Glasgow University VPN
The University VPN pages are at https://www.gla.ac.uk/myglasgow/it/vpn/. They can be a bit light on documentation though, so here are some more notes on configuration and use.
If you're experiencing VPN problems, please consult the VPN tips page for some advice on debugging these, and how best to report them.
You might be able to make use of the generic connection details with a platform-native VPN client. That route has worked in the past and may work in the future, but as far as we aware this is not currently viable, and we mention it here for reference, and to support experimentation.
Credentials to use §
As a central university service the VPN uses your GUID for
authentication. Note that it only works with the short version of
your GUID – jb25s
will work, Joe.Bloggs@glasgow.ac.uk
won't.
Connection profiles §
When connecting with the Cisco or OpenConnect clients you will have a
choice of connection profiles to use. The only two you will usually
need are Off_Campus_use
and Campus_Use
. The difference between
these (slightly confusingly named) options is how your network
traffic is routed.
You will typically want to use the Off_Campus_Use
profile.
The expectation is that, when the VPN is connected, you are ‘on campus’ in networking terms and you can still see the rest of the internet. If this isn't the case, then something is misconfigured.
Off_Campus_use
This implements what is called ‘split tunneling routing’. Traffic destined for IP addresses within the University goes through the encrypted pipe to the VPN server in the University, and from there to the destination system. Traffic destined for anywhere else goes through your normal network connection.
The use cases are:
- You need access to the internal Glasgow network, but you also don't want to slow down your connection to other places (or just want to be nice and minimise the load on the VPN server).
- You are running Windows (with the
On-Campus
profile all web traffic has to go through the University web proxy server. Windows can take several minutes to detect the proxy change without some quite technical prodding).
Campus_Use
This is simple to explain. All your network traffic is routed from your computer, through an encrypted pipe to a server in the University, and then proceeds to the destination system. Return traffic passes the same way. To any system, website etc you connect to it looks like you are connecting from a computer on the University network.
The use cases are:
- You need to access a resource (say a journal) that only allows you access when coming from a University address. Note that the need for this is rarer than it used to be (that is, you probably don't need this): more often, nowadays, you can get to journals by going to a login page and selecting ‘sign in via your institution’ or similar wording. Follow that link (if you see ‘shibboleth’ as an option, pick that over ‘Open Athens’), select ‘University of Glasgow’, and log in with your GUID.
- You do not trust the local wifi (in an airport or hotel, perhaps) and you want to ensure all your network traffic is protected (at least from your computer to the University)
For reference when troubleshooting, the addresses that are routed through the VPN (as of November 2020) are
130.209.0.0/16
172.20.0.0/16
172.21.0.0/16
194.80.44.0/24
194.80.45.0/24
194.36.1.0/24
10.209.0.0/16
194.83.7.160/28
172.22.0.0/16
172.29.7.0/24
193.120.176.187/32
184.146.180.10/32
10.20.32.0/24
130.209.4.18/32
130.209.4.16/32