How to install and connect to the VPN - Mac OS

Use checkvpn.uwaterloo.ca to see your computer's VPN connection status.

Video instructions

This video outlines how to access the VPN using the Duo Mobile push option. See step 2 below for instructions for other authentication methods (e.g. 6-digit code, bypass code, Yubikey).

Settings at a glance

If you already have the Cisco VPN client installed, you can use the following settings to connect: 

  • Server/connect to address: https://cn-vpn.uwaterloo.ca/

  • Username:  8 character username (eg. j25rober)

  • Password:  password

  • Second Password:

    • Type push for Duo Mobile push; enter ‘push2’ to receive the prompt on a secondary device, ‘push3’ to receive the prompt on a tertiary device, etc.

To avoid multiple prompts on your phone, accept the push within 10 seconds.

  • Type sms for text codes; you will get a text message with 10 codes. Re-enter your password, and type the first code in the second password field.

  • Type phone to get a phone call; enter ‘phone2’ to receive the prompt on a secondary device, ‘phone3’ to receive the prompt on a tertiary device, etc.

  • For Duo hardware token or Duo app, enter the 6-digit code from the token or app

  • For a Yubikey, touch the YubiKey with your cursor in the text box

How to install

  1. To begin, log in to the VPN website with your WatIAM credentials.  Most can use https://cn-vpn.uwaterloo.ca/+CSCOE+/logon.html, but depending on where you are on campus, you may need to use https://vpn-inside.private.uwaterloo.ca

    1. Second Password:

      • Type push for Duo Mobile push; enter ‘push2’ to receive the prompt on a secondary device, ‘push3’ to receive the prompt on a tertiary device, etc. To avoid multiple prompts on your phone, accept the push within 10 seconds.

      • Type sms for text codes; you will get a text message with 10 codes. Re-enter your password, and type the first code in the second password field.

      • Type phone to get a phone call; enter ‘phone2’ to receive the prompt on a secondary device, ‘phone3’ to receive the prompt on a tertiary device, etc.

      • For Duo hardware token or Duo app, enter the 6-digit code from the token or app

      • For a Yubikey, touch the YubiKey with your cursor in the text box

    2. Accept the Duo 2FA prompt on your device to continue to the next step.

  2. Once the fields above are entered, you will be redirected to the Download & Install page shown below. Click the Download for macOS button to download the installer disk image.

  3. Go to your  downloads folder  and double-click on the installer image, which will have a name such as  anyconnect-macos-4.6.01103-core-vpn-webdeploy-k9.dmg. This will mount and open the image and you should see the following window:

     

  4. Double-click on the .pkg installer file and you will be taken through the installation process. Click Continue to move through the steps.

  5. If you are running OS 10.14 (Mojave) you will get the following warning. Click OK to continue.

     

  6. At some point in the installation you may get the below dialogue window. If so, click  Open Security Preferences  and enable Cisco software.  Note:  you may also get the "Cisco AnyConnect Secure Mobility Client Notification" shown below. In which case, click on the  Allow  button, which will also take you to the Security & Privacy settings dialogue. 

     

  7. To authorize Cisco's apps, you will need to authorize them in the Security & Privacy settings shown below.

     

  8. Click on the  lock icon  on the bottom left and enter your admin credentials to unlock so you can make changes.

  9. Click on the Allow button to allow software from Cisco. After which you can close this preference window.

  10. You should eventually get to the final screen shown below. Click Close.

  11. Depending on your OS version you might get the following dialogue after closing the installer. Clicking on Move to Trash will delete the installer disk after closing. If you don't get the above option, you will have to eject the installer volume and delete the installer disk manually.

How to connect

You do not need to repeat the installation process each time you want to use the VPN. The installation process installs the Cisco VPN client into the Applications folder. You can run it from there or add it to your Dock.

If you haven't connected before, you will need to specify the VPN server:

  1. Select "cn-vpn.uwaterloo.ca" and click Connect. This brings you to a login window where you can authenticate with your WatIAM credentials. Under the 'Group' drop-down menu, select 'UW-General-Campus'. 
    Note: 'UW-General-Campus' is the recommended profile. 'UW-Campus' should be used as an alternative profile.

    1. Enter your 8-character username into the username field, not username@uwaterloo.ca or username@edu.uwaterloo.ca.

    2. Enter the Second Password:

      • Type push for Duo Mobile push; enter ‘push2’ to receive the prompt on a secondary device, ‘push3’ to receive the prompt on a tertiary device, etc. To avoid multiple prompts on your phone, accept the push within 10 seconds.

      • Type sms for text codes; you will get a text message with 10 codes. Re-enter your password, and type the first code in the second password field.

      • Type phone to get a phone call; enter ‘phone2’ to receive the prompt on a secondary device, ‘phone3’ to receive the prompt on a tertiary device, etc.

      • For Duo hardware token or Duo app, enter the 6-digit code from the token or app

      • For a Yubikey, touch the YubiKey with your cursor in the text box

    3. Click ‘OK’ in the bottom-right.

    4.  Accept the Duo 2FA prompt on your device to continue.

  2. Once you’ve accepted the 2FA prompt on your device, you should see the pop-up below in the top-right of your screen.

  3. When the client is active, the VPN connection can be controlled from the Menu Bar icon:

     

Need Help?

Contact the IST Service Desk online or 519-888-4567 ext. 44357.

Article feedback

If you’d like to share any feedback about this article, please let us know.