Introduction to VPNs
A VPN or Virtual Private Network is a means of extending a private network over a public link. In the context of the Computer Laboratory, it generally refers to a means of making a personal machine, typically a laptop or home computer, appear to be on the university or departmental network. There are three main reasons for doing this:
- To bypass firewall and access control restrictions that apply to direct connections from the external network
- To gain access to external services such as online journals that are authenticated by calling IP address
- To add a layer of security to your network traffic when using an untrusted network, particularly when travelling
In order to open a VPN the machine must present credentials to prove entitlement to access the private network.
VPN services in the Computer Laboratory
There are two VPN services available to members of the Computer Laboratory. Both are actually provided centrally by University Information Services. The first is a generic service available to any member of the university, and gives the machine an IP address on the CUDN. The second is a tailored version, only available to members of the Computer Laboratory, which gives the machine an address in the department's address space. If you wish, you can set up your machine to use either service at will.
Generic VPN service
The generic VPN service is documented by the UIS at https://www.ucs.cam.ac.uk/vpn/ where you will find detailed information for making connections from a variety of client systems. This is the preferred VPN service to use if it meets your needs. You will get an IP address in CUDN-private IP space, with any external connections you make going through the NAT gateway. If you have problems with using this service, the UIS service desk should be able to help you.
Computer Laboratory VPN service
This service should be used if you explicitly need an IP address belonging to the Computer Laboratory. Your machine will get a global IP address which does not need the NAT gateway for external connections; the relatively small supply of such addresses is one reason that the generic service is preferred.
To use the tailored version of the service, you should follow the documentation for the generic service with the following changes:
- Whereever the documentation refers to the service name vpn.uis.cam.ac.uk you should use vpn.cl.cam.ac.uk instead
- The mobile configuration file for Apple iOS should be downloaded from https://sysdata.cl.cam.ac.uk/vpn/ComputerLabVPN.mobileconfig instead of the URL in the generic documentation.
Note that when entering your login credentials, the form CRSid(a)cam... given in the documentation does not change.
All members of the department should be automatically granted access to the service, but there may be some errors and omissions. If the generic VPN service works but you are wrongly denied access to the CL service, please contact sys-admin(a)cl... in the usual way.
When you are connected to a VPN, your machine behaves in most respects as if it were directly connected to the remote network. This means that when using the VPN services described here, you become subject to the CUDN and JANET acceptable use policies. All VPN connections are logged against your CRSid and network traffic may be traced back to you. You should ensure that the anti-virus software on your machine is up to date, and take appropriate precautions to protect your credentials from unauthorised use.