Full-Tunnel vs. Split-Tunnel VPN: What You Need to Know

Posted on Monday, July 13th, 2020

What is VPN?

A virtual private network (VPN) provides a secure, encrypted internet connection, allowing users to safely send and receive data from anywhere.

What is changing?

Currently at U of G, VPN is used only to provide secure and encrypted access to specific U of G systems (Finance System, Central File Service, computers located on campus, etc.), while access to non-U of G systems are sent directly through users’ home internet connection. This is called a “split-tunnel” configuration. On July 18, 2020, CCS will be adding the option for a “full-tunnel” configuration, where users can utilize VPN to provide a secure, encrypted internet connection for all their online activities when necessary.

The full-tunnel option should be used in the following scenarios:

  • It should allow staff, faculty and international students to access online resources while in countries where access may unreliable.
  • It will allow for a secure, encrypted connection for U of G users when using public (unsecure) WiFi (e.g., in retail locations, cafes, airports, etc.).
  • It will provide an option for campus users needing to access cloud services that require traffic to come from an official University IP address due to access restrictions.

What do I need to know?

After the maintenance, users will first see the current options (users select On-Campus or Off-Campus connection as they do today, depending on where they are working) and then click Connect:

Cisco AnyConnect login tool. Dropdown menu has two items, U of G VPN Off-Campus Access and U of G VPN On-Campus Access

Once Connect is clicked, users will then see an additional option to select a Group (“Split Tunnel” or “Full Tunnel”):

Cisco AnyConnect login tool. A new dropdown is shown above the username and password fields, with the options Split Tunnel or Full Tunnel

In most cases users will select “Split Tunnel,” the same VPN configuration they are using today, unless one of the above scenarios apply. Once the desired Group is selected, users provide their login credentials as usual, click on “OK” and will be connected to the VPN service.

The full-tunnel connection may be slower than the split tunnel, and all internet traffic through the full tunnel will be protected by the University's security infrastructure and is subject to the Acceptable Use Policy which can be found here: uoguel.ph/aup.

Questions? Contact the CCS IT Help Centre for support.