Network/VPN/Windows: Difference between revisions

From UMIACS
Jump to navigation Jump to search
No edit summary
(48 intermediate revisions by 13 users not shown)
Line 1: Line 1:
'''Please note that this tutorial assumes you already have a network connection established.'''
'''Please note that this tutorial assumes you already have a network connection established.'''
'''Authentication is handled via the Windows domain.  If you have an account in the PC Active Directory you already have access.'''
'''If you have a UMIACS account, you already have access.'''


The UMIACS VPN is accessible through the Junos Pulse Client.  Alternatively, you can establish a connection through a web browser.
The UMIACS VPN is accessible through the Pulse Secure Client.  Alternatively, you can establish a connection through a [https://vpn.umiacs.umd.edu/ web browser], but this may fail if you have an outdated version of Pulse Secure already installed.


== Connecting through the Junos Pulse client ==
'''As of May 10th 2019, MFA Authentication is mandatory.'''
 
'''NOTE: If your computer has an ARM-based processor, you will need to proceed differently from the standard Windows instructions. Please refer to the [[#Connecting through the Pulse Secure client (for computers WITH ARM processors)|instructions here]].'''
 
==Prerequisites==
* Device enrolled with [[Duo | UMIACS Duo]]
 
== Connecting through the Pulse Secure client (for computers WITHOUT ARM processors) ==
#'''Download the client:'''
#'''Download the client:'''
#:[[Media:JunosPulse.x64.msi|Windows 7 64 bit]]<br style="clear:both"/>
#:[[Media:PulseSecure9.1R12.x64.msi|Windows 64 bit Pulse Secure Client]] (preferred)<br style="clear:both"/>
#:[[Media:JunosPulse.x86.msi|Windows 7 32 bit]]<br style="clear:both"/>
#:[[Media:PulseSecure9.1R12.x86.msi |Windows 32 bit Pulse Secure Client]]<br style="clear:both"/>
#:''Upon starting the client for the first time it will ask to upgrade the client.  This will pull an up to date version of the client with the most recent configuration.''
#:''Upon starting the client for the first time it may ask to upgrade the client.  This will pull an up to date version of the client with the most recent configuration.''
#'''Open the client and click 'Add' (+) under the connection section'''
#'''Start the client if it is not already running - it usually starts by default on bootup.'''
#:[[Image:JunosPulse(1).png|thumb|left|280px|[Windows] Click the 'Add' (+) button to create a new connection]]
#:[[Image:Pulse Secure Desktop App.jpg|thumb|center|280px|[Windows] Start the client from the Start Menu.]]
#'''In the 'Name' field, enter a descriptive name for this vpn Connection'''
#'''If the client is already running, double click its icon from the status bar.'''
#'''In the 'Server URL' enter 'vpn.umiacs.umd.edu''''
#:[[Image:Pulse Icon.jpg|thumb|center|280px|[Windows] Double click its status icon to open.]]
#:[[Image:JunosPulse(4).png|thumb|left|280px|[Windows] Enter the name of the vpn server]]
#'''and click 'Add' (+) under the connection section.'''
#Enter your windows side credentials and hit connect
#:[[Image:Pulse Secure1.jpg|thumb|center|280px|[Windows] Click the 'Add' (+) button to create a new connection.]]
#:[[Image:JunosPulse(3).png|thumb|left|280px|[Windows] Enter UMIACS Windows Credentials]]
#'''Enter a name for your VPN connection and the server URL 'vpn.umiacs.umd.edu''''  
#:[[Image:Pulse Connection.jpg|thumb|center|280px|[Windows] Enter the name of the VPN server.]]
#'''Enter your UMIACS credentials and hit connect.'''
#:[[Image:Pulse UserPass.jpg|thumb|center|280px|[Windows] Enter UMIACS credentials.]]
#'''Enter Secondary Password for [[Network/VPN/MFA | MFA]]. For example, if you wish to push a notification to your device, type the word "push" into the secondary password box.'''
 
:::[[Image:Vpnmfa6.png|thumb|center|280px|[Windows] Enter Secondary Password.]]
 
::The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement.  As a result, you will be prompted for credentials twice.
 
::{|class="wikitable"
!Second Credential Password Value:
! Result
|-
| push
| Send a push verification to your Duo connected device
|-
| phone
| Send a call verification to your Duo connected device.
|-
| <press YubiKey>
| If you have a physical token then you would press the YubiKey for the one time password.
|}
 
::Please note that registering a YubiKey for use with the VPN requires interaction with UMIACS Tech Staff. Please [[HelpDesk | contact us]] if you would like to register a YubiKey for this purpose.
 
 
{{Note|<b>Pro-tip:</b> Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically use your preferred method.}}
 
 
 
You should now be connected to the UMIACS VPN.
 
==Checking VPN Status==
# In the bottom right hand corner, in your status bar, you should see an S icon. If there's a green arrow, that means you are connected! If there is nothing, that means you are not.
#:[[Image:Pulseicon2.png|thumb|center|500px|]]
# You can hover over this icon and it will show you the status of your connection.
#:[[Image:PulseStatus2.png|thumb|center|500px|]]




<br style="clear:both"/>
<br style="clear:both"/>
== Connecting through a web browser ==  
 
'''Connecting to the VPN via the web browser requires that Java be enable on your machine. For additional information on Java, as well as download links and install instructions please see: http://www.java.com
== Connecting through the Pulse Secure client (for computers WITH ARM processors) ==
*Open up a browser and go to 'vpn.umiacs.umd.edu'
ARM processors cannot natively run x64 or x86 programs without special emulation. Microsoft Surface laptops do not have x64 emulation yet, but they do have x86 emulation. However, not all x86 programs run smoothly even with emulation. As such, the best course of action for these sorts of machines is using the version of Pulse Secure that is specifically made for ARM processors, which is offered on the Microsoft Store.
**Log in using your windows side credentials
 
[[Image:VPNBrowser.png|thumb|right|500px|Click 'Start' to open the Network Connect applet]]
'''Installation Instructions:'''
*Click 'Start' in the Network Connect section towards the bottom right hand side of the page.
 
**This will launch a Java applet that will open up a new window showing the status of your VPN connection
#[https://www.microsoft.com/en-us/p/pulse-secure/9nblggh3b0bp Go to the Pulse Secure page on the Microsoft Store.]
**Keep an eye out for a notification at the top of your browser requesting permission to run Java
#Click the "Get" button and wait for it to finish downloading. Once it's finished downloading, the Get button should now say "Install". Click "Install".
*To disconnect from the VPN click 'Sign Out' in the browser.
#Once Pulse Secure is installed, continue to the Configuration Instructions.
(will finish installation instructions at a later time)
 
'''Configuration Instructions:'''
#Open Pulse Secure. It should have a green- and black-colored icon in the shape of an S.
#You should now see a gray window. Click on the "VPN Settings..." button in that window.
#You should now see the VPN page in Windows Settings. Click "Add a VPN connection".
#The VPN provider should be Pulse Secure. You will now need to enter the following information:
##Connection name: UMIACS
##Server name or address: vpn.umiacs.umd.edu
##Username: You can put in your UMIACS username if you'd like, or you can leave it blank.
##password: Leave it blank for security reasons.
##Choose to remember sign-in info ONLY if the password field is blank, for security reasons.
##You should now be finished with adding the VPN connection.
#Now under "VPN" and "Add a VPN connection" at the top, you should see a button that says "UMIACS". Click on that button.
#You will now be prompted for your username (if you did not fill it out when adding the connection) and password. Enter your UMIACS credentials, then click the "OK" button.
#You will now be prompted for a "secondary password". This refers to the method of multi-factor authentication you would like to use. Typing in "push" into this field will send a notification to the Duo app on your smart device, whereas "phone" will send a call to your registered phone number. Enter your choice of authentication, then click the "Next" button.
#After completing the multi-factor authentication via push notification or call, you should now be connected to the UMIACS VPN!
 
In case you would like to manually disconnect from the VPN, go to the same "VPN Settings..."/VPN page in Windows settings, click on the UMIACS connection, and click the "Disconnect" button.

Revision as of 14:24, 21 August 2021

Please note that this tutorial assumes you already have a network connection established. If you have a UMIACS account, you already have access.

The UMIACS VPN is accessible through the Pulse Secure Client. Alternatively, you can establish a connection through a web browser, but this may fail if you have an outdated version of Pulse Secure already installed.

As of May 10th 2019, MFA Authentication is mandatory.

NOTE: If your computer has an ARM-based processor, you will need to proceed differently from the standard Windows instructions. Please refer to the instructions here.

Prerequisites

Connecting through the Pulse Secure client (for computers WITHOUT ARM processors)

  1. Download the client:
    Windows 64 bit Pulse Secure Client (preferred)
    Windows 32 bit Pulse Secure Client
    Upon starting the client for the first time it may ask to upgrade the client. This will pull an up to date version of the client with the most recent configuration.
  2. Start the client if it is not already running - it usually starts by default on bootup.
    [Windows] Start the client from the Start Menu.
  3. If the client is already running, double click its icon from the status bar.
    [Windows] Double click its status icon to open.
  4. and click 'Add' (+) under the connection section.
    [Windows] Click the 'Add' (+) button to create a new connection.
  5. Enter a name for your VPN connection and the server URL 'vpn.umiacs.umd.edu'
    [Windows] Enter the name of the VPN server.
  6. Enter your UMIACS credentials and hit connect.
    [Windows] Enter UMIACS credentials.
  7. Enter Secondary Password for MFA. For example, if you wish to push a notification to your device, type the word "push" into the secondary password box.
[Windows] Enter Secondary Password.
The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement. As a result, you will be prompted for credentials twice.
Second Credential Password Value: Result
push Send a push verification to your Duo connected device
phone Send a call verification to your Duo connected device.
<press YubiKey> If you have a physical token then you would press the YubiKey for the one time password.
Please note that registering a YubiKey for use with the VPN requires interaction with UMIACS Tech Staff. Please contact us if you would like to register a YubiKey for this purpose.


Exclamation-point.png Pro-tip: Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically use your preferred method.


You should now be connected to the UMIACS VPN.

Checking VPN Status

  1. In the bottom right hand corner, in your status bar, you should see an S icon. If there's a green arrow, that means you are connected! If there is nothing, that means you are not.
    Pulseicon2.png
  2. You can hover over this icon and it will show you the status of your connection.
    PulseStatus2.png



Connecting through the Pulse Secure client (for computers WITH ARM processors)

ARM processors cannot natively run x64 or x86 programs without special emulation. Microsoft Surface laptops do not have x64 emulation yet, but they do have x86 emulation. However, not all x86 programs run smoothly even with emulation. As such, the best course of action for these sorts of machines is using the version of Pulse Secure that is specifically made for ARM processors, which is offered on the Microsoft Store.

Installation Instructions:

  1. Go to the Pulse Secure page on the Microsoft Store.
  2. Click the "Get" button and wait for it to finish downloading. Once it's finished downloading, the Get button should now say "Install". Click "Install".
  3. Once Pulse Secure is installed, continue to the Configuration Instructions.

(will finish installation instructions at a later time)

Configuration Instructions:

  1. Open Pulse Secure. It should have a green- and black-colored icon in the shape of an S.
  2. You should now see a gray window. Click on the "VPN Settings..." button in that window.
  3. You should now see the VPN page in Windows Settings. Click "Add a VPN connection".
  4. The VPN provider should be Pulse Secure. You will now need to enter the following information:
    1. Connection name: UMIACS
    2. Server name or address: vpn.umiacs.umd.edu
    3. Username: You can put in your UMIACS username if you'd like, or you can leave it blank.
    4. password: Leave it blank for security reasons.
    5. Choose to remember sign-in info ONLY if the password field is blank, for security reasons.
    6. You should now be finished with adding the VPN connection.
  5. Now under "VPN" and "Add a VPN connection" at the top, you should see a button that says "UMIACS". Click on that button.
  6. You will now be prompted for your username (if you did not fill it out when adding the connection) and password. Enter your UMIACS credentials, then click the "OK" button.
  7. You will now be prompted for a "secondary password". This refers to the method of multi-factor authentication you would like to use. Typing in "push" into this field will send a notification to the Duo app on your smart device, whereas "phone" will send a call to your registered phone number. Enter your choice of authentication, then click the "Next" button.
  8. After completing the multi-factor authentication via push notification or call, you should now be connected to the UMIACS VPN!

In case you would like to manually disconnect from the VPN, go to the same "VPN Settings..."/VPN page in Windows settings, click on the UMIACS connection, and click the "Disconnect" button.