VPN FAQ

Owned by Martin Keen
Last updated: Jun 23, 2022 by Helen Logan-Corbin
4 min read

FAQs

Error; your user name or password may not be configured properly for this connection

If your connection to the VPN does not complete and you receive the error message "Unable to logon to the server. Your user name or password may not be configured properly for this connection. (-12)" then you may need to modify additional settings. If you have a supported computer we can help with this.

 Click here to view steps to resolve...
  1. Open Internet Explorer
  2. click on the Settings cog
  3. Select the Security tab then select Trusted sites and click the Sites button
  4. add the relevant url to Trusted sites

 



Can I use the VPN without installing the FortiClient software?
Sadly not. The VPN is designed to work specifically with this client and other SSL-VPN clients will not work with it.

I am a member of department X and need to access files on subnet Y. Can you grant me access?
By default, all users of the VPN will have the same network access that they would if they were physically connected to the network. If you encounter issues with connecting to network resources while using the VPN, but not when your device is physically connected to the network you should contact the CSCS Service Desk who will help to diagnose the problem.

Does this service integrate with Raven or any of the UIS systems?
Not at this time, although we may explore this in future.

I keep getting a warning that "Access is denied" when connecting to the VPN.
This error can come up for a few reasons:

  1. If you are a member of the Zoology or MINTS domain, you must have contacted the Service Desk, so that we may add you to our VPN users list.
  2. If your password is due to expire or has expired, you will be unable to connect until you have changed it.
  3. Make sure you are definitely using the correct username and password combination.

Remember – you do not need to use the DOMAIN\username prefix to connect; you only need to enter your username. If you continue to have issues, please contact the service desk.

I cannot get my version of Linux to work with the VPN client. Can you assist?
We sadly do not offer support for the Linux client. FortiClient do not officially support it either which has made the process of creating a client difficult. We can offer an IPSec VPN for Linux users, but at this time we only make special exceptions for this.

I am using a full tunnel VPN and the internet connection is slow, can this be improved?
We have deliberately capped the internet speed through a full tunnel so users do not use the VPN as an internet proxy. We have also filtered a lot more categories of traffic, as you should be using the VPN to access files and resources not browse the internet.

Can I change from Split Tunnel to Full? (Or vice versa)
Yes. Contact the service desk and they will change your group membership to use the other type of tunnel.

NOTE: SLCU VPN users only have the Split Tunnel option. Full Tunnel is not available when connecting to SLCU via VPN.

Do any ports need to be open on my local network provider's firewall?
Yes, your local network provider will need to make sure outgoing connections using HTTPS protocol to vpn.medschl.cam.ac.uk via port 10443 are allowed.


Does all my traffic go via the VPN?

 Click here to show the two types of VPN settings and what traffic goes through the VPN

The VPN service currently offers two types of VPN – full tunnel mode and split tunnel mode. By default we will provide a split-tunnel VPN.

In Split Tunnel mode, only network traffic to the internal network is sent down the VPN connection. All other internet traffic is sent out as normal.This keeps your internet browsing as fast as it usually is.

In Full Tunnel mode, all traffic sent down the VPN connection, meaning internet browsing is also funneled via the University Firewall. Although browsing will be slightly slower as a result, it will be more secure. Full Tunnel Mode is advised for users who access sensitive data, travel abroad extensively or are generally concerned about security. (Note: Full Tunnel is only available with the Addenbrookes VPN)


 

The VPN service is an SSL-VPN and therefore requires very little configuration on end user devices due to its simplicity. SSL-VPN uses the well-known HTTPS protocol to establish and maintain its connection and uses digital certificates to maintain authenticity of VPN listeners.

While connected to the VPN your device cannot be used as a server. Your connection into the internal network is "stateful" which means that if you try to access a resource within the internal network through the VPN, the resource you are connecting to is allowed to send data in reply to your device. The resources or clients within the internal network cannot establish the initial connection first.

Connecting to the VPN from within the CSCS/Zoology/SLCU network will result in a reduced level of network connectivity. You should never need to connect to the VPN if you are connected physically to the network. The only time you would want to use the VPN at work, would be if you were using Eduroam/UniOfCam or some kind of Wi-Fi hotspot.