WiscVPN FAQ
What is WiscVPN?
There are a few network resources which are restricted to campus-based computers.
When you use a commercial Internet Service Provider (ISP) such as Charter or
TDS, your network traffic carries an IP address from that vendor, and you may be
prevented from accessing some campus network resources. WiscVPN allow users to
access these restricted resources even though they’re using a commercial ISP. It
accomplishes this by establishing an encrypted tunnel between the home/remote PC
and the campus network. All campus-bound traffic is routed through the tunnel
with a campus IP address, making that traffic appear to be originating from
on-campus.
Where do I go to find out more about WiscVPN?
Known VPN issues and solutions to problems that have been reported can be found
at www.doit.wisc.edu/network/vpn. General
Installation instructions and troubleshooting documentation is available at the
Help Desk. In addition, watch for planned outages in the WiscVPN client
banner that displays each time you log on.
What are some examples of restricted campus resources?
Examples of restricted campus resources include: DoIT’s electronic shelf (i.e.,
software downloads), some library resources and various departments’ protected
applications. WiscVPN will allow access to DoIT's electronic shelf. WiscVPN
users will be prompted by the library proxy server for access to library
resources, but WiscVPN will not allow access to library services which are not
currently available through the existing proxy server. Individual departments
who restrict access based on IP address may choose to allow WiscVPN access to
these resources; contact your department network administrator to see if this
applies to you. UW Hospital has chosen not to allow WiscVPN to access their
restricted network resources.
Who is eligible to use the WiscVPN service?
Any UW faculty, student or staff with an active UW NetID is eligible to use
WiscVPN.
Activate your NetID.
What does WiscVPN cost?
WiscVPN is offered by DoIT free of charge.
Dynamic vs. Static IP addresses
- Dynamic IP Addresses: The Basic WiscVPN service provides a
connection to the campus network using an IP address selected randomly from an
available pool of campus IP addresses. Each time you make a connection using the
WiscVPN client, you may be assigned a different campus IP address. Most WiscVPN
users will likely find that a dynamic IP address meets their needs.
- Static IP Addresses: A few network resources need to be locked
down so that only specific IP addresses are allowed to access them. The Static
IP service will reserve a specific IP address which will always be used for your
WiscVPN connection, if that level of security is needed. Static WiscVPN service
is available for departmental use only. If you need a static IP for personal
use, you will need to purchase this service from your commercial ISP.
How do I set up a Dynamic WiscVPN connection?
If you already have a commercial Internet Service Provider,
download and install the WiscVPN client that corresponds to your operating
system and Internet connection.
How do I set up a Static WiscVPN connection?
See the Static IP page for more information
about setting up a static WiscVPN connection.
I have one broadband connection that I am sharing between several
desktops. How will that affect WiscVPN service?
If your broadband connection is already working on several desktops, load the
WiscVPN client on each machine and you should be able to successfully initiate a
WiscVPN connection from multiple desktops simultaneously. It’s important to note
that DoIT cannot support your home network. You must be able to successfully
access the Internet from each desktop before the WiscVPN client will work.
What operating systems are supported for WiscVPN?
Currently WiscVPN includes clients for Windows XP, 2000 and Vista and Macintosh
OS X.
The WiscVPN client is working within Vista (the 32 bit version only), but is
missing the following features: Start Before Logon, SmartCard Authentication,
Integrated Firewall, InstallShield, AutoUpdate.
What is split tunneling?
Split tunneling is a feature of the VPN concentrator that routes user traffic
based on the destination IP address. Campus traffic is routed through the
WiscVPN tunnel, while Internet traffic is routed out through your commercial
ISP. We have chosen to use this feature to reduce the amount of personal
Internet traffic routed through the campus WiscNet connection. Split tunneling
allows us to reduce costs and adhere to the campus network Responsible Use
policy.
Internet2 Access
Access to participating Internet2 institutions is available via your commercial
ISP. WiscVPN will route traffic destined for I2 through your commercial ISP
using the split tunneling feature. From a network performance standpoint, there
would be no benefit to the remote end user if I2 traffic were tunneled through
the campus network. If you experience access problems to an I2 resource using
WiscVPN, contact us at vpn@doit.wisc.edu.
Access to Library Resources
Access to library resources will continue to be provided through the Libraries’
EZproxy server. WiscVPN users will be prompted by the library proxy server for
access to library resources. Due to licensing issues, WiscVPN will not allow
access to library services that are not currently available through the existing
proxy server.
What types of encryption does WiscVPN use?
IPSec encryption is used on all the currently supported clients for WiscVPN.
What range of IP addresses does WiscVPN use?
- 146.151.192.0/20 (146.151.192.0 - 146.151.207.255) for dynamically addressed VPN clients
- 146.151.208.0/20 (146.151.208.0 - 146.151.223.254) for static addressed VPN clients
How do I test my WiscVPN connection?
Open the WiscVPN client and make a connection using your NetID and password. You
can confirm that it is working by going to the
VPN section of the Help Desk web site.
I can’t get WiscVPN to work. What should I do?
The DoIT Help Desk is now supporting the WiscVPN service. Troubleshooting
documentation is available on the Help
Desk web site or via at (608) 264-HELP (4357).
Responsible Use
WiscVPN is subject to the UW-Madison Responsible Use of Information Technology Policy. Customers are strongly urged to review
the policy, especially the items in the policy regarding commercial use,
political use, non-university activities and incidental personal use.
Still have questions?
Send an email to vpn@doit.wisc.edu
Can I use an existing requisition to reserve a Static IP?
Yes. Any valid requisition that you can use to make Tech Store purchases will
work to reserve a Static IP number. Requisitions are associated with particular
departments using a UDDS number, and only members of that department will be
allowed to charge against that requisition number. The Static IP reservation
will appear as a zero-dollar line item charged against that requisition, which
will serve to alert the department manager that someone has reserved a Static IP
number.
Do I need a separate requisition for each Static IP?
You can use the same requisition number for a batch of IP requests.
Do I need to send the requisition to DoIT?
No. Just enter the requisition number on the Static IP Web page. You need not
send a copy of the requisition to DoIT.
Can I reserve Static IPs for multiple members of my department?
Yes. As a result of feedback we’ve received from campus, we have made it possible
for you to reserve a Static IP on behalf of another member of your department.
The Static IP WiscVPN service is available for departmental use only and
requires the approval of your department. When you reserve a Static IP for a
second party, you are taking the responsibility of ensuring that these
requirements are met. A requisition number that is associated with the UDDS of
your payroll appointment will still be required, but you will not need a second
requisition number if the Static IP recipient is associated with a different
UDDS. You need to know the second party’s NetID, but you do not need to know
their password. All Static WiscVPN sessions will still be authenticated using
the individual NetID and password, so any Static IPs you reserve will only be
available for the intended recipient.
I don't remember my existing requisition number. Is there a way to
look it up?
Requisition number can be looked up with
"My order History" at the Tech Store.
