Difference between revisions of "VPN Remote Access"

From William Paterson University - Information Technology's Wiki
Jump to navigation Jump to search
(One time setup)
m (Installing)
 
(121 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
== Introduction ==
 
== Introduction ==
  
William Paterson University provides a VPN option for remote access into its computing and network environment. VPN access is available for faculty and staff only.
+
William Paterson University provides a VPN option for remote access into its computing and network environment. VPN access is available for '''faculty and staff only and must first be authorized by a Help Desk request'''. <!-- add image/text about Fail/Deny -->
  
VPN stands for Virtual Private Network. A VPN allows you to use the ISP (Internet Service Provider) of your choice and connect to WPUNJ using services normally restricted to campus usage. It does this by providing a "Virtual" network connection to WPUNJ. That is, even though you are connected to your ISP, it appears that you are actually connecting from WPUNJ. Providing that you have a fast enough connection to the University's network through an Internet service provider you can access any data and applications the same way you do from your office at the University.
+
VPN stands for Virtual Private Network. A VPN allows you to use the ISP (Internet Service Provider) of your choice and connect to WPUNJ using services normally restricted to campus usage, such as the K:\ and U:\ drives. It does this by providing a "Virtual" network connection to WPUNJ. That is, even though you are connected to your ISP, it appears that you are actually connecting from WPUNJ. Providing that you have a fast enough connection to the University's network through an Internet service provider you can access any data and applications the same way you do from your office at the University.
  
 
===When should you use a VPN Connection?===
 
===When should you use a VPN Connection?===
Line 10: Line 10:
 
<ul>
 
<ul>
 
<li>Logging into the administrative systems
 
<li>Logging into the administrative systems
<li>Connecting remotely to some of the University's Library resources
+
<li>Connecting remotely to some of the University's Library resources (WebVPN)
<li>Retrieving E-Mail Using WPUNJ Discussion Groups</ul>
+
<li>Accessing University File Services
 +
</ul>
 +
When connecting to unrestricted services, such as browsing the Web, you should use only your ISP connection and not the VPN connection. VPN is only required for access to protected services at WPUNJ.
 +
 
 +
==VPN Multifactor Authentication==
 +
 
 +
Multifactor Authentication is required for William Paterson University VPN Access.  If you have not signed up for Two-Factor Authentication, [http://www.wpunj.edu/help please request access using the ticket type Account -> VPN Access].
 +
 
 +
For information on using Multi Factor Authentication, including use of the Duo App, please see our [[Multifactor_Authentication|Multifactor Authentication article.]]
 +
 
 +
The [[#Second Password Field|secondary password field]] information can be found below, or on the [[Multifactor_Authentication#Additional_VPN_Authentication_for_Cisco_Any_Connect_Client|Multifactor Authentication article, and include push, sms and phone]].
 +
 
 +
{{#ev:youtube|pgrzRIQ9874|400}}
 +
 
 +
 
 +
===Using VPN with Multifactor Authentication===
 +
 
 +
#After you have set up your account, you will continue to use the [[VPN_Remote_Access#Client_VPN_Application|Cisco AnyConnect client]] as you have in the past.      <!-- <p>[[File:2FA.gif]]</p> -->
 +
#When you provide your login credentials you will now be provided with a [[#Second Password Field|secondary authentication]] box.  You can then either use an [[Multifactor_Authentication#Duo App for Mobile Devices|app]] on your android (or iphone) to generate a key OR type "push" in the [[#Second Password Field|secondary authentication]] box.  Using "push" will send a notification to the app on your phone.  (Using "sms" will initiate a text with an authentication key that will expire after one hour, or "phone" if you have signed up for a phone call.)
 +
 
 +
===Second Password Field=== 
 +
[[File:Anyconnect3.PNG|thumb|left|alt=The second password field appears in the Cisco Anyconnect tool.|The second password field appears in the Cisco Anyconnect tool.]]
  
When connecting to unrestricted services, such as browsing the Web, you should use only your ISP connection and not the VPN connection. VPN is only required for access to protected services at WPUNJ.  
+
The following is utilized when using the Cisco Any Connect Client for VPN.  The second password field is where you define the method of multifactor authentication you will be utilizing.
 +
 +
{|
 +
! style="text-align:left;"|Authentication Method
 +
!  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 +
! style="text-align:left;"|Second Password
 +
|-
 +
|Duo App Push Verification
 +
 +
|'''push'''
 +
|(See image 1. below)
 +
|-
 +
|Duo App to Generate Authentication Code
 +
|     
 +
|'''Enter Code displayed in App'''
 +
|(See image 2. below)
 +
|-
 +
|Text Message
 +
 +
|'''sms''' &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 +
|(You will receive a text message with a key that will expire after one hour)
 +
|-
 +
|Phone Call
 +
 +
|'''phone''' &nbsp; &nbsp; &nbsp; &nbsp;
 +
|(If you have registered multiple phone numbers, enter phone1, phone2, as needed)
 +
|}
  
 +
<br><br>
 +
{|  style="text-align: center;"
 +
| 1. Authorizing access through the Duo App 
 +
<p>[[File:duo_iphone2.PNG|200px]]</p>
 +
| &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 +
| 2. Generating a Key in the Duo App 
 +
<p>[[File:duo_iphone1.PNG|200px]]</p>
 +
|}
  
 
== VPN Services ==
 
== VPN Services ==
  
 
The VPN server authenticates using WPU usernames and passwords ONLY. Faculty and staff users must have a valid WPUNJ account to use the VPN services.  VPN Services are available as a web or client application.   
 
The VPN server authenticates using WPU usernames and passwords ONLY. Faculty and staff users must have a valid WPUNJ account to use the VPN services.  VPN Services are available as a web or client application.   
 +
 +
=== Microsoft VPN (MS VPN) for University Imaged Machines ===
 +
====University Windows 10 Laptops====
 +
This video demonstrates how to login to the MS VPN once the connection appears on your laptop. Once connected, you will be able to access to your network drives as though you were on campus.
 +
 +
The K: drive will be available upon connection, though you may need to ‘map’ your U: drive manually ([[Map a Network Drive|instructions on how to do so here]].)
 +
 +
{{#ev:youtube|AGHnq1jayhc|400}}
 +
 +
====University Mac Laptops====
 +
 +
MS VPN is now located in your menu bar. The install the MS VPN can be found in the Managed Software Center
 +
''**this may require that you first use the Cisco AnyConnect VPN client to install the MS VPN from off campus and run a Managed Software Center check for updates''
 +
 +
[[File:MSVPN_Mac_1.png|300px]]
 +
 +
After selecting Connect you will be prompted for your WPUNJ password, once entered you will be sent an authentication to your primary [[Multifactor Authentication]] device.
 +
 +
[[File:MSVPN_Mac_3.png|400px]]
 +
 +
Once you are finished using VPN please Disconnect from the same menu you utilized to connect.
 +
 +
[[File:MSVPN_Mac_2.png|250px]]
  
 
=== Web VPN  ===
 
=== Web VPN  ===
 
+
{{#ev:youtube|zX50sdroyMk|400|right}}
 
The steps to sign-on to [http://www.wpunj.edu/webvpn WebVPN] and use are as follows:
 
The steps to sign-on to [http://www.wpunj.edu/webvpn WebVPN] and use are as follows:
  
Line 32: Line 110:
 
</div>
 
</div>
  
<LI> Click Login.
+
<LI> Click Login. Authenticate using your chosen two-factor authentication method.
 +
<div class="toccolours mw-collapsible mw-collapsed" style="width:500px">
 +
[[Image:Anyconnect9.PNG|center|500px]]
 +
</div>
 +
 
 
<LI> Once your university credentials are verified, you will be taken to the new user interface for the VPN.  The Home Tab will be the default view for your VPN session.  From this home Tab, you will be able to [[#Accessing files on your network shares (K and U drives) |view your U-Drive, K-Drive,]] as well as have direct links to both the [http://www.wpunj.edu university's home page] and the [http://www.wpunj.edu/library Library's home page].  Don't be alarmed if you don't see the words "U-drive" or "K-drive".  They are simple named differently.  Also, if you edit a file you will have to save it on your local drive and upload the way you would upload an e-mail attachment, drag and drop or direct saving to the network drive is not available.
 
<LI> Once your university credentials are verified, you will be taken to the new user interface for the VPN.  The Home Tab will be the default view for your VPN session.  From this home Tab, you will be able to [[#Accessing files on your network shares (K and U drives) |view your U-Drive, K-Drive,]] as well as have direct links to both the [http://www.wpunj.edu university's home page] and the [http://www.wpunj.edu/library Library's home page].  Don't be alarmed if you don't see the words "U-drive" or "K-drive".  They are simple named differently.  Also, if you edit a file you will have to save it on your local drive and upload the way you would upload an e-mail attachment, drag and drop or direct saving to the network drive is not available.
 
<UL><UL><UL>
 
<UL><UL><UL>
Line 52: Line 134:
 
==== Microsoft Windows ====
 
==== Microsoft Windows ====
  
 +
===== Microsoft Windows Cisco AnyConnect VPN Client Installation =====
 
Full time employees will be able to download the Windows VPN client from the [http://wpconnect.wpunj.edu/cp/home/loginf WPCONNECT] portal. From the "Employee" tab, and under the "Information Technology" window frame you will see a link named "Web VPN". Click on it.
 
Full time employees will be able to download the Windows VPN client from the [http://wpconnect.wpunj.edu/cp/home/loginf WPCONNECT] portal. From the "Employee" tab, and under the "Information Technology" window frame you will see a link named "Web VPN". Click on it.
  
Line 85: Line 168:
  
 
<li>To disconnect the VPN client simply right click on the VPN icon on the right side of your task bar (it looks like a lock) and click on the 'Disconnect" button.
 
<li>To disconnect the VPN client simply right click on the VPN icon on the right side of your task bar (it looks like a lock) and click on the 'Disconnect" button.
 
+
<!--
 
<div class="toccolours mw-collapsible mw-collapsed" style="width:75px">
 
<div class="toccolours mw-collapsible mw-collapsed" style="width:75px">
 
[[Image:Uavpn-lock-75w.jpg|center|75px]]
 
[[Image:Uavpn-lock-75w.jpg|center|75px]]
 
</div>
 
</div>
 +
-->
  
 +
<div class="toccolours mw-collapsible mw-collapsed" style="width:400px">
 +
[[Image:Anyconnect8.PNG|center|400px]]
 +
</div>
  
 
<li>To reconnect click on the start windows button at the left bottom of your task bar and select "All Programs". There you will find a "Cisco" folder with the Anyconnect VPN program icon. Click on the icon to launch the AnyConnect VPN client.
 
<li>To reconnect click on the start windows button at the left bottom of your task bar and select "All Programs". There you will find a "Cisco" folder with the Anyconnect VPN program icon. Click on the icon to launch the AnyConnect VPN client.
  
 +
===== Using the Windows Cisco AnyConnect VPN Client =====
 
<li>Once launched you will be asked to enter your WPU user account and password. Please do so. If the "Connect to:" field is empty please enter vpn.wpunj.edu. That is the address of the VPN server. Now click on the "Connect' button to run the AnyConnect VPN client.
 
<li>Once launched you will be asked to enter your WPU user account and password. Please do so. If the "Connect to:" field is empty please enter vpn.wpunj.edu. That is the address of the VPN server. Now click on the "Connect' button to run the AnyConnect VPN client.
 
   
 
   
<div class="toccolours mw-collapsible mw-collapsed" style="width:150x">
+
[[Image:Anyconnect3.PNG|center|650px]]
[[Image:Anyconnect3.PNG|center|330px]]
 
</div>
 
 
 
  
 
''Note'': The Cisco VPN Client will be minimized to the task bar, the icon looks like a lock. To disconnect, right click on the icon for the VPN client and select disconnect.
 
''Note'': The Cisco VPN Client will be minimized to the task bar, the icon looks like a lock. To disconnect, right click on the icon for the VPN client and select disconnect.
  
For technical support contact [https://help.wpunj.edu/helpdesk/ Help Desk Request]
+
[[Multifactor_Authentication#Second_Password_Field|For Second Password directions please see the Two Factor section of this article.]] For technical support contact [https://help.wpunj.edu/helpdesk/ Help Desk Request]
  
 
</ul>
 
</ul>
Line 110: Line 195:
 
'''If you are using a university supplied MacBook or MacBook Pro you should skip to step 6.'''
 
'''If you are using a university supplied MacBook or MacBook Pro you should skip to step 6.'''
  
1) Log into WPConnect. Go to the Employee Tab and select "Download Universal VPN Software. You will be prompted to log in. DO so.
+
===== Installing =====
 +
1) Log into WPConnect. Go to the Employee Tab and then select the "Information technology" link. Click on the "WebVPN" link.
  
 
2) Once logged in click on the "any connect" button on the left of the page
 
2) Once logged in click on the "any connect" button on the left of the page
  
[[File:WebVPN1.png]]
+
[[File:WebVPN1.png|650px]]
  
 
3) Click on "start AnyConnect"
 
3) Click on "start AnyConnect"
  
[[File:WebVPN2.png]]
+
[[File:WebVPN2.png|650px]]
  
4) Wait for the installation to fail. When it does click on the "Mac OS X 10.4 +(intel)" link
+
4) Wait for the installation to fail. When it does click on the "Mac OS X 10.8 +(intel)" link
  
[[File:WebVPN4.png]]
+
[[File:WebVPN4.png|650px]]
  
 
5) it will download a file to your designated download location. This is usually your downloads folder but you may have changed it to somewhere else. Locate the file "vpnsetup.dmg" and double click on it. It will mount a disk image on your desktop.
 
5) it will download a file to your designated download location. This is usually your downloads folder but you may have changed it to somewhere else. Locate the file "vpnsetup.dmg" and double click on it. It will mount a disk image on your desktop.
  
[[File:Client_VPN1.png]]
+
[[File:Client_VPN1.png|300px]]
  
 
6) Before you can run the installer package, you should temporarily disable [http://en.wikipedia.org/wiki/Gatekeeper_(OS_X) Gatekeeper] (This only applies to non university laptops). [http://kb.wordpress.depauw.edu/?page_id=3195 Refer to these instructions]. Once complete, run the installer in the disk image. It will create a folder in your Applications folder named "Cisco".
 
6) Before you can run the installer package, you should temporarily disable [http://en.wikipedia.org/wiki/Gatekeeper_(OS_X) Gatekeeper] (This only applies to non university laptops). [http://kb.wordpress.depauw.edu/?page_id=3195 Refer to these instructions]. Once complete, run the installer in the disk image. It will create a folder in your Applications folder named "Cisco".
  
[[File:Client_VPN2.png]]
+
[[File:Client_VPN2.png|300px]]
  
 
7) In that folder you will see an application named "Cisco Any Connect VPN Client". Double click on it.
 
7) In that folder you will see an application named "Cisco Any Connect VPN Client". Double click on it.
Line 142: Line 228:
 
9) If the software can reach the university authentication server you will be asked for your university login credentials. Enter them and click the "connect" button.
 
9) If the software can reach the university authentication server you will be asked for your university login credentials. Enter them and click the "connect" button.
  
[[File:Client_VPN5.png]]
+
[[File:Client_VPN5.png |300px]]
  
  
Line 150: Line 236:
 
William Paterson University is not responsible for any software/hardware failures due to the installation of the VPN software provided by Cisco.
 
William Paterson University is not responsible for any software/hardware failures due to the installation of the VPN software provided by Cisco.
  
==== iOS Devices (iPad, iPhone) ====
+
==== Mobile Devices (iPad, iPhone, Android) ====
  
iPad and iPhone have the ability to connect to the on campus network via VPN. Some helpful tips:
+
Mobile devices have the ability to connect to the on campus network via VPN. Some helpful tips:
 
* VPN connections are only possible from off campus
 
* VPN connections are only possible from off campus
* Your iOS device must be connected to the Internet via wi-fi or cellular data.
+
* Your device must be connected to the Internet via wi-fi or cellular data.
* The below screen captures were created on an iPhone. The interface looks similar on an iPad.
+
* The below screen captures were created on an iPhone. The client can also be used on Android devices.
  
# Search for "cisco anyconnect" on the App Store and download the app.<br clear=all>[[image:Ios-cisco-anyconnect-1.PNG|left|250px]]<br clear=all>
+
# Search for "cisco anyconnect" on the Apple App Store or Google PlayStore and download the app.<br clear=all>
 +
{|
 +
|[[image:Ios-cisco-anyconnect-1.PNG|left|250px]]
 +
|[[image:Android-cisco-anyconnect-1.PNG|left|250px]]
 +
|}
 +
<br clear=all>
 
# When first launching the application, Cisco Anyconnect will display this prompt. Tap OK.<br clear=all>[[image:Ios-cisco-anyconnect-2.PNG|left|250px]]<br clear=all>
 
# When first launching the application, Cisco Anyconnect will display this prompt. Tap OK.<br clear=all>[[image:Ios-cisco-anyconnect-2.PNG|left|250px]]<br clear=all>
# Tap "Add VPN Connection..."<br clear=all>[[image:Ios-cisco-anyconnect-3.PNG|left|250px]]<br clear=all>
+
# Select "Connections"<br clear=all>[[image:Ios-cisco-anyconnect-3.PNG|left|250px]]<br clear=all>
 
# Enter <code>WPUNJ</code> as the description and <code>vpn.wpunj.edu</code> as the server address. Tap Save.<br clear=all>[[image:Ios-cisco-anyconnect-4.PNG|left|250px]]<br clear=all>
 
# Enter <code>WPUNJ</code> as the description and <code>vpn.wpunj.edu</code> as the server address. Tap Save.<br clear=all>[[image:Ios-cisco-anyconnect-4.PNG|left|250px]]<br clear=all>
 
# Tap the on/off switch to On to connect.<br clear=all>[[image:Ios-cisco-anyconnect-5.PNG|left|250px]]<br clear=all>
 
# Tap the on/off switch to On to connect.<br clear=all>[[image:Ios-cisco-anyconnect-5.PNG|left|250px]]<br clear=all>
 
# You will be prompted to enter your WPUNJ username and password.<br clear=all>[[image:Ios-cisco-anyconnect-6.PNG|left|250px]]<br clear=all>
 
# You will be prompted to enter your WPUNJ username and password.<br clear=all>[[image:Ios-cisco-anyconnect-6.PNG|left|250px]]<br clear=all>
# To confirm that you are connected, the VPN icon will be visible on the top right corner of the screen, next to the battery indicator.<br clear=all>[[image:Ios-cisco-anyconnect-7.PNG|left|250px]]<br clear=all>
+
# To confirm that you are connected, the VPN icon will be visible on the top of the screen.<br clear=all>[[image:Ios-cisco-anyconnect-7.PNG|left|250px]]<br clear=all>
 
# The Cisco Anyconnect VPN app will run in the background on your iOS device until the VPN connection is terminated. To terminate the connection, return to the app and toggle the on/off switch to Off.
 
# The Cisco Anyconnect VPN app will run in the background on your iOS device until the VPN connection is terminated. To terminate the connection, return to the app and toggle the on/off switch to Off.
  
 
== Accessing files on your network shares (K and U drives) ==
 
== Accessing files on your network shares (K and U drives) ==
It is important to understand that accessing our network storage through the webvpn is a bit different than using your office PC or laptop.  There is no "drag and drop."  To access and/or edit a file, it must first be downloaded locally.  If your file is edited or changed, you must UPLOAD it back to the folder it resided in.  If you fail to do so, all changes you made will only exist on the computer you made the changes on.
+
It is important to understand that accessing our network storage through the [https://vpn.wpunj.edu webvpn] is a bit different than using your office PC or laptop.  There is no "drag and drop."  To access and/or edit a file, it must first be downloaded locally.  If your file is edited or changed, you must UPLOAD it back to the folder it resided in.  If you fail to do so, all changes you made will only exist on the computer you made the changes on.
  
From the home tab, you must select the set of folders you wish to access.  As mentioned above, folders do not show up as "K" or "U."  Instead you see "My Folder," "Groups Folder" and "WPU Folders."  See the circled area by clicking "Expand" below:
+
From the home tab, you must select the set of folders you wish to access.  As mentioned above, folders do not show up as "K" or "U."  Instead you see "My Folder," "Groups Folder" and "WPU Folders."  See the circled area below:
<li><div class="toccolours mw-collapsible mw-collapsed" style="width:600px">
+
<li>[[Image:Folderlist.png|600px]]
[[Image:Folderlist.png|center|600px]]
 
</div>
 
 
<li> '''My Folder''' - This is your "U Drive" which is commonly mapped on your University computer to "Documents" in Windows 7 or "My Documents" in Windows XP.
 
<li> '''My Folder''' - This is your "U Drive" which is commonly mapped on your University computer to "Documents" in Windows 7 or "My Documents" in Windows XP.
 
<li> '''Groups''' - This is a direct link to K:\Groups.  All of your departmental folders should be in here.
 
<li> '''Groups''' - This is a direct link to K:\Groups.  All of your departmental folders should be in here.
Line 178: Line 267:
 
=== Navigating Shared and User Folders ===
 
=== Navigating Shared and User Folders ===
 
Once you have chosen which set of folders you want to use, click on the link to display the list.  In the example below, I have clicked on "Groups."
 
Once you have chosen which set of folders you want to use, click on the link to display the list.  In the example below, I have clicked on "Groups."
<li><div class="toccolours mw-collapsible mw-collapsed" style="width:600px">
+
<li>[[Image:Groupsfolder.png|600px]]
[[Image:Groupsfolder.png|center|600px]]
+
<li>By default, the list is sorted in alphabetical order.  Just like on the K drive, you can change the sorting to sort by Name, Size, Type or Date Modified by clicking on that heading.  You should still have the menu on the left (Home, Web Applications, Browse Networks and AnyConnect) as well as a sequence of icons above the folder list:
</div>
+
[[Image:Webvpn-files-icons.png|600px]]
By default, the list is sorted in alphabetical order.  Just like on the K drive, you can change the sorting to sort by Name, Size, Type or Date Modified by clicking on that heading.  You should still have the menu on the left (Home, Web Applications, Browse Networks and AnyConnect) as well as a sequence of icons above the folder list:
 
[[Image:Webvpn-files-icons.png|center|600px]]
 
 
Hovering over the icons should tell you what each one does.  For navigating, the important ones are:
 
Hovering over the icons should tell you what each one does.  For navigating, the important ones are:
 
<li>'''Level Up''' - [[Image:Webvpn-levelup.png]] This is like the back button on your web browser.  This will go "up" one level in your list of folders.
 
<li>'''Level Up''' - [[Image:Webvpn-levelup.png]] This is like the back button on your web browser.  This will go "up" one level in your list of folders.
Line 208: Line 295:
 
''The VPN software available on this page is for use in the United States and Canada ONLY. It is NOT to be placed on a computer system that will be subject to International Travel. Exporting this software is a Federal Crime.''
 
''The VPN software available on this page is for use in the United States and Canada ONLY. It is NOT to be placed on a computer system that will be subject to International Travel. Exporting this software is a Federal Crime.''
  
 
==VPN Two Factor Authentication==
 
 
Two Factor Authentication is being piloted at William Paterson University for VPN. 
 
 
===One time setup===
 
 
#To use two factor authentication you must first configure your account access.  Visit [https://vpn.wpunj.edu/twofactor vpn.wpunj.edu/twofactor], from an off campus connection, to set up your secondary method of authentication. 
 
#Select and configure your preferred method for secondary authentication.  Options include the use of a mobile app, receiving a text message or a phone call with an authorization key. (This link is also available within WPConnect on the Employee Page Tab Under Information Technology/Resources or enter "two" in the WPConnect search box.)
 
 
<gallery>
 
File:1-Login.png|Login Page
 
File:2-Info.png|Two Factor Info
 
File:3-Device.png|Select Device Type
 
File:4-Phone.png|Input Phone Number
 
File:5-Phone.png|Select Phone Type
 
File:6-Android.png|Phone App Information
 
File:6-iphone.png|Phone App Information
 
File:6-Blackberry.png|Phone App Information
 
File:6-WindowsPhone.png|Phone App Information
 
File:8-ActivateIphone.png|Scan QR Code during registration
 
File:9-iphone.png|Duo App has been associated with your account
 
File:9-MySettings.png|Settings and Device Management Page
 
File:10-ChooseAuth.png|Authentication options if using WebVPN
 
</gallery>
 
 
===Using VPN with Two Factor Authentication===
 
 
#After you have set up your account, you will continue to use the Cisco AnyConnect client as you have in the past.  When you open AnyConnect replace '''vpn.wpunj.edu''' with '''vpn.wpunj.edu/twofactor'''.      <p>[[File:2FA.gif]]</p>
 
#When you provide your login credentials you will now be provided with a secondary authentication box.  You can then either use your app on your android (or iphone) to generate a key OR type "push" in the secondary authentication box.  Using "push" will send a notification to the app on your phone.  (Using "sms" will initiate a text with three authentication keys that will expire after one hour, or "phone" if you have signed up for a phone call.)
 
 
[[File:duo_iphone1.PNG|200px]]
 
Generating a Key in the Duo App 
 
[[File:duo_iphone2.PNG|200px]]
 
Authorizing access through the Duo App
 
  
  
Line 249: Line 301:
 
[[Category:Windows]]
 
[[Category:Windows]]
 
[[Category:Mobile]]
 
[[Category:Mobile]]
 +
[[Category:Help Desk]]

Latest revision as of 19:02, 17 June 2020

Introduction

William Paterson University provides a VPN option for remote access into its computing and network environment. VPN access is available for faculty and staff only and must first be authorized by a Help Desk request.

VPN stands for Virtual Private Network. A VPN allows you to use the ISP (Internet Service Provider) of your choice and connect to WPUNJ using services normally restricted to campus usage, such as the K:\ and U:\ drives. It does this by providing a "Virtual" network connection to WPUNJ. That is, even though you are connected to your ISP, it appears that you are actually connecting from WPUNJ. Providing that you have a fast enough connection to the University's network through an Internet service provider you can access any data and applications the same way you do from your office at the University.

When should you use a VPN Connection?

The VPN connection should be used when you need to connect to a protected/firewalled WPUNJ network services. These include but are not limited to:

  • Logging into the administrative systems
  • Connecting remotely to some of the University's Library resources (WebVPN)
  • Accessing University File Services

When connecting to unrestricted services, such as browsing the Web, you should use only your ISP connection and not the VPN connection. VPN is only required for access to protected services at WPUNJ.

VPN Multifactor Authentication

Multifactor Authentication is required for William Paterson University VPN Access. If you have not signed up for Two-Factor Authentication, please request access using the ticket type Account -> VPN Access.

For information on using Multi Factor Authentication, including use of the Duo App, please see our Multifactor Authentication article.

The secondary password field information can be found below, or on the Multifactor Authentication article, and include push, sms and phone.


Using VPN with Multifactor Authentication

  1. After you have set up your account, you will continue to use the Cisco AnyConnect client as you have in the past.
  2. When you provide your login credentials you will now be provided with a secondary authentication box. You can then either use an app on your android (or iphone) to generate a key OR type "push" in the secondary authentication box. Using "push" will send a notification to the app on your phone. (Using "sms" will initiate a text with an authentication key that will expire after one hour, or "phone" if you have signed up for a phone call.)

Second Password Field

The second password field appears in the Cisco Anyconnect tool.
The second password field appears in the Cisco Anyconnect tool.

The following is utilized when using the Cisco Any Connect Client for VPN. The second password field is where you define the method of multifactor authentication you will be utilizing.

Authentication Method             Second Password
Duo App Push Verification push (See image 1. below)
Duo App to Generate Authentication Code Enter Code displayed in App (See image 2. below)
Text Message sms             (You will receive a text message with a key that will expire after one hour)
Phone Call phone         (If you have registered multiple phone numbers, enter phone1, phone2, as needed)



1. Authorizing access through the Duo App

Duo iphone2.PNG

            2. Generating a Key in the Duo App

Duo iphone1.PNG

VPN Services

The VPN server authenticates using WPU usernames and passwords ONLY. Faculty and staff users must have a valid WPUNJ account to use the VPN services. VPN Services are available as a web or client application.

Microsoft VPN (MS VPN) for University Imaged Machines

University Windows 10 Laptops

This video demonstrates how to login to the MS VPN once the connection appears on your laptop. Once connected, you will be able to access to your network drives as though you were on campus.

The K: drive will be available upon connection, though you may need to ‘map’ your U: drive manually (instructions on how to do so here.)

University Mac Laptops

MS VPN is now located in your menu bar. The install the MS VPN can be found in the Managed Software Center **this may require that you first use the Cisco AnyConnect VPN client to install the MS VPN from off campus and run a Managed Software Center check for updates

MSVPN Mac 1.png

After selecting Connect you will be prompted for your WPUNJ password, once entered you will be sent an authentication to your primary Multifactor Authentication device.

MSVPN Mac 3.png

Once you are finished using VPN please Disconnect from the same menu you utilized to connect.

MSVPN Mac 2.png

Web VPN

The steps to sign-on to WebVPN and use are as follows:

  1. Simply navigate to Web VPN and sign in with your university credentials.
    Anyconnect4.PNG
  2. Click Login. Authenticate using your chosen two-factor authentication method.
    Anyconnect9.PNG
  3. Once your university credentials are verified, you will be taken to the new user interface for the VPN. The Home Tab will be the default view for your VPN session. From this home Tab, you will be able to view your U-Drive, K-Drive, as well as have direct links to both the university's home page and the Library's home page. Don't be alarmed if you don't see the words "U-drive" or "K-drive". They are simple named differently. Also, if you edit a file you will have to save it on your local drive and upload the way you would upload an e-mail attachment, drag and drop or direct saving to the network drive is not available.
        • My Folder represents your User folder, or your U-Drive.
        • WPU Folders represents the K-Drive.
    Anyconnect5.PNG
  4. Don't forget to LOG OFF after you have completed your VPN session.

Client VPN Application

Download the required software through WP Connect from the "Employee" tab, and under the "Information Technology" window frame. The VPN does not replace your ISP connectivity, it is intended only so your can access secure resources.

Microsoft Windows

Microsoft Windows Cisco AnyConnect VPN Client Installation

Full time employees will be able to download the Windows VPN client from the WPCONNECT portal. From the "Employee" tab, and under the "Information Technology" window frame you will see a link named "Web VPN". Click on it.

Part Time employees should visit http://webvpn.wpunj.edu

  • Once the above link is selected a new web page will open up asking for your WPU user account and password.
    Anyconnect4.PNG

    Log in using University credentials

  • Click on the "AnyConnect" link on the left hand column of the WEBVPN
  • Install the AnyConnect VPN Client
  • Once you enter this information the portal web page will automatically start the AnyConnect client installation. During the installation you may see a security alert popup bar (?) asking to run an add-on. At this point you can either click on the "skip" link as shown below or let the time counter time-out by itself and continue with the installation.
    Uavpn-message-550w.gif


  • At completion of the installation you will see a "Connection established" on your brrowser window as shown below. Now your VPN client is fully installed and running. Just close your browser.
    Anyconnect2.PNG


  • To disconnect the VPN client simply right click on the VPN icon on the right side of your task bar (it looks like a lock) and click on the 'Disconnect" button.
    Anyconnect8.PNG
  • To reconnect click on the start windows button at the left bottom of your task bar and select "All Programs". There you will find a "Cisco" folder with the Anyconnect VPN program icon. Click on the icon to launch the AnyConnect VPN client.
    Using the Windows Cisco AnyConnect VPN Client
  • Once launched you will be asked to enter your WPU user account and password. Please do so. If the "Connect to:" field is empty please enter vpn.wpunj.edu. That is the address of the VPN server. Now click on the "Connect' button to run the AnyConnect VPN client.
    Anyconnect3.PNG

    Note: The Cisco VPN Client will be minimized to the task bar, the icon looks like a lock. To disconnect, right click on the icon for the VPN client and select disconnect.

    For Second Password directions please see the Two Factor section of this article. For technical support contact Help Desk Request

Mac OS X (10.7 or later)

If you are using a university supplied MacBook or MacBook Pro you should skip to step 6.

Installing

1) Log into WPConnect. Go to the Employee Tab and then select the "Information technology" link. Click on the "WebVPN" link.

2) Once logged in click on the "any connect" button on the left of the page

WebVPN1.png

3) Click on "start AnyConnect"

WebVPN2.png

4) Wait for the installation to fail. When it does click on the "Mac OS X 10.8 +(intel)" link

WebVPN4.png

5) it will download a file to your designated download location. This is usually your downloads folder but you may have changed it to somewhere else. Locate the file "vpnsetup.dmg" and double click on it. It will mount a disk image on your desktop.

Client VPN1.png

6) Before you can run the installer package, you should temporarily disable Gatekeeper (This only applies to non university laptops). Refer to these instructions. Once complete, run the installer in the disk image. It will create a folder in your Applications folder named "Cisco".

Client VPN2.png

7) In that folder you will see an application named "Cisco Any Connect VPN Client". Double click on it.

Client VPN3.png

8) when the program launches you will see a connect window. In the space next to "Connect to" type "vpn.wpunj.edu" and click "connect"

Client VPN4.png

9) If the software can reach the university authentication server you will be asked for your university login credentials. Enter them and click the "connect" button.

Client VPN5.png


You are now connected to the university network. Disclaimer:

William Paterson University is not responsible for any software/hardware failures due to the installation of the VPN software provided by Cisco.

Mobile Devices (iPad, iPhone, Android)

Mobile devices have the ability to connect to the on campus network via VPN. Some helpful tips:

  • VPN connections are only possible from off campus
  • Your device must be connected to the Internet via wi-fi or cellular data.
  • The below screen captures were created on an iPhone. The client can also be used on Android devices.
  1. Search for "cisco anyconnect" on the Apple App Store or Google PlayStore and download the app.
Ios-cisco-anyconnect-1.PNG
Android-cisco-anyconnect-1.PNG


  1. When first launching the application, Cisco Anyconnect will display this prompt. Tap OK.
    Ios-cisco-anyconnect-2.PNG

  2. Select "Connections"
    Ios-cisco-anyconnect-3.PNG

  3. Enter WPUNJ as the description and vpn.wpunj.edu as the server address. Tap Save.
    Ios-cisco-anyconnect-4.PNG

  4. Tap the on/off switch to On to connect.
    Ios-cisco-anyconnect-5.PNG

  5. You will be prompted to enter your WPUNJ username and password.
    Ios-cisco-anyconnect-6.PNG

  6. To confirm that you are connected, the VPN icon will be visible on the top of the screen.
    Ios-cisco-anyconnect-7.PNG

  7. The Cisco Anyconnect VPN app will run in the background on your iOS device until the VPN connection is terminated. To terminate the connection, return to the app and toggle the on/off switch to Off.

Accessing files on your network shares (K and U drives)

It is important to understand that accessing our network storage through the webvpn is a bit different than using your office PC or laptop. There is no "drag and drop." To access and/or edit a file, it must first be downloaded locally. If your file is edited or changed, you must UPLOAD it back to the folder it resided in. If you fail to do so, all changes you made will only exist on the computer you made the changes on.

From the home tab, you must select the set of folders you wish to access. As mentioned above, folders do not show up as "K" or "U." Instead you see "My Folder," "Groups Folder" and "WPU Folders." See the circled area below:

  • Folderlist.png
  • My Folder - This is your "U Drive" which is commonly mapped on your University computer to "Documents" in Windows 7 or "My Documents" in Windows XP.
  • Groups - This is a direct link to K:\Groups. All of your departmental folders should be in here.
  • WPU-Folders - This is the root of the "K Drive." If you store and access all of your files from the Groups folder or your User folder, you will not need to use this option.

    Navigating Shared and User Folders

    Once you have chosen which set of folders you want to use, click on the link to display the list. In the example below, I have clicked on "Groups."

  • Groupsfolder.png
  • By default, the list is sorted in alphabetical order. Just like on the K drive, you can change the sorting to sort by Name, Size, Type or Date Modified by clicking on that heading. You should still have the menu on the left (Home, Web Applications, Browse Networks and AnyConnect) as well as a sequence of icons above the folder list: Webvpn-files-icons.png Hovering over the icons should tell you what each one does. For navigating, the important ones are:
  • Level Up - Webvpn-levelup.png This is like the back button on your web browser. This will go "up" one level in your list of folders.
  • Previous & Next - Webvpn-prevnext.png The page will only display the number of files or folders that fit on that particular page. Use these buttons to find the page containing the resource you need.

    Opening, Downloading & Editing Files

    Once you've found the file you want to use, it's almost as simple as clicking on the file. In most browsers, this will prompt you to open or save the document. If you only need to read the file, it is OK to go ahead and click "open." This will save the document in your temporary internet files and allow you to read the document. BE CAREFUL If you decide to edit this document, clicking "save" might just save it in your temporary internet files only to be lost at some point. It's important that, if you are going to edit the file, you save it to your local computer and then open it from there.

    Uploading Changed, Edited or New File

    This step would apply to:

  • Any document you downloaded and edited
  • New documents you would like to add to a network folder Once you have edited your file (or have a new one), you must upload it to the server. If you do not, it will only reside on your local machine. If you have been editing a document for a decent amount of time, the WebVPN may have timed out. If this is the case, log back in and browse to the folder you wish to upload your document to. Once in that folder, click on the icon to upload files: Webvpnupload.png You should now be presented with a box to upload your file:
    Webvpn-uploadfiles.png
    Click on "browse" and browse (on your local computer) to the location you saved your new or edited file. Once selected, click OK. If this file already exists on the server, it will warn you and as you if you wish to overwrite. If you are sure you want to upload the file, click OK:
    Webvpn-overwrite.png
    You should now be able to browse to, download, edit and upload files through use of the WebVPN. The VPN software available on this page is for use in the United States and Canada ONLY. It is NOT to be placed on a computer system that will be subject to International Travel. Exporting this software is a Federal Crime.