VPN

When you connect to the VPN (Virtual Private Network), your computer establishes an encrypted link to CAEDM and becomes part of the BYU campus network. You are able to access network resources as if your computer was plugged-in to the university network.

Quick Installation Facts (for the impatient)

IKEv2 VPN Connections

Servername: vpn.et.byu.edu
Protocol: IKEv2
Authentication: EAP-MSCHAPv2

SSL VPN Connections

Download FortiClient after logging into https://vpn.et.byu.edu, or download from http://www.forticlient.com
Servername: vpn.et.byu.edu
Protocol: SSL VPN

Clientless SSL VPN Connections

Go to https://vpn.et.byu.edu using your browser of choice.

When to use the VPN

Most CAEDM remote computing resources can be used from off-campus without using the VPN .

However, there are some resources which, for security or licensing reasons, are only available to on-campus machines. When connected to the VPN, your computer is considered part of the on-campus network, thus making these restricted resources available to you remotely, and in a secure fashion.

Examples of such restricted resources you might use remotely include:

    • Workstations used by researchers, faculty, and staff
    • License servers
    • Free access to the Lee library's subscription services (e.g. Compendex, EBSCO, RefWorks, IEEE Xplore Digital Library, and Proquest Safari Books nline)
    • Content-filtered Internet access
    • Any other campus computer or service protected from the public Internet
Services available via VPN connection.

As seen in the table above, the VPN will allow off-campus connections to use your J Drive, or to print from off-campus to a CAEDM lab printer. It can also be used with publicly available services, such as RGS, Citrix, or SSH, though these services are already encrypted, so the VPN connection is not necessary. Note that while the VPN will give you wider access to services while on BYU-Guest, it will not remove the bandwidth limitations of BYU-Guest. If you want faster access, use BYU-Secure instead.

VPN Connection Options

There are three ways of connecting to the college VPN, listed in order of general preference:

  1. IKEv2 (Internet Key Exchange version 2)
  2. SSL VPN (Secure Sockets Layer Virtual Private Network)
  3. Clientless SSL VPN

Each has its own strengths, which are described below.

IKEv2 (Internet Key Exchange version 2)
IKEv2 is the preferred VPN connection as it is the simplest to use on most operating systems. IKEv2 support is included in Windows 7 or higher, and is available by plug-in or client download for Linux, Android, iOS, and Mac OS X. Unfortunately, Mac OS X also requires a workaround each time you connect and disconnect with the VPN. IKEv2 may have problems connecting in large, crowded conferences centers due to heavy traffic congestion. In such situations the SSL VPN has better success connecting.
SSL VPN
SSL VPN may be needed if the Internet Provider you are using doesn't allow IKEv2 VPN connections, or if you are in a heavily crowded conference room. The SSL VPN client is available as a download for Windows, Mac OS X, iOS, and Android.
Clientless SSL VPN
The Clientless SSL VPN is best when you can't install or configure the software needed for the IKEv2 or SSL VPN options (e.g. you are using an older version of Mac OS X, or someone else's computer). It requires only a web browser for services like SMB/CIFS (the J: drive) and content-filtered web browsing. A Flash or Java plug-in may be required for other services like SSH. The browser-based experience is not as seamless as the full SSL VPN client, but it can still be useful in a pinch.

Setup and Connection Instructions

VPN Instructions for Windows 7

VPN Instructions for Windows 8 (and Windows 10)

VPN Instructions for Mac OS X

VPN Instructions for iOS 9

VPN Instructions for Android

VPN Instructions for Linux

Troubleshooting

  • If you are going to be using programs installed on your local computer that require a license server, make sure that you include the et.byu.edu extension.
    • For example, if Wizbang 2000 requires a license server to run, normally that license server would be set to something like "1234@licserv". When using the VPN, it needs to be "1234@licserv.et.byu.edu". This will route the license request through VPN, and will then be able to find the license server. You can add the et.byu.edu and it will work just fine on campus as well, in addition to off-campus locations.
  • Do not use split tunnelling.