In many situations it is useful to be able to connect to the university. Using VPN you are able to connect basically from anywhere and route all your traffic through the university network. This is in particular useful in the following situations:
- You need to access an article that is restricted by the publisher to only university members.
- You are outside of the United States, but need to access a website for which you need to have a US IP address.
- You want to print at the university from a printer in the physics network, but you are only connected to the general PSU wifi.
The Physics Department uses the VPN of the Eberly College of Science starting 2016. It uses the VPN product by GlobalProtect. Detailed instructions are provided on the college webpage here: https://elements.science.psu.edu/it/frequently-asked-how-to-questions/connecting-to-science-vpn (PSU Account login needed). There are better ways to do the setup, here given in the following tips for different platforms.
(Note that there is another VPN by the university. For details of that VPN see the school IT Knowledge Base.)
Windows & Mac
Follow the steps on the college webpage.
Android & iOS
Download the app by GlobalProtect for Android or iOS. Open the app, grant it VPN permission when prompted, then enter the portal (i.e. gateway) provided in the college webpage together with your PSU credentials. There may be a warning about the certificate of the VPN server. One can simply continue and ignore it. If concerned, see the end of this document.
Linux & Unix
There is no GlobalProtect client on Linux, and one has to use vpnc. For that, setting up split tunneling is desirable. Without split tunneling, you will probably have trouble accessing anything outside the college network. (Except maybe Google, for some reason.)
Here is the procedure to connect using NetworkManager, with split-tunneling properly set up.
- Ensure that vpnc and the vpnc plugin for NetworkManager are installed. (In Debian for example, they are vpnc and network-manager-vpnc-gnome if using Gnome.)
- Setup the Science VPN as outlined in the Fedora Docs link given on the college webpage. Refer to the college webpage for VPN type (“Cisco Compatible VPN (vpnc)”), gateway, and user & group credentials.
- Split-tunneling setup. The procedure generally follows that in the link to Palo Alto Networks given on the college webpage. In the VPN connection setup dialogue, go to IPv4 Settings→Routes. Click on “Add” and enter 128.118.0.0 in “Address” and 255.255.0.0 in “Netmask”. Check “Use this connection only for resources on its network” and click OK. The setup is shown in the following screenshot. (Click to view.) (The IP ranges 146.186.0.0/16 could also be relevant in the routing table. I haven’t had a need for it though.)
The subnet IP and netmask given above are speculative. It should tunnel your connections to the Eberly College of Science—hence the Physics Department—through VPN Science. Should it not, increase the corresponding IP range.
Certificate for VPN Science
For reference, as of July 2016, the SHA1 finger print of VPN Science is
d9:6b:ed:53:2f:b0:07:5e:26:53:e9:17:7a:df:00:42:18:9e:74:a5.
One can check it in the details of the certificate received.
[…] you need to connect to VPN using the instructions […]