Accessing Waterloo learning technologies from China

Students living and studying in China may experience slow connections, increased latency, and inconsistent access while using UWaterloo learning technologies from China. UWaterloo has engaged a cloud enterprise network service from Alibaba, a company operated within China, to improve network flows in and out of China. You should see improvements when using the solution for learning technologies (e.g. LEARN, Crowdmark, Bongo), though the degree of improvement can vary depending upon your home province and your residential internet speed.

About this service

  • UWaterloo provides this service using the Alibaba Cloud Enterprise Network.

  • Alibaba Cloud, also known as Aliyun, is a Chinese cloud computing company, and subject to laws in China or surveillance by authorities in China

  • Alibaba Cloud's terms of service is available here

  • Use of this service is optional. You are under no obligation to use this service.

  • Alibaba Cloud doesn't hold, or have access to, any UWaterloo records, including your 8-character username (e.g. j25rober), password, student ID number, name, and UWaterloo email address

  • The University of Waterloo cannot ensure or warrant the security of Alibaba Cloud's product and services

  • The service is meant to be used only for learning technologies in your courses  (such as LEARN, Crowdmark, PebblePad, Bongo), and only those applications are enabled through this solution. It does not lift restrictions on resources that are not generally available to you.

For incoming students

Not all incoming students will have access to the Alibaba cloud enterprise network immediately. If you see a can't find a password error message on this page: https://checkin.uwaterloo.ca/fetchmyvpnpassword/, this means that you do not have access to it yet.

If you have any questions or concerns about this, contact the IST Service Desk


On this page:


Accessing your login credentials

Students can use the following fetch my VPN password tool to receive their special login ID and password: https://checkin.uwaterloo.ca/fetchmyvpnpassword/.

How to connect on Windows 10 

Installation

  1. Download the 'vpn-ca-cert.crt' file and save to your Downloads folder. 

  2. Go to Start menu > search for Windows PowerShell (x86) and right-click and select Run as an Administrator. Enter your credentials when prompted. 



  3. Open your Downloads folder > right-click and Copy the file path of the 'vpn-ca-cert.crt' file and save for step 4. 


  4. In PowerShell, copy the following four command lines and press Enter after each line.

    1. In line 1 of the command below, replace the ~\Downloads\vpn-ca-cert.crt with the file path copied from Step 3 concatenated with vpn-ca-cert.crt.

      1 2 3 4 5 6 7 certutil –addstore -enterprise –f "Root" ~\Downloads\vpn-ca-cert.crt Add-VpnConnection -Name "106.14.170.158" -ServerAddress "106.14.170.158" -TunnelType IKEv2 -EncryptionLevel Maximum -AuthenticationMethod EAP -RememberCredential Set-VpnConnectionIPsecConfiguration -ConnectionName "106.14.170.158" -AuthenticationTransformConstants GCMAES256 -CipherTransformConstants GCMAES256 -EncryptionMethod GCMAES256 -IntegrityCheckMethod SHA384 -DHGroup ECP384 -PfsGroup ECP384 -Force Set-VpnConnectionProxy -Name "106.14.170.158" -AutoConfigurationScript "http://192.168.210.108/example.pac"

       

  5. Make sure your PowerShell outputs are the following before proceeding to the next section:

 

If you received any error messages through the course of the installation process, you should always delete and clear the results of those commands.

Please see Common errors for the Alibaba cloud enterprise network solution

How to connect

  1. Go to Start menu > search for VPN and click on VPN settings




  2. Select the 106.14.170.158 network and click Connect.

  3. Enter the special VPN username and password provided. You will now be connected to the VPN. Do not enter your normal 8-character username (e.g. j25rober) and password. 

     

Note

If you received an error message when connecting, please see Common errors for the Alibaba cloud enterprise network solution

 

How to connect on MacOS

Installation

  1. Download the vpn-ios-or-mac.mobileconfig file onto your device. Click the file to open. 

    If you are having issues downloading the file, please see Common errors for the Alibaba cloud enterprise network solution

     

  2. Click Continue in the pop-up windows. 

     

  3. Enter the username and password, not your UWaterloo credentials. Click Install

  4. If prompted, enter your computer username and password to allow for changes to be made. The profile will then be added. 



 

How to connect

  1. To the Apple menu > System Preferences

     

  2. Click and open Network

     

  3. Select the connection named 106.14.170.158 and click Connect. You will now be connected to the VPN. 






How to connect on Ubuntu 

This guide will only work if the APT package manager is available on your system (eg. Ubuntu or another Debian based distribution). For other distributions of Linux, contact helpdesk@uwaterloo.ca for support. 

Installation

  1. Download the 'vpn-ubuntu-client.sh' and 'vpn-ca-cert.crt' files and save them in the same directory. In this guide, they've been saved to ~/Documents/VPN/. 

  2. Navigate to the directory where you downloaded the files.

    1. In your file manager, go to that directory, right-click on the background (not the files) and choose Open in Terminal.



  3. Check for updates to your programs with:

    1 sudo apt update

    You will be prompted for your computer password. Type it in and press Enter. This will run for a few minutes. 

  4. Change the permissions of the shell script (.sh file) using:

    1 chmod +x vpn-ubuntu-client.sh

     

  5. Run the shell script as root using:

    1 sudo ./vpn-ubuntu-client.sh
    1. Enter your VPN username. 

    2. Enter your VPN password.  

  6. Your computer will now install strongSwan and some dependencies. This may take several minutes. Once you see the text as below, you have successfully installed the VPN client.

    1 2 3 To disconnect: ipsec down ikev2vpn To resconnect: ipsec up ikev2vpn To connect automatically: change auto=add to auto=start in /etc/ipsec.conf

     

  7. Restart your computer. 

How to connect

  1. Open a new Terminal window.

  2. Run: 

    1 sudo ipsec up ikev2vpn

    Enter your computer password. You will now be connected to the VPN. 

 

Connection Failure

If you are experiencing failure when connecting to VPN on ubuntu, you will also need to run the code shown below.

This will install resolvconf and you will be able to connect. Remember to reboot before you connect again.

1 sudo apt install resolveconf

 

For more ubuntu VPN connection troubleshooting, see https://github.com/trailofbits/algo/issues/805


How to connect on iOS

Installation

  1. Download the 'vpn-ios-or-mac.mobileconfig' file onto your device. Click the file. A pop-up will appear asking you to review the profile in your device Settings. 

     

  2. Go to the Settings app > General > scroll down and click on Profile. Click on the downloaded profile, IKEv2 VPN configuration 




  3. Click Install. Enter your passcode if prompted.




  4. On the Warning screen, click Install

       

  5. Enter the username and click Next

     

  6. Enter the password and click Next



  7. The profile is now installed. Click Done

How to connect

  1. Go to the Settings app > General > scroll down and click on VPN



  2. Make sure '106.14.170.158' is selected from the VPN list and switch the Status toggle from Not Connected > Connected. You will now be connected to the VPN. 







How to connect on Android

Installation

  1. Download the 'vpn-ca-cert.crt' and 'vpn-android-profile.sswan' files onto your device.

  2. Install the latest strongSwan VPN client app from the Google Play Store. 

     

  3. Open the strongSwan app. Click on the ellipses > select CA Certificates

     



  4. Click on the ellipses again > select Import certificate

     

     

  5. Locate and select 'vpn-ca-cert.crt' from the File Browser. Select Import Certificate

     

     



  6. In the strongSwan app homepage, click on the ellipses > Import VPN profile. 

     



  7. Locate and select 'vpn-android-profile.sswan'. Enter the username and password. Click Import

     




  8. Go to the Settings app > Network & Internet > Wi-Fi > select the gear icon beside your connected Wi-Fi network > click the pencil icon on the top-right. 

  9. In the pop-up window, scroll down to Proxy. From the drop-down menu, select Proxy Auto-Config.  

  10. In the PAC URL field, enter 'https://pac-bucket.oss-cn-shanghai.aliyuncs.com/vpn-android.pac'. Click Save

How to connect

  1. Open the strongSwan app. Select the '106.14.170.158' network to connect. You will now be connected to the VPN. 

 

Need help?

Contact the IST Service Desk online or 519-888-4567 ext. 44357.

Article feedback

If you’d like to share any feedback about this article, please let us know.