VPN

If you need to connect to UCInet from off campus, the Virtual Private Network (VPN) is the solution for you. The VPN allows you to securely connect to vital campus resources like the UCI Libraries and KFS (Kuali Financial System) by encrypting the information you are sending over the network, protecting your data. In addition, it enables authorized users to mount network file shares from off campus.

3 Ways to Access the VPN

WebVPN

Need to access a UCI only website? Use the WebVPN. If you need to use an application, try the VPN Software option.

  1. Login to the WebVPN
  2. How do I use the WebVPN?

Software VPN

Download, install and configure the Software VPN Client

VPN Software Version

The current version of the Cisco VPN client for macOS is 4.5.03040, and the current version for Windows & Linux is 4.3.05017.

NOTE for High Sierra users: During the installation, you will be prompted to enable the AnyConnect software extension in the System Preferences -> Security & Privacy pane. The requirement to manually enable the software extension is a new operating system requirement in macOS 10.13 (High Sierra).

Peer-to-peer file sharing services and other high-bandwidth applications should not be used while using the VPN service. You may be automatically blocked from using the VPN if your bandwidth exceeds the maximum bandwidth limit.

 

iOS, Android, Chromebook


VPN FAQ

Why are older versions of macOS not supported?

Versions older than macOS 10.10 are no longer supported by Apple, so our recommendation is that you upgrade to at least Mavericks. Your system could be vulnerable to attacks that are fixed in newer releases, and your system could be compromised and used to attack other systems (and possibly used to attack UCI when you are using the VPN).

In addition, there are bug fixes and security updates to the VPN client that necessitate it being updated to fix problems other users are having and to prevent security issues with older clients.

Therefore, the current AnyConnect VPN client will only run on macOS versions newer than 10.10 (Yosemite). Please update your operating system. Faculty and staff should partner their with their local CSC, and students should reach out to AntTech for assistance.

The OITHD cannot assist with OS upgrades, and we cannot implement any changes to the network to get your computer to connect to the VPN. We apologize for the inconvenience. You may continue to use the WebVPN at https://vpn.uci.edu

I'm having trouble using the WebVPN

If you’re having trouble logging in to the WebVPN (https://vpn.uci.edu):

  • Make sure the Group is Default-WebVPN
  • Make sure you enter your UCInetID in all lowercase (UPPERCASE will not work).
  • Try using a different web browser.
  • If you’ve forgotten your UCInetID password, you can reset it here.

If you’re still having trouble, wait about 30 minutes and try again, or try from a different location.

Once you're in the WebVPN, here are instructions on how to navigate the system (including how to visit other websites).

Note: PubMed have made changes to their site layout, and as a result it does not function properly in the WebVPN. There is no way to fix this issue, so please use the Software VPN instead.

I'm having trouble using the Software VPN

Login Trouble

If you’re having trouble logging into Cisco AnyConnect (aka the Software VPN), make sure you've carefully followed the steps provided for your operating system under the "Software VPN" tab on the main VPN page. In particular:

  • Enter the correct hostname vpn.uci.edu and then click Connect.
  • When prompted, make sure you've selected the correct Group (IMPORTANT: use UCIFull if you want to access UCI Library resources from off-campus).
  • Make sure you enter your UCInetID in all lowercase (UPPERCASE will not work).
  • If you’ve forgotten your UCInetID password, you can reset it here.

If you're still having trouble, it's possible that you may be blocked due to a DMCA complaint. Learn how to get unblocked here.

Error Messages

We have a list of common error messages in the next section.

I'm having trouble accessing certain online journals or resources while using the VPN.

There are two specific reasons why this may happen to you:

  1. You're using the WebVPN
  2. You're using the Software VPN but didn't connect using UCIFull.

The UCI WebVPN is a fast, convenient way to access some of the library's online resources from off-campus simply by using a web browser; however, due to technical limitations of SSL (or browser-based) VPNs that are beyond the scope of this article, you will NOT have unfettered access to everything as you would if you were using one of the library computers or using your own computer on our campus network.

Access to all of the library's online resources is restricted to the UCI IP network address space, so the only way to truly simulate as if you were working on campus is to use the "UCIFull" Group in the Software VPN.

When you choose UCIFull, *all* of your off-campus traffic passes through the VPN, so from the point of view of the library's online resources, it's as if you're on campus. This is important because many of the online resources (such as JSTOR) are behind 'paywalls,' and anyone trying to access those resources from off campus will need to pay to access them. The UCI IP network is 'whitelisted' so you don't have to pay.

If you try to use the Group "UCI", then only *some* of your traffic (specifically any website that ends in uci.edu) comes through the VPN. The library's online resources will 'see' your request for JSTOR, which is not a UCI website, coming from your home network (which is not allowed) versus the UCI network (which is allowed).

Why then are there two 'UCI' Groups to choose from in the Software VPN?

The "UCI" Group is a 'split tunnel' versus the "UCIFull" Group which is a full tunnel.

The "UCI" Group is useful for staff & faculty who need access to some online resources while off campus (e.g. their work computer in their office) but don't need to tunnel all of their traffic through the VPN. There may be some personal or non-university business that you'd prefer not to be routed through the VPN. If you're using your computer to do some work but are also streaming a movie from Netflix, for example, you don't want the Netflix movie to stream through the VPN tunnel.

For one, the encrypted tunnel isn't as fast so your streaming will certainly lag, and now you're consuming too much network bandwidth by streaming a film through our encrypted network, which could actually lead to you being blocked. The VPN is to be used for university business only.

If you have tried everything above, and you are still unable to access a specific resource (and other resources work fine), then you may want to contact the UCI Library to verify that the resource is a part of their catalog.

Are there other VPNs besides vpn.uci.edu?

Yes. There are numerous departmental VPNs that are managed by the OIT Security Team and are restricted to those department's employees. Unlike vpn.uci.edu, access to those VPNs is restricted to certain staff members whose computers must meet very high security requirements.

In addition, some departmental VPNs may require you to use Duo two-factor authentication. Learn more about Duo here.

If you're having trouble accessing your department's VPN, consult this FAQ article. If you're still having trouble, please partner with your school's CSC or if you work for OIT, you may open a ticket with us.

I need to access FACNet but am having trouble logging in to the VPN.

OIT provides desktop support for the Facilities Management department, which oversees the massive network of HVAC and other mission-critical environmental systems across campus. Access to the Facilities Network (or "FACNet") is restricted with its own VPN, Duo 2-factor authentication and separate login credentials.

If you are a Facilities employee or third-party contractor/outside vendor having trouble accessing FACNet, please open a ticket with our Desktop Support team.

What are the VPN timeouts and limitations?

Timeouts
Once you bring up your VPN client and initiate a connection, you will remain connected as long as you’re actively using it. If the connection is idle for one hour, it will “timeout”. If you are not going to use your computer, it is best to take down the connection yourself, to free-up a tunnel for someone else to use. In either case, when you later come back to your computer you will need to re-initiate a connection if you still need to use the VPN.

Limitations
There is a limit of 2 VPN tunnels which may be simultaneously established under one UCInetID.

The campus VPN provides off-campus users access to university resources not normally available to remote users and is thus a critical resource. The VPN appliance handles connections for all users through the same 100 Mb interface. Users of bandwidth-intensive applications that are not related to the University’s academic mission can detrimentally impact other users on the VPN.

For this reason, peer to peer (p2p) file sharing programs (as well as internet gaming and other recreational, high-bandwidth applications) are not allowed on the VPN.

What are the VPN IP Addresses?

For those of you who would like to allow or restrict access from VPN users, here are the possible address ranges that VPN users will be using.

  • 128.195.64.100 - 128.195.79.254
    • CIDR Format: 128.195.64.0/20
  • 128.200.3.192 thru 128.200.3.223
    • CIDR Format: 128.200.3.0/28

Do I need to use the VPN while I'm living in one of the on-campus housing communities?

If you live in one of the ACC communities, then you are technically not on UCI's network and will need to use the VPN. If you live in any other housing community, then you do not need to use the VPN.

I've tried the steps above and I'm still having issues

We recommend you continue your search in our comprehensive ServiceNow Knowledge Base.

If you're still having trouble, feel free to open a ticket. When doing so, please provide the following:

  • Your full name
  • Your UCInetID (the first part of your email address, not your ID number)
  • A detailed description of the issue

Failure to provide this information will delay our response.

 

Return to the OIT Help Center.