| Table of Contents | ||||
|---|---|---|---|---|
|
Why use a VPN?
Off-campus computers are subject to various network restrictions:
...
Guides are located in the Confluence knowledge base
Common operating systems
Install the VPN client on Windows OS (applies to IE, Edge, Firefox, and Chrome)
Mobile devices
...
Accessing subscription-based resources through the VPN
...
The VPN technology cannot circumvent this practice directly. When using the VPN from home or elsewhere, traffic to the electronic resource website (for example, a journal website) will not be sent through the VPN because the resource is not on campus. Instead, the VPN client sends requests in the "usual" way for the off-campus system. This will appear to be from an address that is not a UWaterloo IP address, and so access is typically not automatically granted as it would be for an on-campus computer.
Fortunately, the UWaterloo Library has a portal web page that VPN users can use to access most subscription and licensed/restricted-access resources. From there you can reach all of the subscription-based resources that are available to the library.
...
RDP is now blocked at the campus boundary. When you need to use RDP, a VPN connection is simply established first, using the Cisco AnyConnect client (obtained from campus VPN website), then the RDP connection is established as before. Instructions for obtaining and installing the Cisco AnyConnect client are outlined below.
...
The AnyConnect client installs as a networking pseudo-device, e.g. "Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64" for 64-bit Windows 7.
The client pseudo-device will be assigned an address in the 172.16.36.0/22 range.
The DNS name associated with the dynamic IP address will be IP-address.dynamic.uwaterloo.ca, for example 172-16-36-55.dynamic.uwaterloo.ca.
A split-tunnel routing model is used. Traffic to 129.97.0.0/16, 172.16.0.0/12, fd74:6b6a:8eca::/47, and 2620:101:f000::/47 will be routed via the VPN connection, and all other traffic will use the client's normal default route.
The VPN server will not route any non-Waterloo traffic (i.e. destination networks 129.97.0.0/16, 172.16.0.0/12, fd74:6b6a:8eca::/47, and 2620:101:f000::/47) to an off-campus address. A typical user scenario is that after starting the VPN, they can get to campus addresses, but not anywhere else. In this situation the failure is probably on the client-side with its routing setup.
The number of routing hops to an on-campus address will likely be reduced, although the first hop may take more time.