A Virtual Private Network (VPN) allows your computer to connect to a remote secure network (such as the campus network) when you are connected to internet from another location (i.e., off campus).
If you do not have the VPN installed currently, [[install Cisco Anyconnect]] before continuing.
Once you have installed the vpn, you can start it and connect to access resources on campus that are otherwise available directly from internet.
* [[Install Cisco Anyconnect->install Cisco Anyconnect]]
* [[Check if the VPN is working->vtest]]
* [[Check your DNS settings->DNS]]To test if the VPN is working, visit (link-repeat: 'http://t.ucf.edu/vtest')[(open-url: 'http://t.cs.ucf.edu/vtest')]
You should see the message "You seem to be using the vpn."
If it says "It doesn't seem like you are using the VPN":
* Make sure you [[installed and connected->start]] the VPN.
* [[Check your DNS settings->DNS]]
If it is otherwise unable to open the page, use the command line for further diagnostics as the error from the web browsers frequently don't make it clear what the problem is. Further tests will be needed to [[distinguish errors]].
DNS is the internet service to resolve hostnames into IP addresses. Several configuration issues can cause this to not work with the VPN.
* You can try checking your operating system's [[DNS settings->Check DNS servers]]
* You can check indirectly via your web browser. If (link-repeat: "http://t.cs.ucf.edu/vtest")[(open-url: 'http://t.cs.ucf.edu/cgi-bin/vtest')] does not work but (link-repeat: "http://10.173.204.45/cgi-bin/vtest")[(open-url: 'http://10.173.204.45/cgi-bin/vtest')] does, your DNS is probably misconfigured or you are not connected to the VPN.
* try [[nslookup]] to query the DNS servers your system is using.
OS: [$os]<os|
(link-repeat: "(show linux)")[(set: $os to "linux")(replace: ?os)[$os](show: ?linux)]
(link-repeat: "(show windows)")[(set: $os to "windows")(replace: ?os)[$os](show: ?windows)](append: ?sidebar)(display: "oschooser")(if: $os is "linux")[(show: ?linux)](if: $os is "windows")[(show: ?windows)]
[[return to start->start]]There are several possible reasons why the web browser can't reach a host. It is necessary to use the command line to distinguish these.
* try pinging the host:
$tt[ping t.cs.ucf.edu]
** Make note of the ip address
$tt[PING newton.i2lab.ucf.edu ('''132.170.214.188''') 56(84) bytes of data.]
** If the address starts with 132.170 it has [[resolved externally]]
** If the address starts with 10.173 then it has correctly resolved internally
** If the hostname is not found, your name service lookup is not functioning correctly
* Hostname not found: try [[nslookup]]
* Host unreachable: check for [[firewall]] issues
* Connection refused: remote webserver disabled and/or wrong protocol?(set: $tt to (css: "font-family: monospace"))
The hostname $tt[t.cs.ucf.edu]] should resolve to different ip addresses on campus and off campus. If it resolves to 132.170.214.188 (the external address) instead of 10.173.204.45 (the internal address) then your system is using an external DNS server.
If you are off campus and not using the VPN then this is normal.
If you are on campus or connected to campus via the VPN, and are still getting the external address, then your system is using an external DNS server, which must be removed to successfully resolve on campus hostnames. You will need to [[change dns server settings]] to fix this.
If command line tools correctly resolve the inside address, but the web browser gets the external address, check for [[proxy settings in the web browser->web proxy]] or use a different web browser.Web proxy servers don't affect network use outside of the web browser, but may cause problems in the browser.
The most likely source of web proxy settings is spyware trying to record your browsing habits or adware trying to inject ads into your browsing experience.
Each web browser sets the web proxy in a different way:
* Internet explorer and Edge: operating system "internet settings"
* Firefox: settings -> network settings -> configure...internet
* Chrome: operating system settings
If you intentionally use a web proxy server, you can use tools like foxyproxy to manage multiple proxy settings for different websites.
(display: 'oswarning')
|linux)[In Ubuntu, network proxy can be configured at Settings > Network > Network Proxy]
|windows)[In Windows, you can change your proxy settings:
* Open control panel and select Network and internet
* Select Internet Options and select the ''Connections'' tab.
* In the bottom half, select ''LAN settings''
* Make sure ''Use a proxy server'' is unchecked.
](display: "oswarning")
You can check your operating system's DNS servers directly or indirectly.
* Directly check for foreign DNS servers:
|linux)[In linux, there are several ways DNS servers might be configured. Try
$tt[systemd-resolve --status]
or
$tt[cat /etc/resolv.conf]]
|windows)[In Windows, open a command prompt and run $tt[ipconfig /all | more] and Look for something like:
$tt[ DNS Servers . . . . . . . . . . . : 10.208.8.96
]
* check for [[DNS proxy]] set by virus checkers like mccaffrey
]
If there are DNS servers not starting with 10. they may need to be removed by [[changing operating system DNS settings->change dns server settings]]
Some virus scanners and malware add DNS proxy servers to the operating system configuration.
Virus scanners claim they do this to try to verify that hosts you visit on the web are legitimate and not providing malware. However, several virus scanning companies have been caught reselling this collected information.
This must be disabled to correctly resolve on campus hostnames, as you must use on campus DNS servers to get on campus IP addresses.
This feature goes under a number of names in your virus scanner's settings:
* ''DNS Proxy''
* ''Safe Web Browsing''
* ''Web shield''
* ''Real site shield''
* ''Smart DNS''
* ''Safe Web''
* ''DNS protection''
These will need to be disabled to access internal UCF hosts with the VPN. nslookup is a tool (available in windows and linux) to directly query DNS servers. For example:
$tt[$ //nslookup//
> //t.cs.ucf.edu//
canonical name = newton.i2lab.ucf.edu.
Name: newton.i2lab.ucf.edu
Address: 10.173.204.45
> //exit//
]
Try this not just with t.cs.ucf.edu but also the host you are trying to connect to.
If nslookup gives correct answers, but other operating system tools (like ping) do not, then your operating system is not using DNS to resolve its names. You will need to [[fix OS name resolution]].
IF nslookup gives incorrect answers or no answers, you may have mistyped the name, or your system may be configured to talk to an external DNS server that needs to be removed, or the DNS server may have a problem. Try [[checking your DNS configuration->Check DNS servers]].
If nslookup times out, the DNS server it is trying to use is either not reachable or is down. If you are using the VPN, this server's ip address should start with a 10. If it does, Try using ''ping'' to see if it is reachable. If it is not reachable, contact your system administrator for further debugging.A computer firewall prevents undesired network activity from affecting your computer. Usually firewalls block incoming external connections to automatically installed services.
However, an overzealously restrictive or misconfigured firewall can also block outgoing connections.
In windows, by default the firewall will ask you if you want to allow access to a network service the first time it blocks it. If you accidentally click NO on a service you need, you may have to review the firewall settings to correct this.
In linux, by default, only incoming connections are blocked by the firewall.In this tutorial, please use the circular arrow on the immediate left to go back to the previous node instead of the back item in your browser.
Also, you can pick your default operating system by clicking on the links at the left, or change it at any time.
This tutorial tries to cover all known problems, but surely some have been missed. If you get stuck, contact helpdesk@cecs.ucf.edu and tell us how far you got.
[[Lets get started!->start]](display: "oswarning")
|linux)[Some versions of linux use caching mechanisms to speed up DNS and these caches are not reliably flushed when you connect with the VPN. After logging into the VPN, run the following command:
$tt[sudo systemd-resolve --flush-caches]
and see if that resolve the problem.
]
|windows)[
You can try flushing the dns cache:
0. Open a command window
0. Run the command ''ipconfig /flushdns''
If that doesn't fix things, you can try resetting the windows network stack:
This method is not well tested by us, so if you use it and it helps, let us know!! (We've used this before, but we don't know if it fixes this problem.)
0. Open up the start menu and type cmd without pressing enter. You should see Command Prompt in the menu. Right click it and select “Run as administrator"
0. Type ''netsh winsock reset'' and hit enter.
0. Type ''netsh int ip reset'' and hit enter.
0. Type ''ipconfig /flushdns'' and hit enter.
0. Restart your computer and see if you are still having connectivity issues.
]
If it is still not working, please contact us so we can suggest some additional things to try.
(display: "oswarning")
External DNS servers (for example, google's DNS) may have been added manually in your network settings. Off campus,these may be better than your default ISP's DNS servers, but they will not find on campus computers.
|linux)[Linux can configure this in several places, but the most likely place is in the NetworkManager configuration in the control panel.
]
|windows)[In windows, manual DNS servers can be added or removed:
* Go to Control panel > Network and Internet > Network and Sharing Center > Change adapter settings.
* Select your network interface, (right click or double click) and select ''Properties''
* Select the networking tab (default)
* Select ''Network Protocol Version 4'' and click properties
* In the lower half of the panel, make sure ''Obtain DNS server address automatically'' is selected.
* Click ''Advanced'' and select the ''DNS'' tab.
* In the top panel, delete any DNS server addresses.
](if: $os is 0)[These tests are operating system specific. You should pick an operating system (on the left).]
To download the Cisco AnyConnect VPN client, go to (link-repeat: "https://secure.vpn.ucf.edu")[(open-url: 'https://secure.vpn.ucf.edu')]
Once this has downloaded and installed, start AnyConnect and enter $tt[secure.vpn.ucf.edu] in the box, and click ''connect''. You will be asked to log in; use your NID and NID password.
If you have trouble installing AnyConnect, additional resources can be found at
* (link-repeat: "http://t.cs.ucf.edu/help/vpn")[(open-url: 'http://t.cs.ucf.edu/help/vpn')]
* (link-repeat: "Search the UCF IT knowledge base for vpn")[(open-url: 'https://ucf.service-now.com/ucfit?id=search&q=vpn')]