Virtual Private Networking

The Internet is a large network of networks. The networks that make it up can be commercial, academic, government, research or private networks. Many of these networks, their users and the data being transferred over the networks need to be protected to prevent them being accessed or modified by third parties.
The most secure way to connect to a network is to be plugged directly into it by wires, but in many cases this is not convenient or even possible. Someone who is travelling around the country or overseas will have access to the Internet but if they want to have secure communications with their home network they will use Virtual Private Networking.

If you want to connect to the USYD VPN service, you’ll need to follow the steps below:

1. Activate your UniKey account for VPN
2. Download and install the Cisco VPN Client
3. Connect to VPN Client with the correct profile

Comprehensive information and setup guides can be found here.

Anyone who needs access to the Sydney University network from wherever they are, as if they were actually on-campus. Some resources within Sydney University have restricted options available to web visitors from outside the local network (eg the Library website). Using VPN avoids these limitations and allows the same uses of such resources as are available while on campus.
Some parts of the Sydney University campus have certain IP addresses which allow them to access all local information as normal, but only allow web-browsing of external data, and that only after authenticating with the web-proxy. VPN users are provided with a different type of IP address upon authentication, allowing them to connect to FTP sites; send and receive email through third-party SMTP/POP mail providers; chat (for example using Yahoo, ICQ or Microsoft Network Messenger Service) without the need for proxy configuration; and use many other protocols which require such an IP address. There are some services, however, which will not work even through VPN; most notably video-chat is not possible through a VPN connection.

Off-Campus Access
Using the VPN client from off-campsus allows University staff and students access to network resources, as if they were on campus. It allows remote access to: network shares; databases; Citrix; and exchange (mcs) email via outlook or entourage.

On-Campus Access
The VPN client, when used On-campus, allows the user to have a natted IP address. The oncampus profile allows users on a private IP range (172. address) to connect to: instant message programs; anti-virus software update servers; or external (non Usyd) mail servers.

Wireless Access
VPN is used on the wireless network, to encrypted data sent from your machine to the access point; resulting in a more secure connection.

VPN is a way of building a virtual (software) network over the top of a real (physical) network. The physical network route between the home network and the end user can comprise of telephone lines, commercial ISPs, trunk cables, optic fibre networks, etc. and it is insecure. The virtual network creates a channel from the home network into the user's computer, encrypts all the data going through that channel, and then treats the remote computer as though it were actually connected to the home network. It does this since that traffic is 'trusted'; it has assurance that no external party has accessed or modified network requests and information.
Once a machine is connected through a VPN client to a VPN host over a public network, network data requests that machine makes are made to the home network via the VPN connection. Someone who dials up to the Internet via a commercial ISP normally downloads their information from the ISPs connections. As long as the computer is connected to a VPN host, however, their normal ISP is only acting as a relay, passing the encrypted data on to the VPN host which understands it and responds to it. Anything that limits or breaks the physical network will limit or break the virtual network too: a VPN across a dial up connection will only be as fast as that dial up connection is normally, and disconnecting from the dial up connection will break the connection to the VPN host.

To be able to use the VPN, you need to install the VPN Client to the computer(s) you wish to connect from. You can install to your own personal computer, you may be able to install to your Faculty or Departmental computer depending on its Administrative setup, but you will not be able to install the VPN client to Access Lab computers or other computers with Administrative restrictions in place on them.
VPN also requires a computer with a feasible network connection to it. This can be in the form of a dial-up account through a modem and phone line; an ethernet connection to a LAN; or some other network access medium. Some Ethernet network cards are not CISCO-certified and may not be compatible with our CISCO VPN host. Virtually all modems should be compatible with the VPN.

The VPN client provides different access levels depending on your location and requirements. You will need to decide on which profile you should use to connect and the authentication method. Below is information on the 3 different profiles.

OnCampus Profile

• Who: The on-campus profile should only be used by people who are connected to the Usyd Local Area Network through Ethernet; some areas of the Sydney University network may have certain port restrictions. E.g. Anyone staying at one of the colleges or SUV.
• Why: Using this Profile with !10 will enable your machine to have direct Internet access via Network Address Translation (NAT).
• Applications: If you are having problems using: instant message programs; updating virus software or connecting to external (non Usyd) mail servers.
• Cost: There is no additional cost; users will incur standard usage costs of charged at 2c/mb for external traffic, charged to their UniKey account.
• Login: Unikey!10 - When authenticating with the VPN Client using this profile, you must use your UniKey username with !10 after it (e.g. abcd!10) and your normal UniKey password.
• Proxy: Proxy settings are required. Use the paid cache www-cache.usyd.edu.au port 8080 or the automatic configuration script http://www.usyd.edu.au/proxy.pac

OffCampus Profile

• Who: This profile should be used by staff who connect to the Internet via a commercial Internet Service Provider.
• Why: VPN using the Off-campus profile will allow you to connect to other systems as if your computer were on campus, whether or not it actually is physically located on the campus network.
• Applications: Remote access to: network shares; databases; or exchange (mcs) email via outlook or entourage.
• Cost: Any data that the university server downloads will incur a usage charge to your UniKey account. Any data you upload (send) to a Usyd server will incur web traffic charges of 2c/mb (e.g. copying a 10 mb file from your home machine to your Usyd network share will cost 20c). Anything that you download while you are connected with the Off-campus profile will incur a very small traffic charge as you are still uploading a small amount of data, this is normally around a 10% overhead. (e.g. copying a 10 mb file from a Usyd network share to your home machine will cost around 10% of the 10 mb file or 1 mb worth of traffic, which results in a 2c charge.)
• Login: When authenticating with the VPN Client using this profile use your UniKey Login. If you require a static IP Address then you should use the Unikey!10 to authenticate.
• Proxy: Do NOT use the Usyd web-proxy with this profile or you will be charge for all internet traffic on your UniKey account while the VPN is active.

Wireless

• Who: This profile must be used if you are connected to the Usyd wireless network
• Why: The VPN client will encrypting data to and from your computer, creating a secure connection.
• Cost: Wireless users get 6 Meg free a day. You must configure your browser for the Free cache proxy server: www-cache5.usyd.edu.au port 8085. Alternatively, if you run out of free cache you can switch to the paid cache www-cache.usyd.edu.au port 8080, in which standard web usage charges of 2c/mb will apply.
• Login: Use just your UniKey username and password if you want to use the free cache. However you will have difficulties accessing programs that do not run on port 80, such as instant chat programs and email clients. You will need to login with UniKey!10 and your normal password to gain access to such applications.
  Please note that you will not be able to use the free cache when authenticating with this method.
• Proxy: Proxy settings are required. For the free cache use www-cache5.usyd.edu.au port 8085. For the paid cache use www-cache.usyd.edu.au port 8080 or the automatic configuration script http://www.usyd.edu.au/proxy.pac
• Comprehensive wireless setup information and guides can be found here

Everything that you view on your screen that came from somewhere on the Internet can only be displayed to you once it has been downloaded to your computer. Whether it is an email, an attachment, a web page, a picture, an archive or document - all these files are stored on a server computer somewhere in the Internet and the only way you can access them is if you copy them down through the network onto your computer. While accessing your email through a webpage typically involves far less data traffic than deliberately downloading a specific file from the Internet, it is nevertheless downloaded to your computer. Since Internet Service Providers have to buy this data in order to provide it to you, they often pass this charge onto their users in some way or other, whether that is per-minute phone call charges, monthly subscription, or advertisement inundation.
How much your data trafficked via Sydney University's VPN will cost depends on two factors: where the information needs to come from in the Internet, and where it is going to.