Virtual Private Network (VPN) service

Connecting to the School network from campus or beyond

The Computing Science (SoCS) network is not generally accessible from outside the School, even from elsewhere on campus. To connect to machines or resources on the SoCS network you will need to use a VPN connection.

Our VPN server supports both basic PPtP and more secure L2TP connections, the latter through the use of a shared key.

Instructions for setting up your VPN connection are given below.

Windows

These instructions are based on Windows 8.1. Other versions of Windows should be very similar.

Setting up the VPN Connection

  1. Open Network and Sharing Center. This can usually be achieved either via the Control Panel or by right clicking the network icon in the system tray bottom right.
  2. Choose to Set up a new connection or network
  3. Select Connect to a workplace and then Next
  4. Opt to Create a New Connection
  5. Choose to Use my Internet connection (VPN)
  6. Complete the Connect to a Workplacepage:
    • Internet address:kabaena.dcs.gla.ac.uk
    • Destination name: up to you, it is just a label.
    • Use a smart card: unchecked.
    • Remember credentials: unchecked (recommended)
    • Allow other people to use this connection: unchecked.
  7. Create

By default this creates the VPN connection and leaves the type as 'Automatic', which basically means it will try whatever the server offers. Usually this results is a basic username/password PPP VPN Connection.

If you want to use the more secure L2TP connection, you need to modify the connection properties.

  1. From Network and Sharing Center, click on Change adapter settings on the left panel.
  2. Right click the connection with the destination name you used above and select Properties
  3. Click the Security tab in the Properties dialog.
  4. Under Type of VPN select Layer 2 Tunnelling Protocol with IPsec (L2TP/IPSEC) from the drop down options.
  5. Click Advanced Settings just below.
  6. Select the Use pre-shared key for authentication and enter the following as the key: S0CSs3cure
    (Note: second character is digit zero.)
  7. Click OK to return to the dialog.
  8. Under Authentication, select the Allow these protocals radio box and check CHAP and MS-CHAP v2
  9. Click OK to complete and exit.

Optionally, you can configure the network to only use this VPN connection for traffic to that network. Only traffic to and from SoCS will use the VPN, everything else will use your normal route.

  1. From Network and Sharing Center, click on Change adapter settings on the left panel.
  2. Right click the connection with the destination name you used above and select Properties
  3. Click the Networking tab.
  4. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties
  5. Click Advanced...
  6. Uncheck Use default gateway on remote network
  7. Click OK
  8. Click OK
  9. Repeat steps 4-8 for the IPv6 protocol.
  10. Click OK to exit.

Using the VPN Connection

The pre-shared key is used for machine authentication. You still require your school username and windows password to authenticate yourself.

  1. Left click the network icon in the system tray area bottom right
  2. Select the connection created above and click Connect
  3. Enter your school username, e.g. DCS\smithjr and your school windows password.

MacOS X

These instructions were written for El Capitan (10.11.5). MacOS will no longer support PPP as of the Sierra (10.12) update, so these instructions are for L2TP.

Setting up the VPN Connection

  1. Open SystemPreferences.
  2. Open Network.
  3. Click the '+' symbol bottom left to add a new connection.
  4. Set Interface to VPN.
  5. Set VPN Type to L2TP over IPSec.
  6. Set Service Name to something you will recognise.
  7. Click OK to create.
  8. Specify the following configuration details:
    • Configuration: Leave as Default
    • Server Address: kabaena.dcs.gla.ac.uk
    • Account Name: set as your school windows account, e.g. DCS\smithjr
  9. Now click Authentication Settings...
  10. In the new dialog, make sure User Authentication has Password selected - your choice whether or not to enter your password here.
  11. Ensure that Machine Authentication has Shared Secret selected and enter the shared secret as S0CSs3cure
    (Note that the second character is digit zero.)
  12. Click OK
  13. Click Apply

Using the VPN Connection

  1. In System Preferences->Network, select the newly created connection if it is not already selected and click Connect
  2. If you didn't store your password above, you will be prompted for it here. Enter your school windows password - the username should be set to your DCS\username.
  3. Click OK

By default, MacOS 10.11 has the option to send all traffic over the VPN connection unchecked by default. If you want all traffic to use the VPN:

  1. Open SystemPreferences.
  2. Open Network.
  3. Select your VPN connection
  4. Click the Advanced... buttom at tthe bottom.
  5. Check the Send all traffic over VPN connection option.

 


Ubuntu

These instructions are based on Ubuntu 19.04. Other versions of Ubuntu should be very similar.

Setting up the VPN Connection

1. Open Terminal and type the following commands :

sudo apt-get update
sudo apt-get install network-manager-l2tp network-manager-l2tp-gnome

2. Go to Settings, then click Network

3. Under VPN click add and choose Layer 2 Tunneling Protocol (L2TP)

4. Enter the following :

Name : DCSVPN
Gateway : kabaena.dcs.gla.ac.uk
User name : Your school windows account user name
Password : Leave blank
NT Domain : Leave blank

5. Click IPSec Settings

6. Enter the following :

Tick Enable IPSec tunnel to L2TP host
Pre-shared key : S0CSs3cure
Phase 1 Algorithms : 3des-sha1-modp1024
Phase 2 Algorithms : 3des-sha1
Untick Enforce UDP encapsulation

7. Click PPP Settings

8. Enter the following :

Untick PAP
Tick CHAP
Untick MSCHAP
Tick MSCHAPv2
Untick EAP

Untick Use Point-to-Point encryption (MPPE)
Tick Allow BSD data compression
Tick Allow Deflate data compression
Tick Use TCP header compression
Tick Use protocol field compression negotiation
Tick Use Address/Control compression

Untick Send PPP echo packets

MTU 1400
MRU 1400

9. Toggle DCSVPN on, and enter your school windows password when prompted