Computer Science & Computer Engineering

Introduction

ITS requires the use of their Virtual Private Network (VPN) when connecting to many campus resources from off-campus. This includes many of the services the Computer Science Department provides. The VPN makes your off-campus connection appear to be coming from on campus, and in doing so it encrypts the traffic between your computer and the campus network. With the VPN active, you can imagine yourself sitting on the UW–L campus.

macOS and Windows

This process describes how to install Cisco's AnyConnect software and use it to connect to the campus VPN.

Go to https://vpn.uwlax.edu/ and log in with your campus username and password. This will not connect you to the VPN, but rather allows you to download AnyConnect. Find the AnyConnect button in the menu on the left pane of the page. From there you will see a page with a link to Start AnyConnect ... which will prompt you to download and install the AnyConnect software. Follow that prompt.

Once AnyConnect is installed, start the AnyConnect client, and point AnyConnect to connect to vpn.uwlax.edu. AnyConnect will prompt you for your campus username and password, and it might also prompt you for a Duo code. Once connected, your computer will appear to be on the same campus network as campus computers.

When you are done using the campus computer, don’t forget to log out of AnyConnect.

Linux

Depending on your configuration, you might find it possible to configure your computer to use the VPN using the same utility you used to configure your WiFi connection. If this is the case, then remember to use vpn.uwlax.edu as the VPN server, and log in using your campus credentials.

An alternative uses the command-line program openconnect and supports multi-factor authentication using a YubiKey. Due to limitations in the software involved, this is currently a two-step process: (1) authenticate to the VPN using a browser and (2) export the resulting cookie and pass it to openconnect using a command-line argument. (Eagle Help Desk ticket #168669 documents the need for better integration between the VPN and YubiKey on Linux.) The following script, which must run with root privileges, will partially automate this process:

#!/bin/sh

uwlpw=$(mktemp)
cookie=$(mktemp)

trap "rm -rf $uwlpw $cookie" SIGTERM SIGINT EXIT

chmod 600 "$uwlpw"
chmod 600 "$cookie"

if [ "$(id -u)" != 0 ]; then
    printf "must run as root\n" >&2
    exit 1
fi

printf "Enter UWL password: " >&2

stty -echo
head -1 | tr -d '\n' >"$uwlpw"
printf "\n" >&2
stty echo

printf "\n" >&2
printf "You may obtain a vpn.uwlax.edu cookie by visiting https://vpn.uwlax.edu,\n" >&2
printf "signing in, viewing your web browser's developer tools, selecting storage,\n" >&2
printf "and selecting the cookie named \"webvpn\".\n" >&2
printf "\n" >&2
printf "Enter vpn.uwlax.edu cookie: " >&2

stty -echo
head -1 | tr -d '\n' >"$cookie"
printf "\n" >&2
stty echo

cat "$uwlpw" | openconnect -v -u wpetullo --passwd-on-stdin --useragent="AnyConnect Linux_64 4.10.07073" -C "webvpn=$(cat $cookie)" https://vpn.uwlax.edu

Save this script to a file named vpn-uwl, set it as executable using chmod +x vpn-uwl, and run it with something like sudo ./vpn-uwl. You can inspect the script if you are interested in understanding how this works.

When you are done using the campus computer, don’t forget to log out of the VPN. With openconnect this is a matter of terminating the program by pressing Ctrl-C.

Support

The Help Desk can help you solve any problems you encounter with the campus VPN.