Get Support [12]
When connecting from off-campus, the Remote Secure Access service, or Virtual Private Network (VPN), ensures the security of the connection by encrypting all data transmitted between your computer and the University network. This allows your connection to appear to be exactly the same as if you were connecting on campus.
Using VPN allows a connection to University systems or the campus network from anywhere with an internet connection. For instructions on installing and using VPN, visit the VPN AnyConnect User Guide [13].
In order to create this secure access it is first necessary to establish a Virtual Private Network (VPN). It is “virtual” because it does not rely on a direct connection and it is “private” because it keeps the data secure from other public internet communications.
Note: When you are connecting via the public internet, the speed of your connection depends on your internet service provider (at home or from where you are connecting) and not the VPN connection.
Traffic Encryption Policy
The purpose of the VPN service is to provide a secure way to access U of G or other online resources. After you establish your VPN session, data traffic is encrypted based on the variant of VPN you select (see below).
Split Tunnel vs. Full Tunnel VPN
There are two variants of VPN available. You are able to choose the one that best matches your scenario when you connect:
Split Tunnel
- This is the default VPN service and should be used most often when connecting from on-campus, home, or another secure internet connection.
- The split-tunnel configuration allows you to use VPN to connect securely to specific U of G systems (Finance System, Central File Service, computers located on campus, etc.).
- Access to non-U of G systems continues to be sent directly via users' home internet service provider (or via the secure internet link to which users are connected when not at home).
Full Tunnel
- This option allows you to direct ALL of your online activities through VPN for a fully secured and encrypted connection when necessary. This includes connecting to the U of G network and systems, as well as to non-U of G online resources and websites.
- The full-tunnel configuration should be used in the following scenarios:
- when connecting from countries that may restrict access to online services;
- to provide a secure connection when using public (non-secure) WiFi; and
- when accessing cloud services that require an official University IP address.
- The full-tunnel connection may be slower than the split tunnel. all internet traffic through the full tunnel will be protected by the University's security infrastructure and is subject to the Acceptable Use Policy which can be found here: uoguel.ph/aup [14].
This service is provided by CCS free of charge.
Frequently Asked Questions:
What is the difference between split tunnel and full tunnel?
The split-tunnel configuration allows you to use VPN to connect securely to specific U of G systems (Finance System, Central File Service, computers located on campus, etc.). Access to non-U of G systems continues to be sent directly via users’ home internet service provider (or via the secure internet link to which they are connected if not at home). The split-tunnel configuration is the default VPN service and should be used most often when connecting from on-campus, home, or another secure internet connection.
The full-tunnel configuration allows you to direct ALL of your online activities through VPN for a fully secure and encrypted connection when necessary. This includes connecting to the U of G network and systems, as well as to non-U of G online resources and websites. The full-tunnel configuration should be used in the following scenarios:
- when connecting from countries that may restrict access to online services;
- to provide a secure connection when using public (non-secure) WiFi; and
- when accessing cloud services that require an official University IP address.
Why is my internet speed slow when using the full-tunnel VPN configuration?
When many users are connected via the full-tunnel VPN configuration, they compete for the same bandwidth and their activities can contribute additional load to our U of G internet circuit and firewall. This could result in overall slower service. For that reason, the full-tunnel option should only be used when required (international students, when connected to unsecure public WiFi or when having to access internet services that are restricted to U of G IP address space).
Will my internet activites be logged and/or monitored while using the full-tunnel VPN configuration?
All internet traffic through the full tunnel is handled the same as on-campus traffic, which is protected by the University's security infrastructure and is subject to the Acceptable Use Policy which can be found here: uoguel.ph/aup. The University may audit, access or restore any IT resource within its environment when it has reasonable grounds to suspect a breach of acceptable use or a possible violation of any law or University policy.
Installing AnyConnect VPN software on Windows 2000.
When connecting for the first time, an error may be reported: The installer failed to execute successfully. Your computer may be missing a required Microsoft library.
Problem: The file MSSL VPN CLIENTP60.dll is missing from the directory winnt\system32.
Solution: Download the file from the Microsoft website (www.microsoft.com) and copy it to the directory.
Poor performance exhibited by disconnections or stalled communications.
Problem: If you are using a wireless connection, your communication profile may be configured to continuously scan for a better connection. This behaviour will interfere with the connection established by the AnyConnect VPN software.
Solution: Disable scanning for the profile that uses AnyConnect VPN. Note: If you want scanning enabled when you are not connecting remotely via AnyConnect VPN, create another profile.
AnyConnect VPN connection does not come up using Internet Explorer.
Problem: Internet Explorer is configured with a proxy.
Solution: To change the Internet Explorer setting:
1. On the main menu, choose Tools / Internet Options.
2. Choose the Advanced tab.
3. In the Settings list, scroll down to the HTTP 1.1 settings section.
4. Check Use HTTP 1.1 through proxy connections. (Note: If the setting is already enabled, contact the CCS Help Centre because this is not the problem.)
5. Click OK
SSL VPN connection was disrupted and must be re-established manually.
Problem: The link has been disconnected because of some unspecified reason. (Error message: SSL VPN connection was disrupted and must be re-established manually)
Solution: Check that your computer is still connected (that is, for physical connections, that the wire is securely attached; for wireless connections, that the signal strength is high).
If the problem continues, contact the CCS Help Centre.
Disabling AnyConnect Automatic Pop-up
If you would like to disable the automatic pop-up that prompts you to connect to VPN each time you log in to your computer, follow these steps:
1. Press the Windows key (on the bottom left of your keyboard) or click the Start button on the bottom left of your screen.
2. When you see the screen below, search for they System Configuration menu by typing “System Configuration” in the search bar.
3.Select the Startup Tab. Look for “Cisco AnyConnect Secure Mobility Client”.
4.Click the box on the left side (see arrow below) to uncheck “Cisco AnyConnect Mobility Client” and then click “OK” at the bottom.
5. You will be given the choice to restart your computer if you want the pop-up disabled immediately. Otherwise, the change will take effect the next time you reboot.
For specific instructions on installing the Cisco AnyConnect Secure Mobility Client (VPN client) or using it for the first time, please refer to the VPN AnyConnect User Guide [13]. Please note, all CCS Managed Desktop clients should have VPN client software installed on their computers. If this is not the case, please contact the CCS Help Centre [15] (above).
If you need help or have questions about the service, please email us at IThelp@uoguelph.ca or check our CCS Help Services page for more ways to contact us:
- CCS Help Services [15]
There may be scheduled maintenance or a service issue occurring. Please refer to CCS System Status Page for more information:
Item | Expectation |
---|---|
Service availability | 24x7 except during scheduled maintenance periods (see CCS System Status Page [16]). |
The software is freely available and works with many operating systems:
- Microsoft-supported versions of Windows 10 for ARM64-based PCs
- Windows 8.1 and current Microsoft supported versions of Windows 10 x86(32-bit) and x64(64-bit)
- macOS 11.2 (or later), 10.15, and 10.14 (all 64-bit)
- Linux Red Hat 8 and 7
- Ubuntu 20.04, 18.04, and 16.04 (all x64)
For instructions on installing and using VPN, please visit the VPN AnyConnect User Guide [13]. Please note, all CCS Managed Desktop clients should have VPN client software installed on their computers. If this is not the case, please contact the CCS Help Centre (above).
Note: Using this software outside of Canada carries certain restrictions; for more information see Encryption Control Guidance [17].