Use VPN when you need to connect to campus resources that would otherwise be unavailable on distant networks such as file servers and print services. VPN provides an added layer of security for some services (FTP, Webmail, etc). This is useful when you're working with a possibly untrustworthy network for example, in hotels or airports. VPN transports any network service without special settings. File sharing, printing, remote desktop, SSH, FTP, telnet, and Web-based services have all been tested with VPN.
VPN authenticates your identity and affiliation with Cornell using your NetID and password, and then sends all your Cornell-related traffic through an encrypted "tunnel" to campus. Non-Cornell traffic follows your normal network path and does not enter the Cornell network. Campus resources will "see" your VPN-connected system as a computer on campus with an IP address in the range 128.84.32.0 to 128.84.35.255.
Cornell faculty, staff, students, and affiliates with valid NetIDs can use VPN. If you need to use VPN and you don't fall into one of these categories (for example, you're a contractor), you may be eligible for a sponsored NetID. Contact the department you're working with for more information. Details about sponsored NetIDs are found on the NetID page.
You should be able to use VPN from any Internet-connected network, anywhere in the world. Notes: If you are on campus, you can only use VPN with RedRover. If you're on campus and get an error message, make sure you're using RedRover.
VPN stands for Virtual Private Network, and it's a means of securely connecting individual users at remote locations (at home, or while traveling) with resources on campus over public communication lines that might otherwise not be secure. VNC, or Virtual Network Computing, allows you to connect to and control an computer from a remote connection. For example, you could use VNC from your home computer to remotely control a desktop computer on campus.
To use VPN with Cornell campus networks and services, you must use the Cornell Cisco VPN software. Built-in Windows and Mac OSX software doesn't work. For more information or to download and install the software, see the How To page.
Linux users should use the AnyConnect VPN client available for installation at https://cuvpn.cuvpn.cornell.edu/. (IPSec clients are deprecated.)
Not at present. While VPN provides considerable security against network eavesdropping, it does not offer security against other Internet threats. For information about protecting your computer from viruses and other attacks, see the CIT Security page.
VPN sessions are limited to 8 hours. After 8 hours, the connection closes automatically. To continue working, connect again. You'll need to enter your NetID and password again. There is no limit on how often you can connect through VPN. For connection instructions, see Connecting to Campus with VPN.
It's possible that you'll experience some system slowness when you're using VPN. If you think you're experiencing a serious speed issue (for example, your service is significantly worse than your regular internet service), contact your technical support provider. Please be able to provide your NetID, time you logged into VPN, your operating system, and your IP address. (To find your IP address, check http://myipaddress.com or http://www.whatismyipaddress.com.)
Your client is negotiating an encrypted connection with the VPN concentrators. Agreeing on your identity, cipher, key material, and then pushing Cornell's network configuration to the client does take a perceptible length of time, but it's necessary for the service to work.
While you're connected through the VPN, only traffic to and from Cornell resources is routed through the VPN. Systems, sites and servers outside Cornell will continue to see your ISPs address, even when you're connected through the VPN. So if you're in a hotel room and connected to the VPN while you check your Cornell e-mail and place an order with an on-line retailer, you will appear to have a Cornell IP address when you check your mail and at the same time appear to have the Hotel ISPs IP address to the people you are placing your order with.
This is a configuration called, variously, split tunneling or split horizon. In this mode, traffic destined for Cornell's networks is sent through the VPN tunnel. Traffic destined anywhere else is sent through your default Internet connection. Computers outside Cornell see you as part of that ISP network for this reason.
The rationale behind split tunneling is that it's inefficient to haul all your Internet traffic through the VPN, receive it at Cornell, then send the results back to you. Not only would that create bandwidth concerns, it would bring privacy concerns as well.
Please see Troubleshooting.
Earlier versions of the Cornell VPN were not supported at the lowest level package for some satellite Internet services. This should not be a problem with the current Cornell VPN client. For more information on installing and using the current version, see the How To page.
The VPN is intended to provide remote access to campus. VPN's understanding of the network consists of an "inside" and an "outside." When you try to use it from on-campus, it's seeing a client on the inside trying to reach the inside network. It doesn't understand how to route traffic to your client to make that connection work. The VPN appliances have been configured to to treat some networks, including RedRover-Secure as external to Cornell. You can use those services to connect to the VPN for the purposes of testing.
You're encouraged to begin using the VPN with the departmental login group instead. You can delete the entry for the departmental VPN in your client software. For more information, see the How To page.
Due to licensing restrictions, people using VPN may need to authenticate themselves via CUWebLogin before accessing certain electronic resources provided by Cornell University Library. All links from the library website and catalog should automatically check for authentication and enable proxy access. If, while connected via VPN, you are unable to access licensed resources that are linked from the Library website or catalog, please contact Cornell Library via its Technical Problem Report Form.
