Introduction
Secure Sockets Layer (SSL) virtual private network (VPN) provides secure remote access from one machine to restricted/private resources across a public network. Virginia Tech's SSL VPN service referred to as “Remote Access VPN,” is a subscription-based service that allows a user to access Virginia Tech resources remotely across the globe. This service does not provide any end-to-end encryption to other services that are being accessed over VPN but does encrypt the traffic between your machine and the VPN device.
Top of page
Contents
Top of page
Top of page
Eligibility Requirements
- All current Virginia Tech faculty, staff, and students are eligible to access Remote Access VPN.
- Remote Access VPN is a subscription-based, bundled service with the Virginia Tech wireless network service or the Virginia Tech wired Ethernet service. You can verify your subscription by following the instructions at Registering Online for Wireless LAN Service.
- You may use either Virginia Tech provided computers or personally owned computers to connect to Remote Access VPN, as long as they meet the minimum system and password requirements.
- You must have access to an administrator account on the computer. If you have a computer owned by Virginia Tech and do not have that access, contact your Network Liaison or contact 4Help by clicking Get Help on the 4Help Portal.
Top of page
See Ivanti Secure Desktop Client Supported Platforms Guide for a list of supported operating systems and web browsers.
For security reasons, we ask users to upgrade their machines to the latest version and update them periodically to receive any patches for vulnerabilities. Network Infrastructure and Services (NI&S) is unable to support operating systems that are no longer supported by the operating system manufacturer.
Top of page
Network Requirements: Enable IPv6
To access Virginia Tech Remote Access VPN service, you must enable both IPv4 and IPv6 stacks on your network adapter. IPv6 requirement is not dependent on your ISP's ability to provide you with an IPv6 address, this is because the VPN allocates you an IPv6 address and does need the IPv6 stack to be enabled on your network adapter. To enable IPv6, follow the instructions in the Authentication successful but following error is displayed: "Connection Error Failed to setup virtual adapter. (Error:1205). (restart your system and try again)." section of Remote Access VPN Frequently Asked Questions.
Top of page
2-Factor Authentication
The Virginia Tech Remote Access VPN service requires 2-factor authentication. For more information, see Authenticating using 2-Factor Authentication.
Top of page
Connection Options
Generally, a) - VT Traffic over SSL VPN is the recommended connection profile, since it provides access to all Virginia Tech resources and doesn't slow down internet traffic to services outside of Virginia Tech. For more information, see the Which Connection Profile Do I Use? section of Remote Access VPN Frequently Asked Questions.
Top of page
Instructions
Downloading and Installing Ivanti Secure Access on Windows
- Verify that you are registered to use the Remote Access VPN service. For instructions, see the To Verify Registration section of Registering Online for Wireless LAN Service.
- If you have not already done so, enroll in 2-factor authentication by following the instructions at Enrolling, Adding, Managing, or Removing a Duo 2FA Device.
- If Ivanti is currently installed, uninstall Ivanti.
- Click Start.
- Your cursor will automatically be placed in a text box. Start typing: programs
- As you type, results will appear and change. Click Add or Remove Programs.
- Click Ivanti Secure Access. (You may have to scroll down to see Ivanti Secure Access.)
- Click Uninstall.
- If prompted for a username and password, enter the credentials of an administrative account.
- When prompted about are you sure, click Yes.
- When prompted to save configuration settings, click No.
- When the uninstall is complete, click OK.
- To download the Ivanti installer, click the following link:
- If prompted, choose to save the installer file to your computer.
- When the download is complete, to launch the installer, double-click the vtVpnSetup icon.
- If prompted by a "Windows protected your PC" window:
- Click More info.
- Click Run anyway.
- If prompted for a username and password, enter the credentials of an administrative account.
- In the user account control window, click Yes.
- Click Install.
- When the installation is complete, click Finish. Ivanti will start and minimize to the notification area.
- Follow the instructions below for Connecting to VPN in Windows.
- If you are experiencing any problems please review the Remote Access VPN Frequently Asked Questions.
Connecting to VPN in Windows
- The instructions below are for connecting to a) - VT Traffic over SSL VPN, and the procedure is the same for connecting to the other connection profile.
- If you have not yet installed Ivanti, follow the instructions above at Downloading and Installing Ivanti Secure Access on Windows.
- If you do not know which connection profile to use, we recommend using a)- VT Traffic over SSL VPN. For more information, see the Which Connection Profile do I use? section of Remote Access VPN Frequently Asked Questions.
- In the Windows notification area in the lower-right of the screen, click Ivanti Secure Access.
- Click a) - VT Traffic over SSL VPN.
- Click Connect.
- In the browser window that opens type your credentials.
- In the Username text box, type your VT PID, which is the first part of your @vt.edu email address.
- In the Password: text box, type your PID password.
- Click Login.
- Complete 2-factor authentication.
(If your second factor device is unavailable or broken, see Lost, Forgot, Broke, or Unavailable 2-Factor Device.)
The screen will default to your preferred 2-factor method. If you prefer to use another method click on the Other options link. The following list is the options available for 2-factor authentication
- To use push notification:
- Select Duo Push from the Other options list.
(This will send a push notification to the first push-capable device that is enrolled in your Duo account. To send the push notification to a different device, select the last item from the Other options list, Manage devices.)
- When the push notification appears, accept the Duo push notification.
- If the push notification does not appear, see Duo Mobile App Errors, Problems, and Connection Issues / Duo Push Not Received.
- When the connection is complete, the window will automatically close, and the Ivanti icon will have a green arrow.
- To use SMS text message:
- Select Text message passcode from the Other options list.
(This will send an SMS to the first SMS-capable device that is enrolled in your Duo account. To send the SMS to a different device, select the last item from the Other options list, Manage devices.)
- You will receive an SMS text message that starts with "VT DUO: SMS passcodes:" to your primary mobile phone. Open that text message which will contain a seven digit passcode.
- In the "Passcode" text box, type in the passcode from the SMS text message.
- Click Verify.
- When the connection is complete, the window will automatically close, and the Ivanti icon will have a green arrow.
- To use a voice phone call:
- Select Phone call from the Other options list.
(This will call the first voice-capable device that is enrolled in your Duo account. To send the phone call to a different device, select the last item from the Other options list, Manage devices.)
- The primary telephone number associated with your Duo account will ring. Answer the telephone.
- Press one of the number keys on the phone to confirm the authentication.
- When the connection is complete, the window will automatically close, and the Ivanti icon will have a green arrow.
- To use a Yubikey:
- The Yubikey must be previously registered with Duo as AES. U2F tokens will not work. For instructions, see Enrolling a YubiKey as AES/OTP to Use in Any Browser.
- Select Security key from the Other options list.
- When prompted to "Touch your security key" tap your YubiKey. The passcode will be automatically generated and submitted by the YubiKey for you.
- When the connection is complete, the window will automatically close, and the Ivanti icon will have a green arrow.
- To use a 6-digit numeric passcode from the Duo mobile app:
- Start the Duo mobile app.
- In the Duo mobile app, tap Show to the right of the hidden Passcode.
- On your computer select Duo Mobile passcode from the Other options list.
- In the Passcode text box, type the 6-digit numeric passcode from the Duo mobile app.
- Click Verify.
- When the connection is complete, the window will automatically close, and the Ivanti icon will have a green arrow.
- To use a 6-digit numeric passcode from a D-100 token or a software token:
- Use the D-100 token or the smartphone application to generate a 6-digit numeric code.
- On your computer select Duo Mobile passcode from the Other options list.
- In the Passcode text box, type the 6-digit D-100 numeric passcode.
- Click Verify.
- When the connection is complete, the window will automatically close, and the Ivanti icon will have a green arrow.
- If this is the first time connecting on your machine you will receive the following prompt:
If the computer is public or shared between multiple users select "No, other people use this device" so that your VPN login information is not saved. If you are the only user of the computer select "Yes, this is my device".
- If prompted about an upgrade to Ivanti:
- Click Upgrade.
- In the user account control window, click Yes. Ivanti will download and install the upgraded version, restart, and you will be reconnected to the remote access - VPN.
- When you are finished using the remote access VPN, disconnect from it. To do this:
- In the Windows notification area in the lower-right of the screen, click Ivanti Secure Access.
- Click a) - VT Traffic over SSL VPN.
- Click Disconnect.
- If you are experiencing any problems please review the Remote Access VPN Frequently Asked Questions before contacting 4Help by clicking Get Help at the top of this page.
Top of page