Skip to main content

Search this Site

DartPulse Alerts

Chrome Printing Issues

 

DartPulse Outages

Overall System Status:

Upcoming Scheduled Outages

New to Dartmouth?

Resources for:

Information Security

Connect with ITS

facebook twitter Wordpress Blog

Using the Juniper VPN

Choosing the Appropriate Type of VPN Connection

There are two types of VPN connections for securely accessing resources on the Dartmouth network:

  1. The first method uses a client to encrypt network traffic between your computer and servers on the Dartmouth network. To use this first type of access method go to https://gateway.dartmouth.edu/.
  2. The second method uses an encrypted Web browser session to access services on the Dartmouth network. To use this second type of access method go to https://webgateway.dartmouth.edu/.

There are different reasons for using each connection method. Using the client based "gateway" method requires the installation of a client onto the local machine and the use of Java on the local computer in order to take full advantage of VPN. This method provides a full on-campus-like connection when working remotely. Follow the instructions found in Starting the VPN below if you need a full VPN connection.

If you only require access to Web-based services such as the Library Web site, use the "Webgateway" method as it does not require the use of a full client or Java in order to connect to services on the campus network. All network traffic through the Webgateway service will be encrypted as long as you work within the same Web browser session that you used when connecting to "webgateway". Opening a new browser session will not provide encryption as it works outside of the secure connection provided by Webgateway. Follow the instructions found in Obtaining a Secure Connection without Starting a VPN Connection below if you need a VPN connection in order to access a specific web site that requires a VPN connection, or one that doesn't use the HTTPS protocol and you want the information encrypted as it is transmitted from your web browser to the Dartmouth network.

Starting the VPN

To make a VPN connection using your NetID and password, go to https://gateway.dartmouth.edu/.

When asked, enter your Dartmouth credentials and answer a security question. These will appear sequentially on three web pages. You will be prompted for your NetID, your password, and an answer to a security question. The first time you run this application a small plug-in will automatically be installed, or you will be prompted to run a script from "Juniper Networks, Inc." Go ahead and allow it to install. The full Junos client also requires that Java be installed and enabled on your system.  You can download the latest version of Java from http://www.Java.com

When the connection is complete, a "Junos Pulse" window will be displayed. Click Hide to reduce this to the system tray (Windows) or minimize this window to the dock (Macintosh). As long as the Junos Pulse icon appears in your system tray or dock you will have a VPN connection. You can close/quit your web browser now. You do not need to click the Start button.

Top of page

Using the VPN

Once you have seen the "Junos Pulse" window showing that a connection has been established, you would use your computer as you normally would. However, all information that is sent from your computer is now transmitted in an encrypted format.

You can move your computer from a wired to a wireless connection, or from subnet to subnet with ease. You'll just get prompted to re-establish the connection with one click once you get into a new subnet.

If you are using the Juniper VPN from a location other than the Dartmouth network, the network administrator's may ask "which port" Juniper is using. The Juniper VPN uses port 4500 initially; if it can't make a connection using that port, after 5 seconds it switches to port 443 which is a generic SSL port.

You cannot have a VPN connection running from two different machines at the same time using the same user credentials or have two different VPN connections running at the same time (e.g., the DHMC VPN and Dartmouth's Juniper VPN). If you need to establish VPN connections to two different locations, see Obtaining a Secure Connection Without Starting a VPN Connection below.

Top of page

Stopping the VPN

To disconnect from the VPN, open the Junos Pulse that was minimized to your system tray or dock and click Disconnect.

Top of page

Obtaining a Secure Connection Without Starting a VPN Connection

If there are specific web-based systems that you always use that you would like to connect to securely, without starting the Dartmouth VPN, go to https://webgateway.dartmouth.edu/. This is especially useful for people who need to be running another VPN system to connect to other systems (e.g. Dartmouth staff who work on the DHMC campus and need the DHMC VPN to connect to DHMC systems or those folks accessing resources from off campus on a machine that they cannot install the Juniper VPN software.)

If you have a valid Dartmouth certificate on an eToken, and it is currently available to your computer, you will automatically log into the WebGateway. (Please note that this link will not work for certificates that are stored on a hard drive. It only works for those certificates stored on an eToken.)

If you do not have a certificate on an eToken, enter your NetID and password. This is the same user name and password that you use to log into your Dartmouth e-mail account.

The first time you run this application a small plug-in will automatically be installed, or you will be prompted to install it.

If your login has been set up, there may be some systems that already appear on this web page that you can access by clicking on the link. If you want them to open in a separate window, click the link on the far right side of the window.

Please note that if you use Webgateway, only those applications that you start from the Webgateway window will be secured. If you open another browser window, or start an application outside of the Webgateway window, the Webgateway will not be encrypting any of the information you transmit.

You can add additional items to this list for your own use:

  • To add a bookmark to a web-based application, in the Web Bookmarks section, click the plus sign that appears on the right hand side. In the Bookmark Name field enter the name that you want to appear in your Web gateway list for this connection; in the URL field enter the complete URL for the application you are adding. Click Add Bookmark. Now, whenever you log into Webgateway, this new bookmark will appear.
  • To add a bookmark to a terminal-based application, in the Terminal Sessions section, click the icon of the computer with a plus sign that appears on the right hand side. Enter the appropriate information for the terminal session you are creating, then click Add. Now, whenever you log into the Web gateway, this new link will appear.

Top of page

Running Two VPN Connections at the Same Time

In some instances, you may need to make a VPN connection from two computers at the same time. To make a VPN connection from a second computer, simply connect as normal. You may be connected from up to ten devices simultaneously, though multiple VPN connections from a single device are not supported.

Top of page

Setting Up a Meeting

The Juniper VPN system can be used to conduct a meeting via the Web. You can create a "Meeting" in Juniper, then send a link to the meeting to anyone you want to attend. They do not need to be in the DND. They click on the link you sent them and are prompted to join the meeting.

To create a meeting, start a VPN connection following the steps above. Then, rather than closing your browser window once the connection is established, click the Meeting icon found on the right side of the tool bar. Click New Meeting.

In the General Information section, make a note of the password that has been assigned to this meeting. Then in the General Information section and Date and Time section, enter the information as it pertains to the meeting you are creating. In the Invitees section, in the Add Other Users section, enter the complete e-mail address of the person you want to invite to the meeting (e.g., john.a.doe@dartmouth.edu) then click Add. Click Finish when you are done setting up the meeting and adding invitees. Anyone listed as an invitee will receive an e-mail informing them of the meeting and giving them the URL. You will need to send the password for the meeting separately to the invitees.

When the time for the meeting arrives, start a VPN connection following the steps above, then click the Meeting icon. The meeting you created will appear in the calendar. Click Start Meeting, then Start Meeting. Click Sharing and select the application(s) you want to share with the other people who join the meeting.

When the meeting is done, select Meeting then End Meeting from the menu bar.

Top of page

Remote Controlling Another Computer

The Juniper VPN system can be used to view a remote computer, or to take control of that computer. Only Dartmouth faculty and staff with valid DND accounts can use our Juniper system to remote control another computer.

To access another system, start a VPN connection following the steps above. Then, rather than closing your browser window once the connection is established, click the Meeting icon found on the right side of the tool bar. Click Instant Meeting. Send an e-mail containing the meeting URL and password that is displayed on the screen to the person whose computer you want to access. Ask them to go to that URL then enter their name and the password you provided. They will need to click Join then Join Meeting. Once they do, their name will appear in the meeting window. To take control of their computer, click their name in the Meeting window, then click Presenter. Click their name again and click Request Control. A message will appear on their computer asking if they want to allow you to control their computer. They need to click Share My Desktop to allow you to have control of their computer. You will then see everything on their computer that they are currently seeing, and can use your computer to update items on their computer. Once they click on their computer they will regain control of their computer.

The remote user can also gain control of your computer. In their Meeting window, they can click the Request Control button to gain control of your computer. If they do this, a message will appear on your computer asking if you want to allow them to control your computer. Click Share My Desktop if you want them to have control of your computer. They will see everything on your computer that you are currently seeing, and can use their computer to update items on your computer. Once you click on your computer you will regain control of your computer.

When you are finished with the remote control session, select Meeting from the menu bar, then End Meeting.

Top of page

Known Issues with VPN

Currently there are two known issues that several Macintosh users have reported with the VPN:

1. Safari doesn't run the Junos Pulse client. This is due to Safari's enhanced security settings. To correct the problem, with the Finder as the active application, from the Apple menu click System Preferences. Double click Java. Click the Security tab, then click the Edit Site List button. Enter https://gateway.dartmouth.edu/ and click Add. Safari should now allow you to connect to the VPN.

2. The VPN client connects fine, but you are unable to access any network resources. This is due to the VPN software being incompatible with other VPN connections running on the same computer. In particular, we have seen issues with the "Back to my Mac" feature of iCloud which automatically creates a VPN connection with Apple. To resolve this issue:

    1. disconnect the Dartmouth VPN connection;
    2. disable "Back to my Mac" by clicking System Preferences then iCloud then removing the check from Back to my Mac;
    3. reconnect the Dartmouth VPN.

If you are seeing other issues, contact the IT Service Desk so that we can work with you to resolve them. Many different components that may be unique to your computer/group can interact with the VPN connection. We would need to isolate the component that may be causing your issue.

Top of page

 

Last Updated: 9/30/14