Computer Lab VPN "VPN2"
A Virtual Private Network (VPN) is a means of extending a private network over a public link. In the context of the Computer Laboratory, it generally refers to a means of making a personal machine, typically a laptop or home computer, appear to be on the university or departmental network. There are three main reasons for doing this:
- To bypass firewall and access control restrictions that apply to direct connections from the external network
- To gain access to external services such as online journals that are authenticated by calling IP address
- To add a layer of security to your network traffic when using an untrusted network, particularly when travelling
In order to open a VPN, the machine must present credentials to prove entitlement to access the private network.
There are multiple VPNs available. This page describes the Computer Laboratory in-house VPN "vpn2". This VPN exists as an in-house alternative to the 'main' Computer Lab VPN (which is managed by University Information Services).
Security precautions
When you are connected to a VPN, your machine behaves in most respects as if it were directly connected to the remote network. This means that when using the VPN services described here, you become subject to the CUDN and JANET acceptable use policies. All VPN connections are logged against your CRSid and network traffic may be traced back to you. You should ensure that the anti-virus software on your machine is up to date, and take appropriate precautions to protect your credentials from unauthorised use.
Obtaining credentials
Authorised members of the department may obtain their username and password for the Computer Laboratory VPN at vpnpassword.cl.cam.ac.uk.
Configuring your VPN connection
- Windows 10
- Apple devices (including Mac and iPhone)
- Linux
- Android devices
- Other devices (technical/generic instructions)
Testing split VPN
The intended behaviour of this VPN (unlike some others) is to direct only your connections to University systems through the VPN; the rest of your internet access should not be affected. This is done to minimise the amount of network traffic that must pass through the VPN.
You can check that this is working correctly by using the UIS 'My IP address' test page.
The expected results of the test should be as follows:
Your IPv4 address as currently seen by servers inside the University is
128.232.xxx.yyy
corresponding to the host name 'user-zzz.vpn.cl.cam.ac.uk'. This is a standard public IPv4 address associated with the University.
- The "cl.cam.ac.uk" name and an address starting "128.232" indicate that your connections to the University network are passing through the VPN: as far as the University network is concerned, you are connected through the Computer Lab network.
Your IPv4 address as currently seen by servers outside the University is
192.0.2.zzz
corresponding to the host name 'xyz.other-network.example.net'. This address is associated with a network outside the University.
- Any address that does not start with "128.232" indicates that your connections to the rest of the internet are not using the VPN. The address and name you see here are associated with your home internet service provider.
You appear to be running this test from a computer or web browser with an unusual network configuration which this page doesn't recognise. If this is not what you are expecting, you might want to consult your local networking support staff in case they can explain this based on local knowledge.
- This warning is expected on this VPN.
You also have this IPv6 address
2a05:b400:110:xx::yy
corresponding to the host name 'user-qqq.vpn.cl.cam.ac.uk'. This is a public IPv6 address associated with the University.
- This too indicates that connections to the University network appear to originate from the Computer Laboratory. This section will not appear if your VPN connection is not using Internet Protocol version 6. This is generally not a problem; you do not need this for most departmental services.
