Configuring the UIS VPN on Windows 10 and Windows 11 devices
Before you start, you will need to know:
- yourNetwork Access Token usernameandpassword
– create yourtoken on the UIS Network Access Tokens siteand keep the window or tab open, in readiness for when you'll need to copy the username and password. - If you have been advised to use aManaged VPN, rather than the general University VPN service, you will need theVPN server hostname. Available VPNs and their server hostnames arelisted on the Managed VPN page.
Setting up the VPN in Windows 10 and Windows 11
- SelectStart>Settingsto open the 'Settings' panel:
- ...and selectNetwork & Internet:
- SelectVPNfrom the list on the left.Add a VPN connectionwill appear – click on the+sign:
- Click in the VPN Provider window, which should add the textWindows (built-in).
- In theConnection namebox, typeCambridge VPN.
- To connect to the main University VPN, in theServer name or addressbox enter:
vpn.uis.cam.ac.uk
.
Alternatively, if you are connecting to an Institution'sManaged VPN Service(not the main University VPN), you will need to enter itsVPN Server hostnamehere instead (see thelist of Managed VPN server hostnamesto find this). - Click in theType of sign-in infobox, which should default to 'Username and password':
DO NOTadd the username and password at this stage, but ensure thatRemember my sign-in infois ticked at the bottom of the screen.
- SelectSave, and this screen will disappear.
- You should now see the 'Cambridge VPN' icon; clickChange adapter settingsbeneath it:
In Windows 11 you may not see the "Change adapter settings" option, in which case:- Using the Windows 11 search option, type 'Control Panel' (without the quotes)
- Select Control Panel app from the list that appears
- In the top right of the Control Panel window change 'View by' to 'Large icons'
- Click on 'Network and Sharing Center'
- Click on 'Change adapter settings' on the left hand navigation bar
- Right-click on the 'Cambridge VPN' icon (showing as 'Disconnected'), and chooseProperties:
- Choose theSecuritytab, and under the headingType of VPN, selectIKEv2from the drop down list:
- Under the headingData encryption, selectRequire encryption (disconnect if server declines).
- Under the headingAuthenticationselectUse Extensible Authentication Protocol (EAP).
- Choose theNetworking tab, then selectInternet Protocol Version 4 (TCP/IPv4), and then click Properties.
- SelectAdvanced, and then select theIP Settings tab inAdvanced TCP/IP Settings box.See AlsoWhat Is a VPN Gateway?
- Make sure that 'Use default gateway on remote network' is checked.
- SelectOKand close the window.
Connecting to the VPN in Windows 10
- SelectStart > Settings.
- SelectNetwork & Internet.
- SelectVPNand then click on theCambridge VPNicon. AConnectbox will appear.
- ClickConnect.
- If you haven't done so already, create a Network Access Token on the UIS Network Access Token site, and keep the window/tab open so you can refer to the username and password.
- In theUsernamebox, type your Network Access Token username,usually in the form CRSid+device@cam.ac.uk(e.g.
[email protected]
). - In thePasswordbox, type your 16-characterNetwork Access Token password.
Tip:Don't copy and paste the username or password because this can lead to spaces being added, which will lead to an error.
Hint:Check that theRemember my sign-in infocheckbox is still ticked, if you want to log in automatically in future.
- Select theOKbutton.'Connected'should appear below theCambridge VPNicon.
Warning:Please be aware that traffic over the VPN is recorded and logged for security purposes
Disconnecting from the VPN after use
Click theDisconnectbox on the right, below theCambridge VPNicon.
Troubleshooting VPN problems in Windows 10
Continuously connecting
In a recent update to Windows 10 it has been reported that connecting to the VPN using the network icon in the system tray results in the status getting stuck at 'connecting'.
This is a known issue which Microsoft are looking into. The workaround is to connect to the VPN via Settings>Network & Internet>VPN
This should cause the credentials prompt to appear. If the credentials are saved, it should allow you to connect from the system tray icon in future.
IKE service status
If you have trouble connecting to the VPN or the connection just hangs, it may be that the required IKE service has not been started. To check:
- Go toStart>Settings.
- Search forAdministrative Tools. ChooseServicesfrom the list:
- TheIKE and AuthIPservice status should be listed as 'Running':
If it isn't, double-click to highlight theIKE and AuthIPline, and change theStartup typetoAutomatic.
Windows 10 "Policy match error"
If you encounter this error when connecting to a UIS VPN with a Windows 10 client, this means that Windows is not able to negotiate sufficiently strong encryption with the server. To fix it, you need to enable the stronger encryption in the registry. The easiest option is to modify the registry by hand, and update the key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman\Parameters\NegotiateDH2048_AES256
to have the value 1 (rather than 0 which is the default). To open the registry editor, please refer to Microsoft's documentation.
For more information, and alternatives for reconfiguring the Windows client, please see strongSwan's 'Windows Clients' documentation.
Still experiencing problems?
If you are still experiencing problems, please note which VPN you were using, the time at which you tried to connect and your current IP address (which you can find at https://myip.uis.cam.ac.uk/) and include these details in an email to [email protected].