User Tools

Site Tools


atmos:citation:soft:vpn

VPN: Virtual Private Network

May 2023 University of North Dakota VPN

Go to http://vpn.und.edu to access.

For Linux users use the open-connect version of the GlobalProtect client located at: https://github.com/yuezk/GlobalProtect-openconnect

For users that do not have a UND-owned computer, please go here for installation instructions.

Instructions on accessing and using the GlobalProtect VPN can be found here.

If you have any questions or are having difficulty connecting with VPN, please submit a ticket here to get in touch with UND Tech Support.

Old (Before May 2023) University Wide VPN

Go to http://undvpn.und.edu, and log in using your University username and password. Click on the Start AnyConnect link to install the VPN. On windows, the VPN will install automatically. On Linux, you need to download the install program and manually install it. More information is available at the Aerospace Web site.

Two-factor Authorization

To Set-up Duo and Start the VPN, follow these steps.

  • Log into your UND Duo account athttps://webapps.ndus.edu/duo-device-manager/login.
  • Download the Duo Mobile App on your smartphone or other device.
  • Next, go back to the UND Duo webpage and set-up your mobile device for Duo. More detailed instructions for this step can be found on https://und.teamdynamix.com/TDClient/2048/Portal/KB/ArticleDet?ID=62187
  • Select (Press) the North Dakota University System item on your device. Unless you are using another system, this will be the only item listed when the app is launched. This provides you the “second” limited use 6 digit number/password.
  • Open the VPN and exter Campusvpn into the field provided. This will bring up a new window. Type in your username in top field, your University password in top (first) password field, the Duo software provided 6 digit number in the bottom (second) password field.
  • Select connect to start/connect using the VPN. Nothing else is required.

Statement on Two-factor Authorization

In the Summer of 2020, the University changed the VPN configuration to require two-factor authentication. Like most information technology decisions at the University or State level, this decision was done without any data to back the “feeling” that it is necessary to improve security. While having two methods for authorization can improve security, any required security procedure should be reviewed in terms of how it is implemented in practice. Two-factor authorization requires more work on the user's part, so the real question to address before implementing this requirement is, “Does the practical benefit of two-factor authorization provide benefits that are greater than the cost of the additional work of users?”. No information on this question was provided to users when announcing the two-factor authorization requirement. Only stating that the change was done for “security” reasons. This is an example of what people mean when they indicate that they want more “transparency” from the university administration. Transparency is not being informed of the decision to add two-factor authorization for a general reason like “security”; but, is being provided with the cost-benefit analysis that went into the decision. In fairness to “transparency”, I expect there was no analysis done at the University or State level. I expect a vendor justified raising the cost of their product/service by indicated they are providing a more “secure” produce; hence, all that can be done to justify the additional work required by users is to repeat the vendor's line that “this increases security”.

One reason for assuming no analysis was done for requiring two-factor authorization is the limited, and in places incorrect, information provided on how to use two-factor authorization. This lack of information indicates how little is understood by them and requires more time on the user's part to figure out the new system. Hence, provided here is information on using the University's two-factor authorization, which requires a second method of authorization. The university's help page on using two-factor authorization for VPN access assumes you should request (put in und for the second password) this second authorization when you make a VPN login request. When you try to connect, an authorization request is sent to your North Dakota University System registered DUO app (put in und for the second password) device, typically on a smartphone. The university information page incorrectly states that you are doing the authorization when connecting; however, the authorization does not happen until later. They understand so little about two-factor authorization that they are unwilling to correct this incorrect information on their site when it is pointed out to them. If you need to use the DUO app anyway for authorization, why not just start there.

One piece of incorrect information provided initially at the University/State level to users on two-factor authorization is that it is only needed to access servers. However, I repeatedly find that if I start the VPN to access a server, and then the VPN drops (only 10 hours time limit so will drop overnight), then all Web sites hosted on the University network will give a network time out. Seems that it is too much work, or their network is incorrectly configured so it not possible, for the University information technology people to configure the network traffic to Web servers to not go through the VPN. Hence, to access even simple Web Sites (for example this page) you need to use the VPN.

I hope this information helps the users that are now required to use two-factor authorization for the University of North Dakota VPN. While ticket requests to improve VPN two-factor authorization have not been successful, I will try to submit a ticket request on how to use a Yubico USB key instead of the Duo app 6-digit password for two-factor authorization and post results here.

Installation

Ubuntu Linux: In a terminal window type “sudo apt-get install network-manager-openconnect network-manager-openconnect-gnome”. The root password will need to be entered. Open 'Network Connections' and go to 'Add Network Connection'. From the drop down menu select 'Cisco AnyConnect Compatible VPN (openconnect)' and create. Connection name = UND, Gateway = undvpn.und.edu. SAVE. Open 'Network Connections', VPN Connections and select UND. Log in with UND username and password.

Redhat 6 Linux: Best to use the Cisco AnyConnect VPN Client. Download from undvpn.und.edu. Install using the ./vpnsetup.sh script. Once installed, rurn AnyConnect <Applicatioins><Internet><Cisco AnyConnect VPN Client>. Enter UND username and password.

Fedora 16 Linux: Need to manually download and install program from site. After installation the Cisco Anyconnect launcher should appear in the menu (On Fedora, under Internet). Need to connect to undvpn.und.edu. Under Fedora 16, get the following error:

AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network.

Since Cisco Anyconnect did not work used openconnect under Fedora 16. Need to use Gateway undvpn.und.edu. Not Certificates are needed.

Windows 7: Ensure you have the latest version of Java software installed. The manual VPN install does not work under Windows since there is a profile that need to be installed. Need to use the automatic install. Also, people have reported that the automatic install does not work under Firefox so do the automatic install using Internet Explorer.

atmos/citation/soft/vpn.txt · Last modified: 2023/05/23 02:13 by 127.0.0.1