Skip to the content

Kansas State University

[an error occurred while processing this directive]
IT Help Desk
Kansas State University
214 Hale Library
Manhattan, KS 66506
785-532-7722
800-865-6143 (toll-free)
helpdesk@k-state.edu
Facebook Twitter

Virtual Private Network Frequently Asked Questions

  1. What is a VPN?
  2. Why should I use the VPN?
  3. What is the difference between the full and split VPN tunnel options?
  4. What is a departmental VPN profile?
  5. How do I request a departmental VPN profile?
  6. Can outside vendors use VPN to support systems at K-State?
  7. Can I use the VPN client on campus or through K-State's dial-in?
  8. When I type my password, is it secure?
  9. Does the VPN protect my computer from viruses?
  10. Should I also use SSH and other "higher layer" encrypted services even if I am using the VPN?
  11. What username and password do I use?
  12. What operating systems does the Cisco VPN client require?

1. What is a VPN?

VPN stands for "virtual private network", and is used to establish a secure connection between the host and another computer or network. The type of VPN Information Technology Services supplies is commonly known as a remote access or tunnel VPN service. The K-State VPN service allows you to establish an encrypted tunnel between your computer and K-State's network via the Internet. Use of this VPN will allow you to establish a connection to the K-State network that will be be secure even if accessed from an unsecure location like an airport or coffee shop.

2. Why should I use the VPN?

By connecting to K-State's VPN, you assure that the data you transmit or receive will be secure between your computer and K-State. It will also allow access to resources that are restricted based on the K-State source IP addresses (10.130.x.x and 129.130.x.x) as well as services that are restricted, such as Samba.
Note:Traffic between the VPN and the computer you are communicating with will not be
encrypted unless you are using SSL-enabled applications.

3. What is the difference between the full and split VPN tunnel options?

When using a split tunnel only your traffic to campus will be encrypted and secured between your computer and the VPN. When using a full tunnel all of your network traffic will be routed through an encrypted connection to the VPN and then from the VPN to its intended destination. With both options traffic between the VPN and the remote system you are communicating with will not be encrypted, unless you are using SSL-enabled applications.

  • .KStateVPN (split tunnel) should be used when you need to connect to campus resources that are restricted based on K-state source addresses 10.130.x.x and 129.130.x.x. Split tunnel use may also be required for both on and off campus users for certain sensitive systems.

  • .KStateVPNFull_Tunnel (full tunnel) should be used when you are accessing sensitive systems and websites, including K-State sites, financial sites, and others while on an untrusted network. Specific examples of untrusted networks include hotel wireless connections, airport wireless connections, and any unsecured or public wireless network. Use of the full tunnel can slow down your connection, so only use it when you need extra security. It is not necessary to use the full tunnel from a properly secured home network.

4. What is a departmental VPN profile?

A VPN profile can be set up for a department which gives users an address from a smaller predefined pool, which allows tighter firewall rules to be applied to a specific resource. These profiles can be used from both on and off campus allowing you to configure firewalls for only one IP range. This will help to eliminate the need for static IP addresses and will allow for greater flexibility, like being able to access resources from wireless networks with dynamic addresses.

5. How do I request a departmental VPN profile?

  1. Go to servicenow.ksu.edu and sign in with your eID and password.
  2. On the left hand toolbar select "Service Catalog".
  3. In the "Security and Access" panel, click on the "New VPN Service" option.
  4. Fill out the correct information in the boxes below.
  5. On the right hand toolbar, click "Add to Cart" then click "Proceed to Checkout".

6. Can outside vendors use VPN to support systems at K-State?

Yes. There is a dedicated tunnel group defined for 3rd-party vendors to be able to connect to systems that are only accessible on-campus due to existing in local address space or protection by firewalls. Each individual that will be needing access to this tunnel group should register for an eID. The K-State employee sponsoring their access should then fill out the special access eID form and follow the directions below to add the vendor.

  1. Go to servicenow.ksu.edu and sign in with your eID and password.
  2. On the left hand toolbar select "Service Catalog".
  3. In the "Security and Access" panel, click on the "Edit VPN Service Group Membership" option.
  4. Fill out the correct information in the boxes below.
  5. On the right hand toolbar, click "Add to Cart" then click "Proceed to Checkout".

7. Can I use the VPN client on campus or through K-State's dial-in?

Yes.

8. When I type my password, is it secure?

Yes. The password is encrypted using SSL.

9. Does the VPN protect my computer from viruses?

No. A VPN provides security by encrypting and decrypting data that passes through a VPN connection. It does not offer protection from viruses or other malware. Computers that connect to the K-State network are required to run working antivirus software and up-to-date virus definition files to prevent infection by viruses and malware.

10. Should I also use SSH and other "higher layer" encryption services even if I am using the VPN?

Yes. SSH provides end-to-end encryption, whereas the VPN only provides encryption from your client up to the VPN itself, which is located in the K-State core network. If you are using non-SSL-enabled applications, or websites, data between the VPN and the computer you are communicating with will not be encrypted.

11. What username and password do I use?

When prompted to enter a username and password, you will need to enter your eID and password.

12. What operating systems does the Cisco VPN client require?

  • Microsoft Windows XP Service Pack 2+ 32-bit (x86) and 64-bit (x64)
  • Windows Vista 32-bit (x86) and 64-bit (x64), including Service Pack 1 and 2 (SP1/SP2)
  • Windows 7 32-bit (x86) and 64-bit (x64)
  • Windows 8 32-bit (x86) and 64-bit (x64)
  • Mac OS X 10.6 and higher
  • Linux Intel (2.6.x kernel)
  • iOS 4 or higher
  • Windows RT is not currently supported