Virtual Private Network (VPN)

The CSLab VPN servers are our recommended way to access CSLab resources when off-campus. They provides direct access to the CSLab network, including the whole range of CSLab resources, including Samba and the CSLab mail server. In other words, the same settings that you use at CSLab will work from home. They are also a recommended way to use the CSLab wireless network.

MAC users are strongly advised to use the OpenVPN (Tunnelblick) solution and not L2TP/IPSec. The former is more robust, the latter problematic.

Please be aware that using the internet while connected to the VPN can route your internet traffic through the CSLab network, the university network backbone, and the university's internet gateway, unless you explicitly configure your machine to do otherwise. Such constitutes "use of campus network resources", is governed by the appropriate university policy, and will be subject to whatever the university might choose to do to traffic traversing its networks (e.g. throttling, shaping, monitoring, blocking). So please do not do anything contrary to university policy while connected to the VPN.

Windows, Mac OS X and Linux come with one or more free native VPN clients that are interoperable with either the CSLab L2TP/IPsec or OpenVPN server.

Some hand-held devices may only support OpenVPN. Please consult your Point of Contact (PoC) for assistance.

In the event that you have two CSLab users behind a NAT gateway, i.e. a home DSL router or similar, most VPNs will disallow multiple connections from one IP. In this case, you may obtain two VPN connections by having one user connect to the one VPN server, and one user connect to the another VPN server. For example the first user could connect to the L2TP/IPsec server and the second user to the OpenVPN server.

In order to use our VPN servers, you need a VPN account. If you have a CSLab account, you can create your VPN account with our self-serve VPN account registration (this can also be used to get your VPN password if you have forgotten it). Alternatively, you can email your Point of Contact (PoC) to get a set of credentials for the VPN. Once you have done that, you should follow one of the following links depending on which sort of VPN client is available to you.

Please note: There is a bug in the Android 6.0+ SHA2 implementation that is incompatible with L2TP/IPsec. If you are able to force your Android device to use SHA1, you may have success with connections to our L2TP/IPsec server, but otherwise we suggest using our OpenVPN service.

OpenVPN Guidelines and Tunnelblick example

L2TP/IPSec Guidelines and examples