CITES | University of Illinois

Breadcrumbs to this page

  1. CITES
  2. connecting to the internet
  3. logging in
  4. vpn
  5. faq

VPN Frequently Asked Questions

This page contains frequently asked questions about the campus Virtual Private Networking (VPN) system, which allows authenticated access to University of Illinois computing resources from any location.

Upgrade FAQs

General FAQs

    Expand section Will the VPN connection work with my normal network connection?

    Yes. In addition, the VPN client is active only when you choose to start it. If the client is not running, then it will not affect your connection.

    Expand section Do I have to use the VPN software to use UIUCnet Wireless?

    You can connect to the Internet without using the VPN system by using UIUCnet QuickConnect, a simple browser-based way to authenticate yourself and access many of the most commonly used networking resources, including email and the Web.

    However, if you use unencrypted software with QuickConnect and choose to communicate sensitive data such as passwords, this information can be taken from the air by anyone else on UIUCnet Wireless.

    For more information, see Why wireless users need to use VPN.

    Expand section Is there a charge for client software?

    In most cases, there is no charge because a suitable VPN client is already available and built into your operating system.

    For most current operating systems (Windows 2000, XP, and Vista, Macintosh OS X, Linux, and Unix), you can use the VPN client that comes built in to your operating system to connect to the campus VPN server. See Downloading and installing VPN client software for more information.

    If you have an older or less frequently used operating system (Windows 95, 98, ME, NT, Macintosh 9 or earlier), you may or may not be able to find software to allow your system to connect. The third-party client software that was formerly available for older Macintosh and palmtop users worked with different protocols on the old Cisco VPN server; the Nortel VPN server is using different protocols.

    Note that CITES maintains a list of Help Desk-supported software and operating systems. If your operating system isn't mentioned on this list, the CITES Help Desk cannot assist you with acquiring and installing a VPN client.

    However, if you can find a PPTP-compatible VPN client for your operating system, you can try to create your own connection configuration. See VPN Clients for Other Systems for more information.

    Expand section Is there handheld device (PalmOS or Windows CE) support?

    At this time, CITES does not have the resources to offer specific help for handheld users wishing to connect to the VPN system, because of the range of handheld devices and VPN software clients available.

    If you've already purchased the Movian or Antha software for use with the old Cisco VPN server, you can continue to use that software while the Cisco VPN server remains in service. For installation and configuration details, see Movian / Antha VPN Client Software.

    If your handheld device's VPN client software offers PPTP support, you should be able to connect to the new VPN server, but CITES will not be able to assist you with the configuration process. See VPN Clients for Other Systems for more information.

    Expand section Can I use a Nortel, Apani, Movian, Antha, or other third-party VPN software client?

    The Nortel VPN client will not work with the CITES VPN server.

    Other third-party VPN clients may or may not work with the CITES VPN server; however, the CITES Help Desk can only provide support for the CITES-released VPN client. If you have difficulty using a third-party VPN client, you'll need to work with the VPN client's author to resolve any issues you have.

    Similarly, some campus network administrators have released VPN clients for members of their department. If you have difficulty using a department-released VPN client, contact your department's IT professional staff for assistance.

    If you've already purchased the Movian or Antha software for use with the old Cisco VPN server, you can continue to use that software while the Cisco VPN server remains in service. For installation and configuration details, see Movian / Antha VPN Client Software.

    Expand section How do I configure my computer's firewall to allow the VPN to connect?

    Some firewall programs, like the Windows XP and Vista native firewalls, will be automatically reconfigured to permit the VPN traffic when the VPN client configuration is added to your computer's networking systems. You won't need to manually change the configuration for these firewalls.

    On the other hand, some third-party firewalls are not automatically reconfigured when the VPN client is installed. ZoneAlarm is one commonly used example of a firewall you will need to reconfigure yourself in order to allow VPN connections.

    Guidelines for reconfiguring a firewall that offers program-based access control (like ZoneAlarm) and for reconfiguring a firewall that offers port-based access control (like many Unix firewalls) are given on the Firewall Ports page.

    Expand section How long can I stay connected to the VPN server?

    The total maximum connection time is 24 hours (1440 minutes).
    If your network connection is not being used, the connection times out in 90 minutes.

    Note: Many laptops' power-saving features will put network cards to sleep sooner than our idle timeouts will. If you want to stay connected even when you aren't actively using your laptop/mobile device, you will probably need to disable the power-saving features of the laptop or mobile device. You may also need to disable power-saving features on the network card itself.

    Expand section I get disconnected from the VPN frequently. How can I stay connected?

    This problem has several possible causes.

    • Power management / energy saving modes

      • If you're using a wireless connection and your laptop is unplugged, your computer may be turning off your wireless network card during times of low activity. Since your computer's VPN client needs to maintain a constant connection to the VPN server, it won't be able to communicate without the wireless card.

      To correct this, adjust your computer's power management or energy saving controls. (Look in the Control Panel on Windows systems, or in System Preferences on Macintosh systems. Some Windows users may also be affected by the Intel 3945 driver issue.)

    • Busy wireless network or distance from access point

      • Your computer may lose its connection to the VPN server briefly. This can happen when the signal strength of a wireless access point fluctuates or when the wired network connection you are using is too busy to permit the VPN client to maintain its connection with the VPN server.

      If the wireless network is saturated, there's little you can do to prevent disconnections. However, if you're too far from an access point, try moving to an area where the wireless signal is stronger.

    • Jumping from access point to access point (Windows systems)

      • In areas that contain both UIUCnet Wireless signals and other wireless signals, Windows may change back and forth between networks by homing in on whichever signal is stronger at a given moment. Unfortunately, people moving around in hallways may change which signal is stronger.

      To correct this, see the "Frequent changes in access point" item in the Windows-specific wireless troubleshooting page.

    For more information, see Troubleshooting Intermittent Disconnections.


    Expand section I have an active wired or off-campus network connection and VPN client. I've installed the VPN, but I can't connect to the campus VPN server. What do I do?

Windows-specific FAQs

    Expand section Why won't the CITES VPN installer from the WebStore work on my Windows system?

    For Windows Vista users:

    The CITES VPN installer is not compatible with Windows Vista. CITES hopes to offer a Vista-compatible installer in the future.

    For Windows XP users:

    Changes made by a Microsoft patch released in March 2008 caused the CITES VPN package to be unable to install correctly on a few systems.

    Option 1 : Use the other XP instructions (recommended for most users)

    If you have one or two computers with this problem, you can use the 64-bit Windows XP instructions. (These are essentially the same as the guest instructions, but they use your NetID and Active Directory password rather than a guest user name and password.)

    Option 2 : Patch your operating system (recommended for IT pros)

    IT pros who have labs with many identically-configured machines can use this optional Microsoft patch to correct the issue:

    http://support.microsoft.com/kb/925876

    After you've installed the patch, you'll also need to check whether the Remote Access Connection Manager service is enabled. To check this:

    1. Right-click on My Computer and select Manage.
    2. In the Computer Management window that appears, expand the Services and Applications node at the bottom of the left-hand pane and choose Services.
    3. In the list of services that appear in the right pane, scroll down until you locate the Remote Access Connection Manager item. Check the Status column for its current state.
    Expand section Is there Windows 95, 98, or ME support?

    Windows 95, 98, and ME are not supported by either Nortel or the CITES Help Desk. In addition, CITES Security strongly recommends that these older Windows systems should no longer be active on the campus network.

    Expand section Is there Windows NT or 2003 Server support?

    Since a VPN client is intended for use on an individual person's computer, and since the campus VPN configuration doesn't allow a connection to be established for more than 24 hours, CITES does not recommend the use of the VPN system on servers.

    This doesn't mean that it's technically impossible to run a VPN client on a Windows server. However, if you encounter problems when trying to run a VPN client on Windows server systems, you will need to troubleshoot it by yourself.

    Expand section Using third-party firewalls (ZoneAlarm, etc.) with the VPN server

    When the Windows VPN client is used with the Windows firewall, the operating system will adjust the firewall settings to allow the VPN client to communicate. Since third-party firewalls are not built into the operating system in the same way, they may need to have their configuration adjusted in order to allow proper two-way communication.

    In order for the VPN server to work through any third-party firewalls you may have installed on your Windows computer, you will need to configure your firewall so that information from the VPN server (IP address 192.17.44.3) can be allowed to both come in to your computer and leave it.

    For some firewall programs, you may need to configure access by port rather than by IP address.

    For more information on specific information that your firewall will need to communicate with the VPN server, see Firewall Ports that the VPN System Uses.

    Expand section How do I uninstall the CITES VPN configuration settings on a Windows computer?

    In the Control Panel, go to Add/Remove Programs, then select CITES VPN from the list of installed programs.

    Click the Change/Remove button that appears beneath the selected CITES VPN entry and follow the computer's prompts to remove the CITES VPN configuration settings.

    Windows-specific error messages:
    Expand section Error 678: There was no answer from the VPN server

    The most common cause of this error is a network configuration problem on the network you're using. It's typically related to a firewall's settings.

    • If you see this error every time you try to connect from any location, you may need to adjust your own computer's firewall.

      • If you're using the built-in Windows firewall, the VPN configuration process automatically adjusts settings as needed.

      However, if you're using a third-party firewall such as ZoneAlarm, you'll need to adjust your computer's firewall settings. See Firewall Ports Used for VPN Connections for more information.

    • If you see this error when you try to connect from a new location, ask the network administrator to adjust the location's firewall.

      • Many hotels, coffeehouses, and similar short-term access locations don't forward all the information that the VPN needs for a successful connection. If you've been able to successfully use the VPN from other locations in the past, the error is likely related to this particular site.

      Ask the site's system administrator to look at the information in the Firewall Ports Used for VPN Connections page and adjust their firewall accordingly.

    Expand section Error 691: Access was denied because the username and/or password was invalid on the domain

    This error usually means that you've mistyped either your username or your password.

    Username: Use your NetID. If your campus email address is myname@illinois.edu, then your NetID is myname.

    Password: Use your Active Directory password. (For more information about your Active Directory password, please contact the CITES Help Desk.)

    If retyping your username and Active Directory password carefully doesn't correct the problem, contact the CITES Help Desk.

    Expand section Error 800: Unable to establish the VPN connection.

    This error usually means that you don't have an active network connection. Make sure that you've successfully connected to your network as described in step 1.

    If you're seeing Error 800 and can use the network, but can't use the VPN, contact the CITES Help Desk at consult@illinois.edu or 244-7000.

Mac-specific FAQs

    Expand section Is there Macintosh 7.5-9.x support?

    Macintosh systems older than OS X are not supported by either Nortel or the CITES Help Desk. In addition, CITES Security strongly recommends that these older Macintosh systems should no longer be active on the campus network.

Related FAQs

 

 

Last updated Wednesday, October 3, 2012, 3:18 pm