Using the VPN Web Portal

Web Portal

The VPN Web Portal serves as both the method for downloading the AnyConnect client and a way to use the VPN without having to install the client.  This section is going to focus on the latter.

 

Known Issues

Platform

Issue

Details

Resolution

All Platforms

Duo option doesn't display after logging in with username and password

A browser extension might be interfering with the Duo script or iframe that displays after logging in.

Known extensions to interfere with Duo on vpn-lb:

Google Chrome - Snipandshare 0.1.57

Load the browser into safe mode / private browsing / incognito mode. This should disable all extensions/plugins (unless specifically configured to keep extensions enabled in this mode) and allow authentication with Duo. You could also disable/remove the offending extension.

Windows

Smart Tunnel on Chrome for Windows isn't working

Smart Tunnel requires Java. Chrome Browser for Windows doesn't include Java. Smart Tunnel will not run unless these requirements are met.

Use a different browser that will work with Java or use the AnyConnect Client instead.

macOS

Smart Tunnel on Mac displaying "No Such File!" errors

Smart Tunnel on Mac works by downloading a .jnlp file with a hard link to the specified application. This application is attempted to launch via a tunneled java session. If the application doesn't exist, or isn't in the exact location expected, users will receive an error stating "Failed to Launch Smart Tunnel for __ No Such File!"

The application needs to be installed or may be in a different file path than expected.

macOS

Smart Tunnel on Mac for "MicrosoftRemoteDesktop" application not responding

When the Microsoft Remote Desktop.app program is launched via the Smart Tunnel .jnlp file, the application successfully launches, but the window doesn't appear and the application goes into a non-responsive state.

The application must be force closed. Users are advised to download and install the older Remote Desktop Connection for Mac application instead.

 

Logging In

The web portal is reached by going to: https://vpn-lb.asc.ohio-state.edu

vpn web address

When you go to the VPN-LB address, you will be automatically redirected to one of the individual nodes.

individual node

At the logon page, you will need to enter your ASC username and password. The Group should be set to "ASC-VPN."

VPN service logon page

The VPN requires two factor authentication using OCIO's Duo service. If you have successfully authenticated to your ASC account, the Duo page will show up next. Alternatively, enter a generated token/passcode here.

Duo authentication screen

The Home Page

Once logged in, the home page will appear. From here you can get to any of the web portal's functions. Some bookmarks from the portal's various sections will appear on the home page.

Instead of relying on the built in bookmarks, you can also manually enter web pages and file servers in the URL field and click the Browse button. For File Servers, you will need to select CIFS from the dropdown. For secure-websites that will not redirect you automatically, you may need to select HTTPS from the drop down. This URL field is available on many of the web portal's sections.

vpn web portal homepage

 

Web Applications

The Web Apps section is where all internet bookmarks are located.

Many of these bookmarks are pre-set to log you in automatically using the credentials you supplied when you logged in to the VPN.

VPN web services page

 

Once you have arrived at your destination, there will be a small toolbar at the top right or left of the site. This will allow you to return to the VPN portal, enter a different site, or log out of the VPN. Note that while surfing the web, you will still see the address of the VPN node in the browser's address field.

Toolbar

DO NOT type a web address into the browser's address field.  If you do that, you will be navigating away from the VPN.

eprofile.osu.edu with vpn web portal

Browse Networks

In this section, you can browse file shares that support CIFS (most do). You can either use one of the bookmarks or manually type a server name into the field.

browse networks page

Once you have navigated to a file share, you can browse around the folder structure and download, upload, and rename files as needed. You cannot edit files directly in the web portal.

fieshare

AnyConnect

From this section, you can install or start up an already installed AnyConnect client.

AnyConnect page

For further guidance on installing the AnyConnect client, go to that page in the AnyConnect section. The "Start AnyConnect" link will use Java to either start or install the client. Be aware that it may not properly detect success and instead report failure. In Windows, you can look for the AnyConnect icon in the system tray in the bottom right, or the application may pop up when Java starts it. On macOS, the system icons, including AnyConnect, appear in the upper right.

  1. If it fails, you will be given a link to download the AnyConnect client for the platform you are currently on.
  2. If it succeeds, AnyConnect should install without having to download the installer and manually running it.

Application Access (i.e. Smart Tunnels)

Smart Tunnels are a means by which the web portal can create a one-off VPN tunnel for a specific application. The application must be configured for use by the VPN administrators.

At the time of this writing, Putty (SSH/Telnet client), the Windows Remote Desktop client (mstsc.exe), and Microsoft Remote Desktop.app are all supported with Smart Tunnels.

application access page

When you click the button to "Start Smart Tunnel," you should get a Java warning. Click "Run."

Java warning

You will be asked to confirm that you want to allow the VPN to tunnel traffic for you.

confirm vpn

Once the Smart Tunnels are established, you will see an icon in the system tray. Only traffic from the supported apps will go through this tunnel.

smart tunnel icon

Details

Article ID: 49396
Created
Thu 3/1/18 3:30 PM
Modified
Tue 3/6/18 4:25 PM