VPNUniversity of Florida VPN Service
Information on new University of Florida Gatorlink VPN System
On 10/29/2008, Network Services replaced the existing hardware which has been in production since 2002 with new equipment. This new equipment provides several advantages over the previous generation of hardware:
- More than a four-fold increase in throughput capability.
- Support for AES family of encryption protocols.
- Support for 64bit and 32bit L2TP Windows VPN Clients (both XP and Vista)
- Support for L2TP clients within Departmental VPNs.
- Support for additional VPN tunnel types and flexibility (currently in testing).
- Support for existing clients and tunnel types. Allows for nearly seamless migration to new hardware.
In addition, Network Services has created a new authentication infrastructure to support this VPN equipment. The new authentication back-end was created from the ground up to support more flexible user management and full integration with the UF Active Directory service. Some of the advantages include:
- Multi-site redundancy for enhanced service availability.
- Integration with UFAD for Departmental VPNs. This means you can manage your own Dept VPN membership within UFAD.
- Allows for long GLIDs within Departmental VPNs (greater than 8 characters).
- Support for additional authentication types for L2TP clients.
Although many changes have been made, the system should appear substantially similar to the old one as far as usability is concerned. There are some important items to note however:
- The new authentication system requires that all users use the @ufl.edu if a domain is used at all. For instance, if you type "username@dept.ufl.edu", this will not work. You must use "username@ufl.edu." Simply using "username" is fine as well. Using a campus only tunnel is still "username@ufl.edu/campus." We currently accept \\UFAD\username due to the tendancy for Microsoft clients to use it when they are added to a domain.
- Those departmental VPNs with dashes in the names (username@ufl.edu/dept-vpn) have had the dashes removed (username@ufl.edu/deptvpn).
- All departmental VPNs are now, by default, full tunnels (all traffic except for the traffic on your local subnet is encapsulated into the tunnel). If you would like to have a campus only tunnel, please authenticate as username@ufl.edu/[dept]-campus.
- L2TP clients may now access departmental VPN tunnels by authenticating as username@ufl.edu/[dept]. Campus only tunnels will not function properly with the L2TP client, but rather will result in a full tunnel. This is a limitation of the L2TP client.
- L2TP clients may now use MSCHAP-V2 authentication, which is the default for Microsoft clients.
- Departments may now manage their own departmental VPN membership directly though UFAD. If you have group objects in UFAD and would like this capability please open a CNS ticket.