ERNA VIRTUAL PRIVATE NETWORKING SERVICE
DESCRIPTION OF THE SERVICE
Via the university network (EURnet), Erasmus University Rotterdam offers various services reserved for staff and students of EUR. Services outside the EURnet are sometimes not available. This particularly applies, for example, to consulting various information databases of the Library.
To enable staff and students to utilize these facilities via the public Internet, a new service has been organized: the ERNA Virtual Private Networking, or ERNA-VPN. By establishing a connection to EUR, the computer becomes a component of the EURnet network as it were, enabling use of non-public services.
The ERNA-VPN service is based on technology that enables users to establish a secure connection (a so-called secure tunnel) to the university network (EURnet). The security is attained by authenticated users (based on ERNA user names and passwords) before establishing the connection. Further, there are safeguards to ensure that all data exchanged with individual users are keyed to a level of security whereby, in principle, eavesdropping or hacking of connections is not possible.
Through the VPN connection, the response times for slower connections will be slightly poorer. We therefore recommend use of the VPN connection only when necessary. In a technical sense, users appear to be working with or from an EUR IP address. You should make allowances for the fact that you may not be able to utilize some (protected) services of your own provider, if you have an open VPN connection to the EURnet.
The ERNA-VPN service offers various methods for setting up a VPN connection:
- Point-To-Point Tunnelling Protocol (PPTP)
The Point-To-Point Tunnelling Protocol (PPT) is generally considered to be a de-factor standard. The ERNA-VPN service only support authentication for MS-CHAPv2. This entails the most popular operating systems for workstations, such as Windows 2000 and XP. These are standard features of the aforementioned required software. Users only need to do the configuration. PPTP is available for all University employees and students without pre-registration.
- IP Security (IPsec)
IPsec is an open (Internet) standard for VPN. Vis-à-vis PPTP, it offers a high-grade level of security. To use IPsec within the ERNA-VPN it is necessary to install software on the user’s workstation. Due to the special use of the IPsec-VPN client, for the time being, requests for this are part of the second-line support of decentralised helpdesks. IPSEC VPN is intended for special purposes and therefore only available for University employees. This service can be used on request (stating any of your reasons)
- The advantage of PPTP is that users do not have to install special software. Further, the security level is generally considered sufficient for most applications.
- The IPsec method offers a higher level of security and is therefore more suitable for applications for which confidentiality is important. In this regard, it would be worthwhile considering the latter for implementing activities for system management remotely, consulting extremely confidential information, doing financial transactions and the like.
The regulation "Use policy for computer and network facilities of the Erasmus University" applies to the use of the aforementioned facilities. In perspective of this, you should explicitly make sure that you have installed anti-virus software on your computer. Please refer to the manuals for other uses and preconditions.
FIREWALL OR ROUTER CONFIGURATION
If you use a personal firewall or a broadband router, or if there are routers or firewalls between the VPN client and the VPN server, the following ports and protocol must be enabled:
Client ports: 1024-65535/TCP
Server port: 1723/TCP
Enable: IP PROTOCOL 47 (GRE)
For information about your firewall or router configuration, and to confirm that your firewall or your router will pass these ports and protocol, contact the manufacturer of your device or your VPN server administrator.
FSW staff and students
For staff and students of the FSW a special tool is available.
You are responsible for configuring the VNP-client from your home workstation. You will find the necessary instructions at that site. If you have any questions about the facilities or any failure reports, you should contact your (decentralised) faculty helpdesk.
INSTALLATION AND USER MANUALS (PPTP)
Windows7 installation manual:
Click here for Windows7 installation manual
Windows Vista installation manual:
Click here for Windows Vista installation manual
Windows 2000 installation manual:
Click here for Windows 2000 installation manual
Windows XP installation manual:
Click here for Windows XP installation manual
Mac installation manual (not supported by the EUR):
Click here for Mac installation manual
Ubuntu 10.x Maverick Meerkat installation manual (not supported by the EUR):
Click here for Ubuntu installation manual (dutch)