Open Browser at http://undvpn.und.edu. Enter you University username and password. On windows, the VPN will install automatically. On Linux, you need to download the install program and manually install it. More information is available at the Aerospace Web site.

In the Summer of 2020, the University changed the VPN configuration to require two-factor authentication. Like most information technology decision at the University or State level, this decision was done without any data to back the “feeling” that it is necessary to improve security. While have two methods for authorization can improve security, any required security procedure should be reviewed in term of how it is implemented in practice. Two-factor authorization requires more work on the user's part, so the real question to address before implementing this requirement is, “Does the practical benefit of two-factor authorization provide benefits that are greater than the cost of the additional work of users?”. No information on this question was provided to users when announcing two-factor authorization requirement. Only stating that the change was done for “security” reasons. This is an example of what people mean when they indicate that they want more “transparency” from the University administration. Transparency is not being informed of decision to add two-factor authorization for a general reason like “security”; but, is being provided with the cost-benefit analysis that went into the decision. In fairness to “transparency”, I expect there was no analysis done at the University or State level. I expect a vendor justified raising the cost of their product/service by indicated they are providing a more “secure” produce; hence, all that can be done to justify the additional work required by users is to repeat the vendor's line that “this increases security”.

One reason for assuming no analysis was done for requiring two-factor authorization is the limited, and in places incorrect, information provided on how to use two-factor authorization. This lack of information indicates how little is understood by them and requires more time on the user's part to figure out the new system. Hence, provided here is information on using the University's two-factor authorization, which requires a second method of authorization. The university's help page on using two-factor authorization for VPN access assumes you should request (put in und for the second password) this second authorization when you make a VPN login request. When you try to connect, an authorization request is sent to your North Dakota University System registered DUO app (put in und for the second password) device, typically on a smart phone. The university information page incorrectly states that you are doing the authorization when connecting; however, the authorization does not happen until later. They understand so little about two-factor authorization that they are unwilling to correct this incorrect information on their site when it is point out to them. If you need to use the DUO app anyway for authorization, why not just start there. Hence, you can easily provide the authorization at login by:

• Log into your DUO software on your smart phone or other device.
• Select (Press) the North Dakota University System item. Unless you are using for another system, this will be the only one it the site. This provide you the “second” limited use 6 digit number/password.
• Open the VPN, type in your username in top field, your University password in top (first) password field, the Duo software provided 6 digit number in the bottom (second) password field.
• Select connect to start/connect using the VPN. Nothing else is required.

One piece of incorrect information provided initially at the University/State level to users on two-factor authorization is that it is only needed to access servers. However, I repeated find that if I start the VPN to access a server, and then the VPN drops (only 10 hours time limit so will drop overnight), then all Web sites hosted on the University network will give a network time out. Seems that it is too much work, or their network is incorrectly configured so it not possible, for the University information technology people to configure the network traffic to Web servers to not go through the VPN. Hence, to access even simple Web Sites (for example this page) you need to use the VPN.

I hope this information helps the users that are now required to use two-factor authorization for the University of North Dakota VPN. While ticket request to improve VPN two-factor authorization have not be successful, I will try to a ticket request on how to use a USB key instead of the Duo app 6-digit password for two-factor authorization and post results here.

Ubuntu Linux: In a terminal window type “sudo apt-get install network-manager-openconnect network-manager-openconnect-gnome”. The root password will need to be entered. Open 'Network Connections' and go to 'Add Network Connection'. From the drop down menu select 'Cisco AnyConnect Compatible VPN (openconnect)' and create. Connection name = UND, Gateway = undvpn.und.edu. SAVE. Open 'Network Connections', VPN Connections and select UND. Log in with UND username and password.

Redhat 6 Linux: Best to use the Cisco AnyConnect VPN Client. Download from undvpn.und.edu. Install using the ./vpnsetup.sh script. Once installed, rurn AnyConnect <Applicatioins><Internet><Cisco AnyConnect VPN Client>. Enter UND username and password.

Fedora 16 Linux: Need to manually download and install program from site. After installation the Cisco Anyconnect launcher should appear in the menu (On Fedora, under Internet). Need to connect to undvpn.und.edu. Under Fedora 16, get the following error:

AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network.

Since Cisco Anyconnect did not work used openconnect under Fedora 16. Need to use Gateway undvpn.und.edu. Not Certificates are needed.

Windows 7: Ensure you have the latest version of Java software installed. The manual VPN install does not work under Windows since there is a profile that need to be installed. Need to use the automatic install. Also, people have reported that the automatic install does not work under Firefox so do the automatic install using Internet Explorer.