Remote Access - VPN

Remote Access – Using the University of Oxford VPN Service

Introduction

Being able to access internal University resources remotely is an important part of anyone’s operational role, therefore Remote Working is becoming a critical component of people’s working practices within the University.

A large number of the key University Applications are available online simply through logging in with your Single Sign On details, and are therefore available on any compatible device with an internet connection. Certain resources (CONNECT File Shares, R12 Financials etc) are only available within The University of Oxford, or more particularly the University of Oxford Network (which does not include the Eduroam Network) - using the Cisco VPN Remote Access Service allows access to these. 

This page details how one can create a VPN connection to the University of Oxford Network in order to access University Resources, including CONNECT File Shares (please see CONNECT – Adding a CONNECT File Share for instructions on this), when not on the University Wired Network, such as through Eduroam or from your own home.

There is an additional and fully supported CONNECT Remote Desktop Option available as a paid for service, which duplicates your CONNECT Desktop including common applications available.

Visit the IT Services  CONNECT accounts and resources for further information.

 

This page covers making a Remote Connection to the University Network by VPN, it does not cover making a Remote Desktop Connection to your PC.
Please call 01865 6 12345 or write to it@museums.ox.ac.uk if you require this.

 

Remote Access Guidelines

This page details a process which makes use of the University of Oxford IT Services VPN Service. This service has its own distinct guidelines which are detailed below – if you intend to use this solution you must adhere to the following guidelines: 

  • users connected to the IT Services VPN Service must treat their connection as though they were in their office. Users must never leave their device unattended whilst connected to the Remote Access Service. Users must be particularly aware when using a personal device (eg home PC) and consider particular applications running whilst connected to the Remote Access Service, eg Peer-to-Peer (P2P) software. Any P2P applications left running will therefore be running over the University network and subject to University IT regulations. Further information is available on the VPN help pages.
  • users must consider the risk in accessing documents from home or when away from the office. Further guidance can be found on the Information Security website.
  • it is responsibility of the user to ensure that antivirus and personal firewall software are installed and up-to-date, as well as ensuring that security patches are applied to personal devices, before accessing University services remotely. Failure to do so may result in access being removed.

Remote Access Account

In order to utilise the Remote Working Service you need to have signed up for a University of Oxford Remote Access Account. The Remote Access Account is different from the Oxford Single Sign-On (SSO Account) but the process to set up is simple.

For VPN Access your Remote Access Username will need to be entered in the following format with your Remote Access Password:

SSOUsername e.g. abcd1234

 Register for Remote Access Account

To set up or renew your Remote Access Account please visit the IT Services Self-Registration page

  • sign in with your SSO details
  • select Change or Register for a Remote Access (Eduroam WiFi/VPN) account password
  • Set a Remote Access Password

Own Machine Configuration

To access University resources, such as the CONNECT File Shares on a machine that is not connected to the University Wired Network, there are two elements which need to be configured of the machine but importantly you need to remember that once you connect to the University Network through the VPN software you need to abide by the University rules. An important aspect of this is to ensure the connecting machine is up to date with the latest security patches and running fully functional Antivirus software.

VPN Configuration

In order to first connect to the University network, you will now need either to install a small piece of software on your Windows computer, or configure a connection method within your Apple Computer.

Please remember that when you’re not using the VPN connection to disconnect.

 

 

Expand All

 

CONNECT Laptops already have the VPN software installed, and for full information on the VPN Configuration, including comprehensive step-by-step instructions can be found on the IT Services website.

Browse to the following website, and sign in with your SSO details:

Self-Registration Home Page

Once signed in, follow these steps:

  1. choose Software on the left
  2. then in the Please select a software package window choose VPN Client
  3. select the applicable AnyConnect VPN client option for your machine
  4. download and install
  5. once installed run the Cisco AnyConnect Client
  6. enter vpn.ox.ac.uk into the box and select Connect
vpn

Now you will need to enter your Remote Access Username and Password. Enter your credentials in the appropriate fields and select OK.

vpn username password

If successful, you will see an icon in the system tray (near the clock) with a padlock.

 

Apple computers within the GMIT Jamf Service already have the VPN configured, so you will just need to enter your Remote Access Account details. For full information on the VPN Configuration, including comprehensive step-by-step instructions, please visit the dedicated macOS page on the IT Services website.

Please follow these steps:

  1. select Network
  2. in the Network window select the plus sign (+)
vpn network

3. enter the following information:

  • interface: VPN
  • VPN Type: Cisco IPsec
  • service name: Oxford University VPN

4. click on Create - you will now return to the Network Window

5. configure the following options:

  • server address: vpn.ox.ac.uk
  • account name: Remote Access Username eg exet2600
  • password: Remote Access Password
vpn network2

6. select Authentication Settings and enter the following details:

  • shared secret: see box below
  • certificate: leave unchecked
  • group name: oxford

Oxford University Shared Secret

The Oxford University Shared Secret is available to download for members of the University of Oxford, but cannot be disclosed on this document. Please visit the IT Services Self-Registration Software Registration and Downloads web page.

Once on this page select VPN client from the list, and on the next page select VPN shared credentials. A window containing the information should now pop up on your desktop - Make a note of the IPsec secret as you will need this information as the shared secret.

 
vpn machine authentication

7. select OK and you will return to the Network window - if you are likely to use the VPN client regularly you may want to select Show VPN status in menu bar to track your connection.
 

8. Finally, click the Apply button to complete the configuration for this new VPN interface. The interface will now appear in the left hand pane indicated by a locked padlock icon.

vpn status

Once you have configured a network interface on your Mac to connect to the IT Services VPN service you can make a VPN connection whenever you need to.

To connect via the inbuilt client:

  1. open System Preferences
  2. click the Network icon to switch to the Network window
  3. select the VPN connection you configured previously
  4. click on the Connect button (found underneath ‘Authentication Settings’) Alternatively, if you chose to include the status of the VPN connection in your menu bar during the configuration process you can connect and disconnect using the VPN icon in the top menu bar.