Advanced VPN configuration options
The VPN gateway has a keep-alive heartbeat to check that the network link to your computer is still working. If you are connected with a weak or unreliable wireless signal, your VPN session may be closed if there is a short disruption to your network link.
Unexpected VPN Session Closure
This timeout value can be extended to a maximum value of 480 seconds.
The VPN service is ideal for ensuring privacy of data when using an external network, however some ISPs do not permit the necessary IP packets to allow the VPN client to cross their network.
These are IPSec packets (IP protocol 50) for the Cisco client, and GRE packets (IP protocol 47) for the inbuilt PPTP clients found on Windows and Apple operating systems.
The following mechanism is also useful if there is a firewall between your device and the VPN server, and also if your ISP uses NAT to assign you an IP address (as is the case at public Wireless hotspots).
You will first need to install the cisco VPN client.
If you are using software version 5.0.00.0340 or later of the Cisco IPSec VPN client then Network Translation Transparency (NAT-T) will be automatically enabled when required. Otherwise you should configure tunnelling as described below.
- Bring up the VPN dialer.
- Click Options.
- Click Properties.
- Click Enable Transparent Tunneling.
- Click Use IPSec over TCP (NAT/PAT/Firewall).
- Ensure that the TCP Port is 10000.
- Click OK.
- Click Connect.
TCP Port 10000 must be open at your local firewall (if you have one) to ensure that this mechanism will work.
For Unix based clients, configure the use of TCP Transparent Tunneling using TCP Port 10000 in the profile.
Alternatively you can click UDP tunnelling.
By default a VPN session will send all your device's traffic to the University VPN gateway. It will appear to the rest of the world that your device is physically connected to the University network.
In some circumstances, this means that you are unable to connect to machines on your local network e.g. your home printer.
The work round for this is to use split-tunnelling as described below.
NB: this will only work using the Cisco IPSec VPN client.
- You must use host vpn2.net.ed.ac.uk for the VPN endpoint.
- Under Group Authentication use Name "splittunnel" and Password "horizon".
- Connect as usual.
You can now verify the secured routes by:
- Click "Status and then Statistics".
- Click "Route Details".
You will see that the only Secured Routes are to 188.8.131.52 mask 255.255.0.0 and 184.108.40.206 mask 255.255.240..