Skip to main content
more options

About Virtual Private Network (VPN)

Virtual Private Network (VPN) provides the Cornell community with secure, authenticated remote access to campus networks and services. This means you can access Cornell servers and other systems that require some security from a distant network.

While connected through VPN, your computer appears the same as any other on-campus computer. All network traffic between your system and campus is encrypted to protect it from electronic eavesdropping.

VPN Features

  • Secure access to campus resources that would otherwise be unavailable on distant networks. 
  • Added layer of security for some services (FTP, Webmail, etc.). This is useful when you're working with a network that may not be entirely secure, such as a hotel or airport network. 
  • Works with any network service without special settings. 
  • File sharing, printing, remote desktop, SSH, FTP, telnet, and Web-based services have all been tested with VPN.

How VPN Works

VPN authenticates your identity and affiliation with Cornell using your NetID and password, and then sends all your Cornell-related traffic through an encrypted "tunnel" to campus. Non-Cornell traffic follows your normal network path and does not enter the Cornell network. Campus resources will "see" your VPN-connected system as a computer on campus with an IP address in the range 128.84.32.0 to 128.84.35.255.

Non-campus resources will see the IP address of whatever ISP you are using. As a result, use of VPN will not help when trying to log in to non-Cornell services that check IP addresses to allow access, such as some databases linked from Cornell Library.  

After connecting to VPN, you may need to enter your NetID and password again when connecting with a restricted area, such as WebMail.

Who Can Use VPN?

Cornell faculty, staff, students, and affiliates with valid NetIDs can use VPN. If you need to use VPN and you don't fall into one of these categories (for example, if you're a contractor), you may be eligible for a sponsored NetID. Contact the department you're working with for more information. Details about sponsored NetIDs are found on the NetID page.

Departmental VPN

The Departmental VPN option allows units to establish and manage VPNs for exclusive use by their own staff—effectively restricting access to individuals identified by and working within the unit. Departments can have one or more private networks, and individuals can be in as many as the department allows.

Due to resource considerations, Departmental VPNs must match the master configuration. It is not possible to do custom configurations of  

  • access control lists
  • login expiration times
  • system security
  • security 

The service consists of the secure provision of a block of IP addresses. 

See the How-To section for information about how to set up a Departmental VPN.

Testing VPN Before You Travel

If you're planning to use VPN when you're travelling, it's a good idea to try a test run before you go. Using the computer you're taking on your trip, connect to campus using VPN. You can try this from home, or on campus using RedRover or RedRover-Secure. Campus connection methods other than RedRover or RedRover-Secure will not work.