Topics Map > Safety and security
Topics Map > Networking > Virtual private networking (VPN)

VPN, Frequently Asked Questions

This page contains frequently asked questions about the campus Virtual Private Networking (VPN) system, which allows authenticated access to University of Illinois computing resources from any location.

General FAQs

When do I need to use the VPN?

Technology Services has put together a VPN essentials website to help people determine if they need to use the VPN while working or learning remotely. In short, the VPN is typically needed only to access resources on campus that are designed to be accessed only by people on campus like local servers and research comptuers. Services like email, zoom, compass, and kaltura do not require the VPN. Check out the essentials website for other use cases.

What does the VPN let me do?

The VPN lets you securely connect your computer at home to the campus network. It gets you access to all of the things you can connect to when you are on campus, that are normally restricted so that people off-campus can not reach them. Depending on which Profile you pick, only your campus traffic, or all of your internet traffic will go through the VPN link. You will get the best performance from your network connection if you use one of the Split Tunnel profiles, so only use the Tunnel All choices if you really need to.

The VPN also lets you safely browse the internet when you are not at home and are using free Wi-Fi connections in public spaces, by encrypting and tunneling all of your traffic back to campus if you use the "Tunnel All" Profile. You can read more about how the security works here.

How fast is the VPN? (Why is my connection slow?)

The VPN servers are pretty fast, but are shared by thousands of people at the same time.  Typically what slows down your traffic the most is the process of encrypting it on your computer to send it to campus, and then decrypting the responses. This makes it secure, but slower. 

Is there anything I shouldn't do on the VPN?

The VPN is not designed to support high speed connections.  If you are working remotely and are working with things like large data sets for research, video editing, or other things that expect a high speed connection, it will not work well over the VPN. For remotely doing work like that, the work needs to be done on a computer that is on campus, and the VPN can be used to remotely access the computer that is doing the work that requires a high speed connection.  Some workflows have alternate options such as using globus to move data between campus and home, or using a cloud service to host what's being worked on.  

 I'm a visitor to the Urbana campus. How can I get VPN software for my computer? 

If you are visiting the Urbana-Champaign campus, you can use the IllinoisNet_Guest WiFi for network access, or have your departmental sponsor get you a guest account to use IllinoisNet. Then you don't need the VPN software.

If you need VPN access from off campus, the person or department sponsoring your visit will also need to provide you with VPN software for your computer.

(On campus, we recommend guests self-register on the IllinoisNet_Guest WiFi.)

For more information, see Information for Short-Term Guests.

 I used to be able to connect to the Library's online resources from off campus by using the VPN. Now I need to log in through their web interface even with the VPN active. What's changed? 

You may need to change your connection profile from Split Tunnel to Tunnel All, or you may need to use the Library Proxy. See Library Resources and the VPN for more information.

 Will the VPN connection work with my normal network connection? 

Yes. The VPN does not require any particular type of connection in order to function. You can use VPN to secure any wired or wireless network connection.

 Do I have to use VPN software with IllinoisNet WiFi or eduroam? 

No. IllinoisNet WiFi, the preferred method for wireless network access on campus, is a full-featured wireless network that has authentication and security built into the wireless protocol itself. It does not require the VPN.

Eduroam may be available to you if you are visiting from an eduroam-participating institution. It is a secure, world-wide network for the international research and education community. It also does not require the VPN.

 Is there a charge for VPN software? 

No, but you must download and install the software.

See Downloading and installing VPN client software for more information.

 Is there support for mobile devices? 

At this time, Technology Services offers VPN support for iPad & iPhone (iOS), and for Android devices.

For more information and links to community-developed configurations, see VPN Downloads and Installation and VPN Clients for Other Systems.

 Can I use third-party software with the campus VPN? 

Maybe. Third-party VPN clients may or may not work with the VPN server, and the Technology Services Help Desk can only provide support for the Tech Services-released VPN client.

If you decide to use a third-party VPN client, you'll need to work with the VPN client's author to resolve any issues you have.

Similarly, some campus network administrators have released VPN clients for members of their own departments. If you have difficulty using a department-released VPN client, contact your department's IT staff for assistance.

 My Cisco AnyConnect client works great at my home institution but it won't it work with the VPN server here at the Urbana campus. How can I get it to work here too? 

Your instance of Cisco AnyConnect must have a separate VPN profile created for each VPN server with which you wish to connect.

Follow the instructions at VPN Downloads and Installation that describe how to create a new VPN profile specifically for the Urbana campus network.

NOTE: You do not need to download a new instance of the client software. Start with the step that involves adding vpn.illinois.edu to your collection of profiles.

 How do I configure my computer's firewall to allow the VPN to connect? 

The firewall programs which are native to Microsoft Windows and Mac OS X will be automatically reconfigured to permit VPN traffic when the VPN client configuration is added to your computer's networking systems. You won't need to manually change the configuration for these firewalls.

On the other hand, some third-party firewalls are not automatically reconfigured when the VPN client is installed. ZoneAlarm is one commonly-used example of a firewall you will need to reconfigure yourself in order to allow VPN connections.

Guidelines for reconfiguring a firewall that offers program-based access control (like ZoneAlarm) and for reconfiguring a firewall that offers port-based access control (like many Unix firewalls) are given on the Firewall Ports page.

NOTE: If your computer is subject to group policy objects (e.g. your computer is department-owned or is on your department's intranet), you may need to work with your department's network administrator in order to configure your firewall for VPN.

 How long can I stay connected to the VPN server? 

The total maximum connection time is 24 hours (1440 minutes).

If your network connection is not being used, the connection times out in 90 minutes.

NOTE: Many laptops' power-saving features will put network cards to sleep sooner than our idle timeouts will. If you want to stay connected even when you aren't actively using your laptop / mobile device, you will probably need to disable the power-saving features of the laptop or mobile device. You may also need to disable power-saving features on the network card itself.

 I get disconnected from the VPN frequently. How can I stay connected? 

This problem has several possible causes.

  • Power management / energy saving modes 

    If you're using a wireless connection and your laptop is unplugged, your computer may be turning off your wireless network card during times of low activity. Since your computer's VPN client needs to maintain a constant connection to the VPN server, it won't be able to communicate without the wireless card.

    To correct this, adjust your computer's power management or energy saving controls. (Look in the Control Panel on Windows systems, or in System Preferences on Macs.

     
  • Busy wireless network or distance from access point 

    Your computer may lose its connection to the VPN server briefly. This can happen when the signal strength of a wireless access point fluctuates or when the wired network connection you are using is too busy to permit the VPN client to maintain its connection with the VPN server.

    If the wireless network is saturated, there's little you can do to prevent disconnections. However, if you're too far from an access point, try moving to an area where the wireless signal is stronger

Windows-specific FAQs

How do I uninstall the VPN client from a Windows computer? 

In the Control Panel, go to Add/Remove Programs, then select Cisco AnyConnect Secure Mobility Client from the list of installed programs.

Click the Uninstall button and follow the computer's prompts to remove the VPN configuration settings.

If any other Cisco AnyConnect items remain after uninstalling the client (such as the Cisco AnyConnect Network Access Manager), follow the same process to uninstall them as well.

How do I tell which version of the installer I need?

Most Windows computers have a x86 based processor, but newer ones like 2020 Surface tablets have an ARM64 processor.  The AnyConnect Windows installer does not have both bundled together, you have to download the correct one. Most people need the x86 version.
If you have a computer made in 2020 or later, and it's a Surface tablet, or a low power laptop, there's a chance it might be an ARM.
If you aren't sure which one your computer has, and your computer was made in 2019 or earlier or isn't advertised as a special low power computer, you probably need the x86 version.
Most people should download the x86 version of the VPN software from the webstore by clicking on the download button beside the text "Windows 7, 8, 8.1, 10".   If you need the ARM support, click on the download button beside the text "Windows for ARM Processors only".

Mac-specific FAQs

 Is there support for older versions of Mac OS X? 

Operating systems that are so old that they are no longer updated by their manufacturer are not supported by either Cisco or the Technology Services Help Desk. In addition, Technology Services Privacy and Information Security strongly recommends that these older operating systems not be active on the campus network. Apple Supports the three most recent versions of Mac OS. As an example, if the current Mac OS version is 10.13, Cisco will guarantee support for 10.13, 10.12, and 10.11 but not earlier.

NOTE: Failure to use a supported operating system may lead to your computer or device being blocked from the campus network. 

Windows can do Connect before Login, can Mac?

Unfortunately no. There are hooks in Windows for programs that allow the login screen to send the login information to linked programs that the Cisco AnyConnect software can work with to use the login name and password to open a VPN session. If such a thing exists in Mac OS, the AnyConnect client does not currently support using it.

Upgrading from older VPN version FAQs

How do I know which VPN system I'm using? 

The current Cisco version (AnyConnect)

You're using the current Cisco VPN (AnyConnect) if your icon looks like this:

Current VPNCurrent VPN


NOTE: If you are using any other VPN besides Cisco AnyConnect, you will need to upgrade your VPN client in order to connect to the VPN server.

Older VPN versions (retired)

Old (Cisco) version

You're using the old Cisco version if your software uses icons that look like this:

Old VPNOld VPNOld VPN

The CITES Nortel VPN

You're using the old Nortel VPN if your software uses icons that look like this:

Nortel VPNNortel VPN

Aventail SSL VPN

If your VPN software and icons don't look like either of those, you may be using the "SonicWall" or "Aventail" SSL VPN. It offers both a web-based interface and a client with an icon that looks like this:

Aventail VPN

How do I upgrade from an old to the new Cisco VPN system? 

It's easy! You usually don't need to uninstall the old VPN first. Just don't use it anymore.

(Note: If you get an AnyConnect error, you may need to uninstall previous VPN clients.)

If it helps you remember, you can delete the old VPN icon.

To configure your computer to access the new VPN server, visit the Download and Installation page to find the correct installer for your operating system.

Are the older VPN servers still available? 

No. In 2014, the three legacy VPN (Virtual Private Network) clients were retired. 



Keywords:
Virtual Private Networking, VPN, Cisco, AnyConnect, Nortel, Aventail, encrypted, unencrypted, Eduroam, IllinoisNet, iPod, iPad & iPhone, iOS, Android, firewall, Windows, Mac, OS X 
Doc ID:
47901
Owned by:
Network E. in University of Illinois Technology Services
Created:
2015-03-02
Updated:
2023-01-13
Sites:
University of Illinois Technology Services