VPN, Frequently Asked Questions
This page contains frequently asked questions about the campus Virtual Private Networking (VPN) system, which allows authenticated access to University of Illinois computing resources from any location.
When do I need to use the VPN?
What does the VPN let me do?
How fast is the VPN? (Why is my connection slow?)
Is there anything I shouldn't do on the VPN?
If you are visiting the Urbana-Champaign campus, you can use the IllinoisNet_Guest WiFi for network access, or have your departmental sponsor get you a guest account to use IllinoisNet. Then you don't need the VPN software.
If you need VPN access from off campus, the person or department sponsoring your visit will also need to provide you with VPN software for your computer.
(On campus, we recommend guests self-register on the IllinoisNet_Guest WiFi.)
For more information, see Information for Short-Term Guests.
I used to be able to connect to the Library's online resources from off campus by using the VPN. Now I need to log in through their web interface even with the VPN active. What's changed?
Yes. The VPN does not require any particular type of connection in order to function. You can use VPN to secure any wired or wireless network connection.
No. IllinoisNet WiFi, the preferred method for wireless network access on campus, is a full-featured wireless network that has authentication and security built into the wireless protocol itself. It does not require the VPN.
Eduroam may be available to you if you are visiting from an eduroam-participating institution. It is a secure, world-wide network for the international research and education community. It also does not require the VPN.
No, but you must download and install the software.
See Downloading and installing VPN client software for more information.
At this time, Technology Services offers VPN support for iPad & iPhone (iOS), and for Android devices.
Maybe. Third-party VPN clients may or may not work with the VPN server, and the Technology Services Help Desk can only provide support for the Tech Services-released VPN client.
If you decide to use a third-party VPN client, you'll need to work with the VPN client's author to resolve any issues you have.
Similarly, some campus network administrators have released VPN clients for members of their own departments. If you have difficulty using a department-released VPN client, contact your department's IT staff for assistance.
My Cisco AnyConnect client works great at my home institution but it won't it work with the VPN server here at the Urbana campus. How can I get it to work here too?
Your instance of Cisco AnyConnect must have a separate VPN profile created for each VPN server with which you wish to connect.
Follow the instructions at VPN Downloads and Installation that describe how to create a new VPN profile specifically for the Urbana campus network.
NOTE: You do not need to download a new instance of the client software. Start with the step that involves adding vpn.cites.illinois.edu to your collection of profiles.
The firewall programs which are native to Microsoft Windows and Mac OS X will be automatically reconfigured to permit VPN traffic when the VPN client configuration is added to your computer's networking systems. You won't need to manually change the configuration for these firewalls.
On the other hand, some third-party firewalls are not automatically reconfigured when the VPN client is installed. ZoneAlarm is one commonly-used example of a firewall you will need to reconfigure yourself in order to allow VPN connections.
Guidelines for reconfiguring a firewall that offers program-based access control (like ZoneAlarm) and for reconfiguring a firewall that offers port-based access control (like many Unix firewalls) are given on the Firewall Ports page.
NOTE: If your computer is subject to group policy objects (e.g. your computer is department-owned or is on your department's intranet), you may need to work with your department's network administrator in order to configure your firewall for VPN.
The total maximum connection time is 24 hours (1440 minutes).
If your network connection is not being used, the connection times out in 90 minutes.
NOTE: Many laptops' power-saving features will put network cards to sleep sooner than our idle timeouts will. If you want to stay connected even when you aren't actively using your laptop / mobile device, you will probably need to disable the power-saving features of the laptop or mobile device. You may also need to disable power-saving features on the network card itself.
This problem has several possible causes.
- Power management / energy saving modes
If you're using a wireless connection and your laptop is unplugged, your computer may be turning off your wireless network card during times of low activity. Since your computer's VPN client needs to maintain a constant connection to the VPN server, it won't be able to communicate without the wireless card.
To correct this, adjust your computer's power management or energy saving controls. (Look in the Control Panel on Windows systems, or in System Preferences on Macs.
- Busy wireless network or distance from access point
Your computer may lose its connection to the VPN server briefly. This can happen when the signal strength of a wireless access point fluctuates or when the wired network connection you are using is too busy to permit the VPN client to maintain its connection with the VPN server.
If the wireless network is saturated, there's little you can do to prevent disconnections. However, if you're too far from an access point, try moving to an area where the wireless signal is stronger
In the Control Panel, go to Add/Remove Programs, then select Cisco AnyConnect Secure Mobility Client from the list of installed programs.
Click the Uninstall button and follow the computer's prompts to remove the VPN configuration settings.
If any other Cisco AnyConnect items remain after uninstalling the client (such as the Cisco AnyConnect Network Access Manager), follow the same process to uninstall them as well.
How do I tell which version of the installer I need?
Operating systems that are so old that they are no longer updated by their manufacturer are not supported by either Cisco or the Technology Services Help Desk. In addition, Technology Services Privacy and Information Security strongly recommends that these older operating systems not be active on the campus network. Apple Supports the three most recent versions of Mac OS. As an example, if the current Mac OS version is 10.13, Cisco will guarantee support for 10.13, 10.12, and 10.11 but not earlier.
NOTE: Failure to use a supported operating system may lead to your computer or device being blocked from the campus network.
Windows can do Connect before Login, can Mac?
Unfortunately no. There are hooks in Windows for programs that allow the login screen to send the login information to linked programs that the Cisco AnyConnect software can work with to use the login name and password to open a VPN session. If such a thing exists in Mac OS, the AnyConnect client does not currently support using it.
Upgrading from older VPN version FAQs
The current Cisco version (AnyConnect)
You're using the current Cisco VPN (AnyConnect) if your icon looks like this:
NOTE: If you are using any other VPN besides Cisco AnyConnect, you will need to upgrade your VPN client in order to connect to the VPN server.
Older VPN versions (retired)
Old (Cisco) version
You're using the old Cisco version if your software uses icons that look like this:
The CITES Nortel VPN
You're using the old Nortel VPN if your software uses icons that look like this:
Aventail SSL VPN
If your VPN software and icons don't look like either of those, you may be using the "SonicWall" or "Aventail" SSL VPN. It offers both a web-based interface and a client with an icon that looks like this:
It's easy! You usually don't need to uninstall the old VPN first. Just don't use it anymore.
(Note: If you get an AnyConnect error, you may need to uninstall previous VPN clients.)
If it helps you remember, you can delete the old VPN icon.
To configure your computer to access the new VPN server, visit the Download and Installation page to find the correct installer for your operating system.
No. In 2014, the three legacy VPN (Virtual Private Network) clients were retired.