Network Services

• Campus Network
• Network Upgrade
• Wireless
• Remote Access
• Internet2
• VPN
• DATN
• Network Graphs
• Policies and Standards
• Instructor-led Firewall Service Administration Training
• Online Firewall Service Administration Training

WiscVPN

• FAQ
• Static IP Service
• Status
• Help Desk Docs

WiscVPN

FAQ

• What is WiscVPN?
• Where do I go to find out more about WiscVPN?
• What are some examples of restricted campus resources?
• Who is eligible to use the WiscVPN service?
• What does WiscVPN cost?
• Dynamic vs. Static IP addresses
• How do I set up a dynamic WiscVPN connection?
• How do I set up a static WiscVPN connection?
• I have one broadband connection that I am sharing between several desktops, how will that affect WiscVPN service?
• What operating systems are supported for WiscVPN?
• What is split tunneling?
• Internet2 access
• Access to Library Resources
• What types of encryption does WiscVPN use?
• What range of IP addresses does WiscVPN use?
• How do I test my WiscVPN connection?
• I can't get WiscVPN to work. What should I do?
• Appropriate Use
• Still have questions?
• Can I use an existing requisition to reserve a Static IP?
• Do I need a separate requisition for each Static IP?
• Do I need to send the requisition to DoIT?
• Can I reserve Static IP's for multiple members of my department?
• I don't remember my existing requisition number. Is there a way to look it up?

What is WiscVPN?

There are a few network resources which are restricted to campus-based computers. When you use a commercial Internet Service Provider (ISP) such as Charter or TDS, your network traffic carries an IP address from that vendor, and you may be prevented from accessing some campus network resources. WiscVPN allow users to access these restricted resources even though they’re using a commercial ISP. It accomplishes this by establishing an encrypted tunnel between the home/remote PC and the campus network. All campus-bound traffic is routed through the tunnel with a campus IP address, making that traffic appear to be originating from on-campus.

Where do I go to find out more about WiscVPN?

Known VPN issues and solutions to problems that have been reported can be found at www.doit.wisc.edu/network/vpn. General Installation instructions and troubleshooting documentation is available at the Help Desk. In addition, watch for planned outages in the WiscVPN client banner that displays each time you log on.

What are some examples of restricted campus resources?

Examples of restricted campus resources include: DoIT’s electronic shelf (i.e., software downloads), some library resources and various departments’ protected applications. WiscVPN will allow access to DoIT's electronic shelf. WiscVPN users will be prompted by the library proxy server for access to library resources, but WiscVPN will not allow access to library services which are not currently available through the existing proxy server. Individual departments who restrict access based on IP address may choose to allow WiscVPN access to these resources; contact your department network administrator to see if this applies to you. UW Hospital has chosen not to allow WiscVPN to access their restricted network resources.

Who is eligible to use the WiscVPN service?

Any UW faculty, student or staff with an active UW NetID is eligible to use WiscVPN. Activate your NetID.

What does WiscVPN cost?

WiscVPN is offered by DoIT free of charge.

Dynamic vs. Static IP addresses

• Dynamic IP Addresses: The Basic WiscVPN service provides a connection to the campus network using an IP address selected randomly from an available pool of campus IP addresses. Each time you make a connection using the WiscVPN client, you may be assigned a different campus IP address. Most WiscVPN users will likely find that a dynamic IP address meets their needs.
• Static IP Addresses: A few network resources need to be locked down so that only specific IP addresses are allowed to access them. The Static IP service will reserve a specific IP address which will always be used for your WiscVPN connection, if that level of security is needed. Static WiscVPN service is available for departmental use only. If you need a static IP for personal use, you will need to purchase this service from your commercial ISP.

How do I set up a Dynamic WiscVPN connection?

If you already have a commercial Internet Service Provider, download and install the WiscVPN client that corresponds to your operating system and Internet connection.

How do I set up a Static WiscVPN connection?

See the Static IP page for more information about setting up a static WiscVPN connection.

I have one broadband connection that I am sharing between several desktops. How will that affect WiscVPN service?

If your broadband connection is already working on several desktops, load the WiscVPN client on each machine and you should be able to successfully initiate a WiscVPN connection from multiple desktops simultaneously. It’s important to note that DoIT cannot support your home network. You must be able to successfully access the Internet from each desktop before the WiscVPN client will work.

What operating systems are supported for WiscVPN?

Currently WiscVPN includes clients for Windows XP, 2000 and Vista and Macintosh OS X.

The WiscVPN client is working within Vista (the 32 bit version only), but is missing the following features: Start Before Logon, SmartCard Authentication, Integrated Firewall, InstallShield, AutoUpdate.

What is split tunneling?

Split tunneling is a feature of the VPN concentrator that routes user traffic based on the destination IP address. Campus traffic is routed through the WiscVPN tunnel, while Internet traffic is routed out through your commercial ISP. We have chosen to use this feature to reduce the amount of personal Internet traffic routed through the campus WiscNet connection. Split tunneling allows us to reduce costs and adhere to the campus network appropriate use policy.

Internet2 Access

Access to participating Internet2 institutions is available via your commercial ISP. WiscVPN will route traffic destined for I2 through your commercial ISP using the split tunneling feature. From a network performance standpoint, there would be no benefit to the remote end user if I2 traffic were tunneled through the campus network. If you experience access problems to an I2 resource using WiscVPN, contact us at vpn@doit.wisc.edu.

Access to Library Resources

Access to library resources will continue to be provided through the Libraries’ EZproxy server. WiscVPN users will be prompted by the library proxy server for access to library resources. Due to licensing issues, WiscVPN will not allow access to library services that are not currently available through the existing proxy server.

What types of encryption does WiscVPN use?

IPSec encryption is used on all the currently supported clients for WiscVPN.

What range of IP addresses does WiscVPN use?

Dynamic WiscVPN uses 146.151.192.0/20. This is all addresses from 146.151.192.0 thru 146.151.208.255. Static WiscVPN service uses 146.151.208.0/21 146.151.216.0/24 146.151.217.0/24 This is all addresses from 146.151.208.0 thru 146.151.217.255.

How do I test my WiscVPN connection?

Open the WiscVPN client and make a connection using your NetID and password. You can confirm that it is working by going to the VPN section of the Help Desk web site.

I can’t get WiscVPN to work. What should I do?

The DoIT Help Desk is now supporting the WiscVPN service. Troubleshooting documentation is available on the Help Desk web site or via at (608) 264-HELP (4357).

Appropriate Use

WiscVPN is subject to the University Appropriate Use Policy. Customers are strongly urged to review the policy, especially the items in the policy regarding commercial use, political use, non-university activities and incidental personal use.

Still have questions?

Send an email to vpn@doit.wisc.edu

Can I use an existing requisition to reserve a Static IP?

Yes. Any valid requisition that you can use to make Tech Store purchases will work to reserve a Static IP number. Requisitions are associated with particular departments using a UDDS number, and only members of that department will be allowed to charge against that requisition number. The Static IP reservation will appear as a zero-dollar line item charged against that requisition, which will serve to alert the department manager that someone has reserved a Static IP number.

Do I need a separate requisition for each Static IP?

You can use the same requisition number for a batch of IP requests.

Do I need to send the requisition to DoIT?

No. Just enter the requisition number on the Static IP Web page. You need not send a copy of the requisition to DoIT.

Can I reserve Static IPs for multiple members of my department?

Yes. As a result of feedback we’ve received from campus, we have made it possible for you to reserve a Static IP on behalf of another member of your department. The Static IP WiscVPN service is available for departmental use only and requires the approval of your department. When you reserve a Static IP for a second party, you are taking the responsibility of ensuring that these requirements are met. A requisition number that is associated with the UDDS of your payroll appointment will still be required, but you will not need a second requisition number if the Static IP recipient is associated with a different UDDS. You need to know the second party’s NetID, but you do not need to know their password. All Static WiscVPN sessions will still be authenticated using the individual NetID and password, so any Static IPs you reserve will only be available for the intended recipient.

I don't remember my existing requisition number. Is there a way to look it up?

Requisition number can be looked up with "My order History" at the Tech Store.

Division of Information Technology - UW-Madison
Feedback, questions or accessibility issues | Privacy policy
Copyright © 2009 The Board of Regents of the University of Wisconsin System