus packets aren’t network address translated to UCI addresses. By using the “full” tunnel, this problem is circumvented. However, note that *all* your traffic is sent through the VPN connection and then out UCI’s internet connection.
You should use the “full” tunnel VPN connection with care since heavy use can cause an increase in UCI’s internet connection costs, and is likely slower than the split tunnel method.
What are the VPN timeouts and limitations?
Once you bring up your VPN client and initiate a connection, you will remain connected as long as you’re actively using it. If the connection is idle for one hour, it will “timeout”. If you are not going to use your computer, it is best to take down the connection yourself, to free-up a tunnel for someone else to use. In either case, when you later come back to your computer you will need to re-initiate a connection if you still need to use the VPN.
There is a limit of 2 VPN tunnels which may be simultaneously established under one UCInetID.
The campus VPN provides off-campus users access to university resources not normally available to remote users and is thus a critical resource. The VPN appliance handles connections for all users through the same 100 Mb interface. Users of bandwidth-intensive applications that are not related to the University’s academic mission can detrimentally impact other users on the VPN.
For this reason, peer to peer (p2p) file sharing programs (as well as internet gaming and other recreational, high-bandwidth applications) are not allowed on the VPN.
What are the VPN IP Addresses?
For those of you who would like to allow or restrict access from VPN users, here are the possible address ranges that VPN users will be using.
126.96.36.199 - 188.8.131.52