This FAQ addresses some questions we often get about VPN.
What is Virtual Private Networking?
A Virtual Private Network (VPN) allows for connections to a smaller, private network to be made over a larger network (ie, the internet). By doing this, a home user on their internet service provider's (ISP) network can be treated as if they were physically connected to their work (or school) network. When connected to the VPN, your machine is assigned an IP address on the OSU network and you are able to access resources as if you were locally connected. Further, data is encrypted between you and OSU (or between you and the rest of the world if you are using the wireless network).
What doesn't Virtual Private Networking do?
Virtual private networking does not secure your machine against attacks from the internet. Data is only encrypted between you and the University network. This means that it cannot be monitored while in transit. Once it leaves the University network, it is no longer encrypted by the VPN, and may be eavesdropped on as much as any other traffic (unless encrypted by other methods).
Why would I want/need to use it?
If you are using the wireless network on campus, you might want to encrypt your data. Otherwise, anyone with a wireless laptop can monitor your data between your laptop and the wireless access point (WAP). If you are a home user, some resources are only available when you use an OSU IP address, such as research journals. Typically we have users set up the proxy server for this purpose, but this doesn't work for everyone. For these people, the VPN is the only other option. Finally, many ISPs have started blocking ports which certain applications (such as Outlook) need to work correctly. If your ISP is blocking ports, you will want to use VPN.
What operating systems can I get the VPN Client for?
Cisco has clients available for Windows 98SE/ME/2000/XP, Mac OSX, Linux, and Solaris. Older clients (such as Windows 95, Mac OS 9, and other operating systems) are not supported. While clients may be available for other operating systems, they may or may not be free. Also, Linux and Solaris support is limited to generalized support and troubleshooting.
Who can I call for help?
If you are having trouble connecting to the VPN and want live help, give IS Computer Consulting a call at (541) 737-3474. They are the first tier of VPN support and can help you with setting up of the client and basic troubleshooting. If your problem is unable to be resolved or is outside the scope of what they can help you with, they may refer you on to VPN Support.
What group name should I be using?
If you are using the wireless public network, you should be using VPN_public. For use from a non-OSU network, you should use ORST_VPN3K. To obtain authorization and configuration information complete the registration form.What IP addresses get assigned to VPN clients?
We are currently assigning addresses out of the following CIDR block (IP address range):10.197.0.0/16 (10.197.0.0 through 10.197.255.255)More specifically, the following general allocations have been created
| VPN Type | CIDR Block | IP Address Range |
|---|---|---|
| Lan-to-Lan: | 10.197.0.0/19 | 10.197.0.0 - 10.197.31.255 |
| Remote Client: | 10.197.32.0/19 | 10.197.32.0 - 10.197.63.255 |
Considerations for Windows XP Service Pack 2
The included firewall in Windows XP Service Pack 2 may interfere with the Cisco VPN client software. If your VPN connection is not functional with XP SP2, you may correct the problem by installaing the lastest VPN client software and verifying that you are using IPSec over UDP as your transport. If you are still unable to connect using Windows XP SP2 and the latest VPN client, add an exception in your firewall for UDP ports 62515 and 4500, and TCP port 10000.Have a need to auto start the VPN client?
The following Cisco URL has links to VPN Client Documentation describing how one would start the VPN client:There will be a link similar to "Managing the VPN Client" that will help one get the VPN client started. With Windows, there is a section on "Managing Windows NT Logon Properties". We will leave this feature as an exercise for the user or their DCA.
