VPN Frequently Asked Questions (FAQ)
This FAQ addresses some questions we often get about VPN?.
- What is Virtual Private Networking?
- What doesn't Virtual Private Networking do?
- Why would I want/need to use it?
- What operating systems can I get the VPN Client for?
- Who can I call for help?
- What VPN group name should I be using?
- What does split and full tunnel mean? What is the difference?
- Considerations for Windows XP SP2 users
- What IP addresses are assigned to VPN clients?
- Have a need to auto-start VPN client?
- Error: Reason 442
- Error: Reason 412
- Windows 8 Known Issue
A Virtual Private Network (VPN) allows for connections to a smaller, private network to be made over a larger network (ie, the internet). By doing this, a home user on their internet service provider's (ISP) network can be treated as if they were physically connected to their work (or school) network. When connected to the VPN, your machine is assigned an IP address on the OSU network and you are able to access resources as if you were locally connected. Further, data is encrypted between you and OSU (or between you and the rest of the world if you are using the wireless network).
Virtual private networking does not secure your machine against attacks from the internet. Data is only encrypted between you and the University network. This means that it cannot be monitored while in transit. Once it leaves the University network, it is no longer encrypted by the VPN, and may be eavesdropped on as much as any other traffic (unless encrypted by other methods).
If you are using the wireless network on campus, you might want to encrypt your data. Otherwise, anyone with a wireless laptop can monitor your data between your laptop and the wireless access point (WAP). If you are a home user, some resources are only available when you use an OSU IP address, such as research journals. Typically we have users set up the Library proxy server for this purpose, but this doesn't work for everyone. For these people, the VPN is the only other option. Finally, many ISPs have started blocking ports which certain applications (such as Outlook) need to work correctly. If your ISP is blocking ports, you will want to use VPN.
Cisco has clients available for Windows 98SE/ME/2000/XP, Mac OSX, Linux, and Solaris. Older clients (such as Windows 95, Mac OS 9, and other operating systems) are not supported. While clients may be available for other operating systems, they may or may not be free. Also, Linux and Solaris support is limited to generalized support and troubleshooting.
If you are having trouble connecting to the VPN and want live help, contact the OSU Computer Helpdesk at the "Supported by" block on the right. They are the first tier of VPN support and can help you with setting up the software and basic troubleshooting. If your problem is unable to be resolved or is outside the scope of what they can help you with, they may refer you on to VPN Support.
If you are using the wireless network, you should be using the On-Campus VPN profile. For use from a non-OSU network, you should use the Off-Campus profile. To obtain authorization and configuration information, please select your Operating System from the VPN topic on the left side.
OSU has two types of VPN connections available.
Split Tunnel - Routes and encrypts all OSU bound requests over the VPN.
Examples include: Blackboard?, Outlook web mail, OSU web pages, etc. All other internet traffic is NOT encrypted or sent over the VPN. Examples include: Amazon, Facebook, Google, Yahoo, etc.
- Note: WebVPN is Split Tunnel only.
Full Tunnel - Routes and encrypts ALL requests through the VPN to OSU. Examples include: OSU Blackboard, Outlook webmail, Yahoo, google, etc. Once that request leaves OSU for another destination, such as yahoo, it is NOT encrypted over the VPN tunnel.
We are currently assigning addresses out of the following CIDR block (IP address range):
10.197.0.0/16 (10.197.0.0 through 10.197.255.255)
More specifically, the following general allocations have been created
|
VPN Type |
CIDR Block |
IP Address Range |
|
Lan-to-Lan: |
10.197.0.0/19 |
10.197.0.0 - 10.197.31.255 |
|
Remote Client: |
10.197.32.0/19 |
10.197.32.0 - 10.197.63.255 |
Certain VPN groups are assigned different addresses out of the CIDR block. However, all VPN clients will fall inside these ranges.
Considerations for Windows XP Service Pack 2
The included firewall in Windows XP Service Pack 2 may interfere with Cisco VPN client software. If you VPN software is not functional with XP SP2, you may correct the problem by installing the latest VPN client software, which is found on the left VPN menu listed under your specific Operating System. Additionally, please verify that you are using IPSec over UDP as your transport. If you are still unable to connect using Windows XP SP2 and the latest VPN client, add an exception in your firewall for UDP ports 62515 and 4500, and TCP port 10000.
- Open the Control Panel
- Open Windows Firewall
- Click the Exceptions tab
- Click Add Port
- Enter 'VPN' for Name and '10000' for Port Number, then click OK
- Click Add Port
- Enter 'VPN' for Name and '62515' for Port Number
- Select UDP, then click OK
- Repeat steps 6 - 8 using port '4500'
Have a Need to Auto-Start the VPN?
The following Cisco URL has links to VPN Client Documentation describing how one would start the VPN client:
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_list.html
There will be a link similar to "Managing the VPN Client" that will help one get the VPN client started. With Windows, there is a section on "Managing Windows NT Logon Properties". We will leave this feature as an exercise for the user or their DCA?.
The following error "Reason 442: failed to enable virtual adapter" appears after Vista reports a duplicate IP address detected. Subsequent connections fail with same message, but Vista doesn't report a duplicate IP address detected
To work around error 442, do the following steps:
Step 1 
Open "Network and Sharing Center".
Step 2 Select "Manage Network Connections".
Step 3 Enable the Virtual Adapter ("VA"—Cisco VPN Adapter).
Step 4 Right-click on Cisco VPN Adapter and select "Diagnose" from the context menu.
Step 5 Select "Reset the network adapter Local Area Connection X".
If this procedure does not work, run the following command from cmd:
reg add HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v ArpRetryCount /t REG_DWORD /d 0 /f
Then reboot.
This resolves the issue until Vista reports a duplicate IP address again. Follow the preceding steps to resolve it again.
If that doesn't work, you might have UAC enabled. If so, you must run cmd as administrator and repeat the previous registry workaround. To run as an administrator, right click on cmd and select "Run as Administrator".
When running on Windows Vista or Windows XP operating systems, you might encounter the error "412: The remote peer is no longer responding."
To work around this error on either Windows Vista or Windows XP, upgrade the local NAT device firmware. The ability to upgrade the NAT device firmware would reside with the IS Support group wherever you may be. Most commonly, the network would need to have IPSec, PPTP, or L2TP enabled for VPN to work. OSU uses IPSec for VPN, so check to see if it is enabled which would help in the event of troubleshooting the problem. It doesn't hurt to ask about their VPN documentation, or to see if there is anyone there who can make the required changes to the system.
What this means is the location in which you have an internet connection does not allow that type of connection. This will be normal in some public places such as: airports, hotels, and public buildings. Generally coffee shops allow these connections and may be a good alternative to the locations listed above.
Windows 8 Known Issue
Occasionally the VPN client will have an issue with Windows 8. We are aware of the issue and a fix has been found. The download below contains a Registry Fix that will fix the issue and allow the VPN the function properly.
To run the Fix:
- Download the Registry Fix here: Windows 8 Patch
- Double click on the download to open the zip file
- Move the Windows8RegistryFix.reg file to your desktop
- Double Click on the Windows8Registry Fix File
- Click "Yes" when it allows you if you want to allow this file to make changes to your computer
- Click "Yes" allowing the fix to continue
- The fix will now run and report back when finished, click "Ok" and restart the VPN Client
