Keywords:


 


The VPN-secured wireless network
at Indiana University

Policy Departments can operate their own wireless Ethernet, but it must be secured to prevent unauthorized use of the IU network. Beginning in June 2001, UITS offers a centralized mechanism for securing wireless. Departments can choose to allow UITS to manage its wireless equipment using this security system. The equipment must be supported by UITS (as of 6/01Lucent 500 and 1000 and Cisco Aeronet access points were supported). The access point must have a dedicated data jack, that is, it cannot be connected via a hub or switch.

If departments choose to manage their own wireless network, it must be secured in the manner specified in the document http://www.indiana.edu/~uits/telecom/data/wirelesspol.html

Protocols

The VPN-secured wireless network places all secured wireless access points on a campus (currently IUB and IUPUI campuses) on a single subnet use VLAN technology. The only router off the subnet is a VPN server. Use of the VPN server requires authentication using an ADS account, the successor to the IUB and IUPUI NT domain accounts. Once authenticated, traffic between the wireless laptop and the VPN server is encrypted with an encryption key unique to the user.

The protocol currently supported by the VPN server is the Point-to-Point Tunneling Protocol (PPTP). MS-Chap v2 is the strongly recommended authentication protocol, but MS-Chap v1 is supported for Macintosh clients.

Current Status The VPN-secured wireless network is undergoing final testing by UITS staff and will be a production service sometime in June 2001.
Knowledge Base The IU Knowledge Base has articles describing how to install the PPTP software. Go to the KB (http://kb.indiana.edu/) search for "VPN" and pick the article referring to your operating system.
Problem analysis, problem reporting

Once you have installed the PPTP software as outlined in the Knowledge Base, you should be able to create a PPTP "tunnel session" with the VPN server. If you cannot, check that your wireless card is in communication with the wireless access point. If you are communicating with a wireless access point, make sure it is one that is on the VPN-secured wireless network. If it is, the network name your wireless client reports will be IUB-Secure or IUPUI-Secure. If this is the case, you may want to call the IUB support center at 855-6789 or the IUPUI support center at 274-4357 for help.

Advanced users may wish to check a few more items. For starters, determine that you received a DHCP lease using Start\Run\Ipconfig or Winipcfg. If so, see if you have DNS services via the command "nslookup www.cisco.com. Also, see if you can ping the VPN gateway: iub-wireless-vpn.indiana.edu or iupui-wireless-vpn.iupui.edu, depending on your campus

Required Software To use the VPN-secured wireless network, you must install PPTP software on your laptop. For information on obtaining and installing PPTP clients, search the Knowledge Base for "VPN" for details.

University Information Technology Services
UITS
Home
Telecommunications Services
Telecom
Services
Data Network Home
Data Network
Home