VPN

The University of Windsor uses a firewall. Many protocols or ports are blocked by the firewall, so you may need to establish a connection through the campus Virtual Private Network (VPN) to access resources and data on the campus private network. 

What does the VPN connection do?

The VPN connection tunnels network traffic over a securely encrypted connection. Once connected to the VPN portal, your device will receive a new IP address and IP route provided by the university and recognized internally by the campus firewall. 

Why do I need to use the Campus VPN?

ITS Documents related to the Campus VPN

	Installing GlobalProtect VPN client on a Windows computer
	Installing GlobalProtect VPN client on macOS
	Installing GlobalProtect VPN client on mobile devices (Apple, Android)
	Installing GlobalProtect VPN client on Linux Devices

Download

Windows and macOS

Authenticate with your UWinID and password on the university's GlobalProtect Portal to get to the GlobalProtect Client download links.

Download for Windows and macOS

GlobalProtect may seem to install properly in macOS, but sometimes will not work if it failed to allow access to the installed system extension. See Installing GlobalProtect VPN client on macOS.

Checking the Windows version

If you are running Windows, please check the version to determine if you should install the 32-bit or 64-bit version. 

Press the Windows + Pause keys

Android, iOS, Chromebook and Windows UMP

Download the GlobalProtect Client from the respective device's app store.

Android and Chrome OS devices Download the GlobalProtect App for Android Check which Chrome OS Systems support Android Apps

iOS devices Download the GlobalProtect App for iOS

Linux

Install openconnect using the package manager for your Linux distribution.

Connecting to the campus VPN

Using GlobalProtect Clients

Windows and macOS devices use the networklogin.uwindsor.ca portal.

Mobile devices, including Android, iOS, Chromebook, and ARM-based Surface tablets, use the mobilevpn.uwindsor.ca portal. Refer to VPN#ITS_Document_related_to_the_Campus_VPN for detailed instructions for setting up a connection on your device.

Using Openconnect with Linux

The Openconnect integration with NetworkManager does not properly open the connection to the portal. You must use the command-line for your VPN connection to work correctly.

Reserve a terminal window for the VPN connection, and run the command below, replacing userid with your UWinID, in the reserved terminal:

sudo openconnect --protocol=gp mobilevpn.uwindsor.ca -u userid

Linux, like mobile devices, uses the mobilevpn.uwindsor.ca portal.

PAN GlobalProtect HIP with open-connect

And because you are in Computer Science ...

You may notice a message like

POST https://mobilevpn.uwindsor.ca/ssl-vpn/hipreportcheck.esp
WARNING: Server asked us to submit HIP report with md5sum 923700b124549fa2954cc08845be3c60.
    VPN connectivity may be disabled or limited without HIP report submission.
    You need to provide a --csd-wrapper argument with the HIP report submission script.

this when you run open connect as shown in VPN#Using_Openconnect_with_Linux.

Host Integrity Protection provides an explanation. If you want to include the --csd-wrapper option, you will need to specify the location of the script required.

For Debian-based distributions, for example, you can find the location of the scripts like this

~$ dpkg -L openconnect|grep hipreport
/usr/libexec/openconnect/hipreport-android.sh
/usr/libexec/openconnect/hipreport.sh

To avoid the above warning on a Linux client you can use

Testing the VPN Connection

The ping command is the simplest way to test if your active VPN Connection is working. 

Windows

Launch the hidden menu for power users using one of these methods:

• Press the Win + X keys on your keyboard
• Right-click on the Windows logo in the bottom-left corner of your desktop

In older versions of Windows 10, this menu will include shortcuts for the Command Prompt instead of Windows Powershell. Either is suitable for this test!

ping 10.10.10.10 results

Run

ping 10.10.10.10

to determine if the campus DNS server is available.

New VPN provider IP address

Run

ipconfig

to display the new IP address while actively connected to the campus VPN portal.

New VPN provided routes

Run

route print -4

to display the new IP routes while actively connected to the campus VPN portal.

macOS

Open or quit Terminal on Mac

This link can be found in the Terminal User Guide menu

Open a terminal and run

ping 10.10.10.10

to determine if the campus DNS server is available.

Your output should look similar to the Windows Powershell ping results above.

Linux

ping -c 5 10.10.10.10 results

Run

ping -c 5 10.10.10.10

to determine if the campus DNS server is available.

New VPN provided IP address

Using Debian, run

ip addr show tun0

to display the new IP address while actively connected to the campus VPN portal.

The network interface name may vary depending on the Linux distribution you use, but the IP will begin with the first two octets 172.18.

New VPN provided IP routes

Run

ip route

to display the new IP routes while actively connected to the campus VPN portal.