Introduction
Secure Sockets Layer (SSL) virtual private network (VPN) provides secure remote access from one machine to restricted/private resources across a public network. Virginia Tech's SSL VPN service, referred to as “Remote Access VPN,” is a subscription-based service that allows a user to access Virginia Tech resources remotely across the globe. This service does not provide any end-to-end encryption to other services that are being accessed over VPN but does encrypt the traffic between your machine and the VPN device.
Contents
- Related Links
- Eligibility Requirements
- Supported Platforms
- 2-Factor Authentication
- Connection Options
- Instructions
Related Links
- Downloading, Installing, and Connecting to Pulse Secure Remote Access VPN in Windows
- Downloading, Installing, and Connecting to Pulse Secure Remote Access VPN in Mac OS 12.6.6 or later
- Downloading, Installing, and Connecting to Pulse Secure Remote Access VPN in Linux
- Remote Access VPN Frequently Asked Questions
Eligibility Requirements
- All current Virginia Tech faculty, staff, and students are eligible to access Remote Access VPN.
- Remote Access VPN is a subscription-based, bundled service with the Virginia Tech wireless network service or the Virginia Tech wired ethernet service. You can verify your subscription by following the instructions at Registering Online for Wireless LAN Service.
- You may use either Virginia Tech provided devices or personally owned devices to connect to Remote Access VPN, as long as the devices meet the minimum system and password requirements.
- You must have access to an administrator account on the device. If you have a device owned by Virginia Tech and do not have that access, contact your Network Liaison or contact 4Help on the 4Help portal by clicking Get Help.
Supported Platforms
For security reasons, we ask users to upgrade their devices to the latest version and update them periodically to receive any patches for vulnerabilities. Network Infrastructure and Services (NI&S) is unable to support operating systems and devices that are no longer supported by the manufacturer.
2-Factor Authentication
The Virginia Tech Remote Access VPN service requires 2-factor authentication. For more information, see Enrolling, Adding, Managing, or Removing a Duo 2FA Device.
Connection Options
Generally, a) - VT Traffic over SSL VPN is the recommended connection profile, since it provides access to all Virginia Tech resources and doesn't slow down internet traffic to services outside of Virginia Tech. For more information, see the Which Connection Profile Do I Use? section of Remote Access VPN Frequently Asked Questions.
Instructions
Download Ivanti Secure Access Client
- Android:
- Download and install the Ivanti Secure Access Client app.
- On your device, in the Google Play, search for Ivanti Secure Access Client.
- Tap the icon corresponding to the Ivanti Secure Access Client app that is appropriate for your device.
- Tap Install.
- If prompted to give permissions to the app, after reading the permissions, tap Accept.
- If prompted to update apps automatically, tap the button that corresponds to your choice.
- When the installation is complete, start the Ivanti Secure Access Client app.
- Download and install the Ivanti Secure Access Client app.
- Apple iOS:
- Download and install the Ivanti Secure Access Client app.
- In the Apple App Store, search for Ivanti Secure Access Client.
- In the search results, tap Ivanti Secure Access Client.
- If available, tap Get.
- Tap Install.
- If prompted, type your Apple password and tap OK.
- To start client, when the installation is complete, tap Open.
- Download and install the Ivanti Secure Access Client app.
Setup SSL VPN for Android and iOS
- Verify that you are registered to use the Remote Access VPN service by following the instructions at see Registering Online for eduroam Wireless LAN Service.
- If you have not already done so, enroll in 2-factor authentication by following the instructions at Enrolling, Adding, Managing, or Removing a Duo 2FA Device.
- Add the connection:
- a) - VT Traffic over SSL VPN (preferred):
- If this is the first connection you are adding to the VPN client:
- In the URL text box, type: https://vpn.nis.vt.edu/vttraffic
- Tap Connect.
- In the Connection Name text box, type: a) - VT Traffic over SSL VPN
- Verify that Authentication Type is set to Password.
- Tap Add.
- In the URL text box, type: https://vpn.nis.vt.edu/vttraffic
- If you have an existing connections in the VPN client:
- On the Connections screen, in the center-right corner, tap the plus sign (+).
- In the URL text box, type: https://vpn.nis.vt.edu/vttraffic and click Submit.
- In the Connection Name text box, type: a) - VT Traffic over SSL VPN
- Verify that Authentication Type is set to Password.
- Tap Add.
- If this is the first connection you are adding to the VPN client:
- b) - VT Traffic over SSL VPN:
- If this is the first connection you are adding to the VPN client:
- In the URL text box, type: https://vpn.nis.vt.edu/alltraffic
- Tap Connect.
- In the Connection Name text box, type: b) - All Traffic over SSL VPN
- Verify that Authentication Type is set to Password.
- Tap Add.
- In the URL text box, type: https://vpn.nis.vt.edu/alltraffic
- If you have an existing connections in the VPN client:
- On the Connections screen, in the center-right corner, tap the plus sign (+).
- In the URL text box, type: https://vpn.nis.vt.edu/alltraffic and click Submit.
- In the Connection Name text box, type: b) - All Traffic over SSL VPN
- Verify that Authentication Type is set to Password.
- Tap Add.
- If this is the first connection you are adding to the VPN client:
- a) - VT Traffic over SSL VPN (preferred):
- Connect and enter your credentials.
-
- One the VPN client's main screen click on a) - All Traffic over SSL VPN (preferred) or b) - All Traffic over SSL VPN, then tap Connect.
- In the Username text box, type your VT PID, which is the first part of your @vt.edu email address.
- In the password text box, type your PID password.
- Tap Login.
- Complete authentication with your 2-factor device.
- If your second factor device is unavailable or broken, see the How Do I Login without My Phone or Any 2-Factor Device if It Is Lost, Forgotten, Broken or Unavailable? section of Frequently Asked Questions about Duo 2-Factor Authentication.
- If you have never enrolled in 2-factor authentication, you must do so before connecting to the VPN. For instructions, see Enrolling, Adding, Managing, or Removing a Duo 2FA Device.
- If you wish to change the default 2-Factor method, click on the Other options link. The following list is the options available for 2-Factor Authentication:
- To use push notification:
- Select Duo Push from the Other options list.
(This will send a push notification to the first push-capable device that is enrolled in your Duo account. To send the push notification to a different device, select the last item from the Other options list, Manage devices.) - When the push notification appears, accept the Duo push notification.
- If the push notification does not appear, see Duo Mobile App Errors, Problems, and Connection Issues / Duo Push Not Received.
- When the connection is complete, the authentication window will automatically close, and the Ivanti app will update to show as connected.
- Select Duo Push from the Other options list.
- To use SMS text message:
- Select Text message passcode from the Other options list.
(This will send an SMS to the first SMS-capable device that is enrolled in your Duo account. To send the SMS to a different device, select the last item from the Other options list, Manage devices.) - You will receive an SMS text message that starts with "VT DUO: SMS passcodes:" to your primary mobile phone. Open that text message which will contain a seven digit passcode.
- In the "Passcode" text box, type in the passcode from the SMS text message.
- Click Verify.
- When the connection is complete, the authentication window will automatically close, and the Ivanti app will update to show as connected.
- Select Text message passcode from the Other options list.
- To use a voice phone call:
- Select Phone call from the Other options list.
(This will call the first voice-capable device that is enrolled in your Duo account. To send the phone call to a different device, select the last item from the Other options list, Manage devices.) - The primary telephone number associated with your Duo account will ring. Answer the telephone.
- Press one of the number keys on the phone to confirm the authentication.
- When the connection is complete, the authentication window will automatically close, and the Ivanti app will update to show as connected.
- Select Phone call from the Other options list.
- To use a 6-digit numeric passcode from the Duo mobile app:
- Start the Duo mobile app.
- In the Duo mobile app, tap Show to the right of the hidden Passcode.
- On your computer select Duo Mobile passcode from the Other options list.
- In the Passcode text box, type the 6-digit numeric passcode from the Duo mobile app.
- Click Verify.
- When the connection is complete, the authentication window will automatically close, and the Ivanti app will update to show as connected.
- To use a 6-digit numeric passcode from a D-100 token or a software token:
- Use the D-100 token or the smartphone application to generate a 6-digit numeric code.
- On your computer select Duo Mobile passcode from the Other options list.
- In the Passcode text box, type the 6-digit D-100 numeric passcode.
- Click Verify.
- When the connection is complete, the authentication window will automatically close, and the Ivanti app will update to show as connected.
-
- If this is the first time connecting on your device you will receive the following prompt:
Click Yes, this is my device. - When you are finished using the remote access - VPN, disconnect from it. To do this:
- Open the Ivanti Secure Access Client app.
- Tap on the active VPN connection name.
- On the Connection Details screen, click the Disconnect button at the bottom to end the VPN session.