Introduction
Secure Sockets Layer (SSL) virtual private network (VPN) provides secure remote access from one machine to restricted/private resources across a public network. Virginia Tech's SSL VPN service referred to as "Remote Access VPN”, is a subscription-based service that allows a user to access Virginia Tech resources remotely across the globe. This service does not provide any end-to-end encryption to other services that are being accessed over VPN but does encrypt the traffic between your machine and the VPN device.
Top of page
Contents
Top of page
Top of page
Eligibility Requirements
- All current Virginia Tech faculty, staff, and students are eligible to access Remote Access VPN.
- Remote Access VPN is a subscription based, bundled service with the Virginia Tech wireless network service or the Virginia Tech wired Ethernet service. You can verify your subscription by following the instructions at Registering Online for Wireless LAN Service.
- You may use either Virginia Tech provided computers or personally owned computers to connect to Remote Access VPN, as long as they meet the minimum system and password requirements.
- You must have access to an administrator account on the computer. If you have a device owned by Virginia Tech and do not have that access, contact your Network Liaison or contact 4Help at http://4help.vt.edu by clicking Get Help.
Top of page
We do not support Mac OS version 12.6.6 and below.
See Ivanti Secure Access Desktop Client Supported Platforms Guide for a list of supported operating systems and web browsers.
For security reasons, we ask users to upgrade their machines to the latest version and update them periodically to receive any patches for vulnerabilities. Network Infrastructure and Services (NI&S) is unable to support operating systems that are no longer supported by the operating system manufacturer.
Top of page
Network Requirements: Enable IPv6
To access Virginia Tech Remote Access VPN service, you must enable both IPv4 and IPv6 stacks on your network adapter. IPv6 requirement is not dependent on your ISP's ability to provide you with an IPv6 address, this is because the VPN allocates you an IPv6 address and does need the IPv6 stack to be enabled on your network adapter. To enable IPv6, follow the instructions in the Authentication successful but following error is displayed: "Connection Error Failed to setup virtual adapter. (Error:1205). (restart your system and try again)." section of Remote Access VPN Frequently Asked Questions.
Top of page
2-Factor Authentication
The Virginia Tech Remote Access VPN service requires 2-factor authentication. For more information, see Using 2-Factor Authentication.
Top of page
Connection Options
Generally, a) - VT Traffic over SSL VPN is the recommended connection profile, since it provides access to all Virginia Tech resources and doesn't slow down internet traffic to services outside of Virginia Tech. For more information, see the Which Connection Profile Do I Use? section of Remote Access VPN Frequently Asked Questions.
Top of page
Instructions
Downloading and Installing Ivanti Secure Access in Mac OS
- Verify that your computer is running Mac OS 12.6.6 Monterey or later. For instructions, see Find out which macOS your Mac is using.
- Log on to your computer with an account that has administrator privileges.
- Verify that you are registered to use the Remote Access VPN service. For instructions, see the To Verify Registration section of Registering Online for Wireless LAN Service.
- If you have not already done so, enroll in 2-factor authentication by following the instructions at Enrolling, Adding, Managing, or Removing a Duo 2FA Device.
- If Ivanti is currently installed, uninstall Ivanti.
- Exit Ivanti.
- If available, at the very top of the screen, in the Mac OS top menu bar, to the left of the time, click Ivanti.
- Click Exit.
- If prompted that exiting may disable some connections, click OK.
- Start Finder.
- From the Go drop-down, click Applications.
- Right-click Ivanti Secure Access.
- Click Move to Trash.
- If you receive an error message that Ivanit is running, exit Ivanti by following these instructions from the beginning again.
- In the authentication window:
- In the Username: or Name: text box, type the name of a administrator computer account.
- In the Password: text box, type the password of that account.
- Click OK.
- When prompted to save configuration, click No.
- When prompted that Ivanti has been uninstalled, click OK.
- To avoid confusion, delete all VPN connections.
- In the top-left corner of the screen, click the Apple.
- Click System Settings.
- Click Network.
- In the left pane, for each VPN connection listed:
- Click the VPN connection.
- At the bottom of the left pane, click minus (-).
- Click Apply.
- Download the Ivanti Secure Access installer by clicking the following link:
- When prompted, save the installer file to your computer.
- After the download is complete, in Finder, double-click vtVpnSetup.dmg to launch the installer.
- If prompted about opening an app from an unidentified developer:
- Right-Click on the file and select Open to continue past the unidentified developer prompt.
If you are unable to Right-Click or you do not have the Open option then your other method is to allow the file to be opened from the security settings:
- From the Apple drop-down, click System Settings.
- Click Privacy & Security.
- Near the bottom of the window, click Open Anyway.
- If prompted about are you sure you want to open the app, click Open.
- If prompted about an invalid certificate, click Continue.
- A new Window should open, double-click on the file vtVpnSetup.pkg to begin the installation.
- Click Continue.
- Click Install.
- When prompted for authentication, either enter the username and password of an administrative computer account and click Install Software, or use Touch ID.
- When the installation is complete, click Close. Ivanti will automatically start and minimize to the top menu bar.
- If prompted about moving the installer to the trash, click Keep.
- Follow the instructions below for Connecting to VPN in Mac OS
- If you are experiencing any problems please review the Remote Access VPN Frequently Asked Questions before contacting 4Help by clicking Get Help at the top of this page.
Top of page
Connecting to VPN in Mac OS
- The instructions below are for connecting to a) - VT Traffic over SSL VPN, and the procedure is the same for connecting to the other connection profile.
- If you have not yet installed Ivanti, follow the instructions above at Downloading and Installing Ivanti Secure Access on Mac OS.
- If you do not know which connection profile to use, we recommend using a)- VT Traffic over SSL VPN. For more information, see the Which Connection Profile do I use? section of Remote Access VPN Frequently Asked Questions.
- In the Mac OS top menu bar, click Ivanti Secure Access.
- Click a) - VT Traffic over SSL VPN.
- Click Connect.
- In the browser window that opens type your credentials.
- In the Username text box, type your VT PID, which is the first part of your @vt.edu email address.
- In the Password text box, type your PID password.
- Click Login.
- Complete 2-factor authentication.
(If your second factor device is unavailable or broken, see Lost, Forgot, Broke, or Unavailable 2-Factor Device.)
- The screen will default to your preferred 2-factor method. If you prefer to use another method click on the Other options link. The following list is the options available for 2-factor authentication
- To use push notification:
- Select Duo Push from the Other options list.
(This will send a push notification to the first push-capable device that is enrolled in your Duo account. To send the push notification to a different device, select the last item from the Other options list, Manage devices.)
- When the push notification appears, accept the Duo push notification.
- If the push notification does not appear, see Duo Mobile App Errors, Problems, and Connection Issues / Duo Push Not Received.
- When the connection is complete, the window will automatically close, and the Ivanti icon will have a green arrow.
- To use SMS text message:
- Select Text message passcode from the Other options list.
(This will send an SMS to the first SMS-capable device that is enrolled in your Duo account. To send the SMS to a different device, select the last item from the Other options list, Manage devices.)
- You will receive an SMS text message that starts with "VT DUO: SMS passcodes:" to your primary mobile phone. Open that text message which will contain a seven digit passcode.
- In the "Passcode" text box, type in the passcode from the SMS text message.
- Click Verify.
- When the connection is complete, the window will automatically close, and the Ivanti icon will have a green arrow.
- To use a voice phone call:
- Select Phone call from the Other options list.
(This will call the first voice-capable device that is enrolled in your Duo account. To send the phone call to a different device, select the last item from the Other options list, Manage devices.)
- The primary telephone number associated with your Duo account will ring. Answer the telephone.
- Press one of the number keys on the phone to confirm the authentication.
- When the connection is complete, the window will automatically close, and the Ivanti icon will have a green arrow.
- To use a Yubikey:
- The Yubikey must be previously registered with Duo as AES. U2F tokens will not work. For instructions, see Enrolling a YubiKey as AES/OTP to Use in Any Browser.
- Select Security key from the Other options list.
- When prompted to "Touch your security key" tap your YubiKey. The passcode will be automatically generated and submitted by the YubiKey for you.
- When the connection is complete, the window will automatically close, and the Ivanti icon will have a green arrow.
- To use a 6-digit numeric passcode from the Duo mobile app:
- Start the Duo mobile app.
- In the Duo mobile app, tap Show to the right of the hidden Passcode.
- On your computer select Duo Mobile passcode from the Other options list.
- In the Passcode text box, type the 6-digit numeric passcode from the Duo mobile app.
- Click Verify.
- When the connection is complete, the window will automatically close, and the Ivanti icon will have a green arrow.
- To use a 6-digit numeric passcode from a D-100 token or a software token:
- Use the D-100 token or the smartphone application to generate a 6-digit numeric code.
- On your computer select Duo Mobile passcode from the Other options list.
- In the Passcode text box, type the 6-digit D-100 numeric passcode.
- Click Verify.
- When the connection is complete, the window will automatically close, and the Ivanti icon will have a green arrow.
- If this is the first time connecting on your machine you will receive the following prompt:
- If the computer is public or shared between multiple users select "No, other people use this device" so that your VPN login information is not saved. If you are the only user of the computer select "Yes, this is my device".
- If prompted about an upgrade to Ivanti:
- Click Upgrade.
- When prompted for authentication, either enter the username and password of an administrative computer account and click OK, or use Touch ID.
- Ivanti will download and install the upgraded version, restart, and you will be reconnected to the remote access VPN.
- When you are finished using the remote access VPN, disconnect from it. To do this:
- In the Mac OS top menu bar, click Ivanti.
- Click a) - VT Traffic over SSL VPN.
- Click Disconnect.
- If you are experiencing any problems please review the Remote Access VPN Frequently Asked Questions before contacting 4Help by clicking Get Help at the top of this page.
Top of page