University of Regina Logo

Information Services

Configuring VPN Clients

Computing Services Technote #569 v7

Title: Configuring VPN Clients for UofR Secure Connection
Applies to: VPN users
Section: Network
Owner: Network Analyst, Network & Communication Services
Last updated: 16 July 2019

Introduction

A virtual private network(VPN) creates an encrypted connection to the UofR network which allows your computer to appear as though it is "on campus" even though it is not. This allows services that are not available from off campus due to firewall security rules, to be accessed from anywhere in the world.

Only traffic destined to the UofR will flow through the VPN connection - regular internet browsing will not. This note describes the configuration of VPN Clients so that you can securely tunnel to the University of Regina campus from off campus.

VPN Modes

There are two ways to use the VPN:
  1. Web-only Mode - The VPN connection is all handled by the web browser so no additional software is needed. It is primarily limited to typical websites accessible over http or https. Websites using a non-standad port number like https://somesite.test:8080/ will likely not work.
  2. Tunnel mode -  This allows any website, protocol, or service to be accessed but required the installation of a VPN client. 

Web-only Mode Configuration

To connect to a web site complete the following:

  • open a web browser and connect to https://vpn.uregina.ca/ and login with your uregina.ca username and password. You will then see a screen like:

VPN Web Only Mode

  • Click on the Quick Connection button and past the website address into the URL text box(example below) and click Launch
    VPN Web Only Mode
  • A new window or Tab will open in your browser where you can now access the internal UofR website over a secure VPN connection.

If you regularly access a site you can create a bookmark on the main VPN page by clicking on the +New Bookmark button and then filling in the bookmark info. Name is what is displayed for the bookmark when you login and the URL is the web site address. Description is optional.  Once you have create a bookmark you can just click on the icon to access the website. The screen shot below illustrates creating a bookmark for FAST

VPN Web Only Mode

If the application uses a html based login and the same uregina.ca username/password you used to login to the vpn you may be able to set SSO(single sign on ) to Automatic for your bookmark to have your login username and password passed automatically to the web page. Whether this work depends on the details of the web page so just give it a try and it if doesn't work you can always disable it. If it does work and the application returns you to the login page when you logout beware that the vpn will automatically login you in again. To prevent this, close the web browser tab/window after you logout.


Tunnel Mode

For support for all protocol/service types(for example web sites on non-standard ports) installation of a VPN client is required. Instructions are provided below for Windows, MacOS, IOS, and Android systems

Windows 7/8/10 Fortinet SSL VPN Client Installation/Configuration

Installation

  1. Login into your Windows system as administrator - this is necessary for the initial installation of the Fortinet SSL Client.
  2. Open an internet browser and type in https://vpn.uregina.ca/ in the address bar. At the "Please Login" prompt enter your uregina.ca username and password.
  3. Now you will be in the SSL-VPN Portal web page. Click the "Download FortiClient" box in the top left and the choose "Windows".
    VPN Tunnel Mode
  4. This will take you to the FortiClient Download webpage http://forticlient.com/#download
  5. Click "Download" to the right of the page.
    VPN Tunnel Mode
  6. Click the box "Download" beside "Get FortiClient 6.0 for Windows".
    VPN Tunnel Mode
  7. Save the FortiClientOnlineInstaller.exe
    VPN Tunnel Mode
  8. Click the "Run" button and then install the FortiClient by accepting the "License Agreement" and then clicking "Next".
    VPN Tunnel Mode
  9. Click "Install" to install the FortiClient on your windows computer.
    VPN Tunnel Mode

    

 

Configuration

  1. Open the FortiClient by clicking Start | FortiClient | FortiClient. If you use the VPN frequently you may want to create a shortcut on your Desktop (drag FortiClient and drop it on the Desktop to create a shortcut).
  2. This version of Forticlient is much more simpler and easier to use and doesnt come cluttered with older add-ons.
    VPN Tunnel Mode

  3. Click on the check box to acknowledge the terms and conditions of use of the software.
    VPN Tunnel Mode
  4. Click "Configure VPN"
    VPN Tunnel Mode
  5. At the top choose "SSL-VPN"
  6. Connection Name: UofR SSL-VPN
  7. Description: UofR SSL-VPN
  8. Server Remote Gateway https://vpn.uregina.ca
  9. Authentication: Prompt on login
  10. Client certificate: Set to 'None'
  11. Do not Warn Invalid Server Certificate: <leave it unchecked>
  12. Click "Save" to save changes
    VPN Tunnel Mode
  13. Enter your username and password then click "Connect"
    VPN Tunnel Mode
  14. Once configured a menu appears in the menu bar that allows you to easily connect/disconnect:

   vpn-logged in page

  1. Now you are securely connected to the U of R network, and your computer will behave as though it is "on campus". This connection will allow you to securely access applications that are restricted to on-campus use like FAST and URDocs.
  2. When you are done using the VPN to connect to the UofR, you can switch to the FortiClient program and click "Disconnect".


macOS VPN Configuration

* Please note, if your macOS version is older than 10.8 (Mountain Lion), you will not be able to run the FortiClient installer.  Please upgrade your macOS version to use FortiClient VPN.

Installation

  1. Open an internet browser and type https://vpn.uregina.ca/  into the address bar. At the "Please Login" prompt enter your uregina.ca username and password.
  2. Now you will be in the SSL-VPN Portal web page. Click the "Download FortiClient" box in the top left and the choose "Mac".
  3. This will take you to the FortiClient Download webpage http://forticlient.com/#download
  4. Click "Download" to the right of the page.
    VPN Tunnel Mode Mac
    1. Click the box "Download" beside "Get FortiClient 6.0 for Mac OSX".
      VPN Tunnel Mode Mac
  5. In your Downloads folder, double-click FortiClientOnlineInstaller.dmg
  6. In the open window double-click FortiClientUpdate.app and the download of the client will start. Click install once the download has completed.
    VPN Tunnel Mode Mac
    1. In the Welcome window click continue.
    2. In the License window, click Continue, then Agree
    3. In the Installation Type window click the Install and enter your Mac administrator password and click Install Software
    4. In the summary windows click Close.

Configuration

  1. Startup the FortiClient.app found in your Applications folder. 

  2. This version of Forticlient is pretty straightforward click on "Configure VPN" .
    VPN Tunnel Mode Mac

  3. Enter the following in the FortiClient SSL VPN window:

    1. Connection Name/Description/Remote Gateway: vpn.uregina.ca
    2. User name: <your uregina.ca username>
    3. Password: <leave blank to be prompted or enter password to save it>
      VPN Tunnel Mode Mac
  4. Click Save.
  5. Enter your uregina.ca username/password and click Connect to start the VPN connection.
    macvpn
  6. Please note the "System Extension Blocked" notification may appear on certain versions of macOS older than Catalina 10.15, but this doesnt affect the functionality.
  7. Once successfully connected a Disconnect button will appear on the window. You can minimize the window to the dock or close it.
    macvpn6

  8. Once configured a menu appears in the menu bar that allows you to easily connect/disconnect:
    VPN Tunnel Mode Mac
  9. Now you are securely connected to the U of R network, and your computer will behave as though it is “on campus”.  This connection will allow you to securely access applications that are restricted to on campus use like FAST and URDocs.
  10. To disconnect click the VPN applications icon in the dock and select disconnect



iOS (iPhone/iPad) VPN Configuration

  1. On your iOS device, open the App Store and search for 'FortiClient'. Download the App and tap Open.
  2. Tap Connections.
    mac01
  3. Tap Add Configuration.
    mac02
  4. Enter the following information:
    1. Name: vpn.uregina.ca
    2. Host: vpn.uregina.ca
    3. Port: 443
    4. User: (uregina.ca username)
    5. Password: (uregina.ca password)
    6. Tap Save in the upper right corner.
      mac03
  5. Tap the just created VPN connection - a check mark will appear beside it. Then tap Done.
    mac04
  6. Turn on the VPN connection by the slider next to VPN at the top. Status will display Connected if sucessful and the timer will begin to count the connection duration.
    mac05
  7. Now you are securely connected to the U of R network, and your device will behave as though it is “on campus”.  This connection will allow you to securely access applications that are restricted to on campus use like FAST, DOME, and URDocs.
  8. When you are finished using VPN, simply slide the VPN slider at the top back to the left.

Android

  1. Download and install the FortiClient VPN from the Google Play Store
  2. Launch the app. It may warn that Android 4.4.3 is required and warn that an error will occur for earlier versions but the app will still install (worked on 4.4.2)
  3. You will be prompted to enter VPN configuration information:
    1. VPN Name: UofR SSL VPN
    2. VPN Type: SSL VPN
    3. tap Create and enter the following:
      1. Server: vpn.uregina.ca
      2. Port: 443
      3. Username: <your uregina.ca username>
      4. Password: <your uregina.ca password>
      5. Auto Connect: Enabled
      6. Certificate: leave unchanged
      7. Check server certificate: Enabled
      8. now tap the Back button
    4. Tap Connect.
  4. You will get a message "Fortinet VPN is attempting to create a VPN connection". Tap to check I trust this application and tap 
    OK.
  5. A message will be displayed: "This site certificate is not trusted, proceed anyway?" tap Proceed.(NOTE: IS is investigating why Android is not trusting the purchased certificate for vpn.uregina.ca - it is normally a bad idea to trust untrusted certificates)
  6. To close the VPN, launch the FortiClient VPN app and click Disconnect.
  7. To start the VPN in the future, launch the FortiClient VPN app and select the UofR SSL VPN and tap Connect


Revision History

v0, 2013-02-25, Initial version
v1, 2014-05-12, Add MacOS instructions and link
v2, 2014-12-30, Switched Windows/Mac instructions to use FortiClient SSLVPN
v3, 2015-03-19, Enhanced/clarified wording/pictures based on IT Support feedback.
v3, 2015-03-20, Added Android instructions. Thanks go to the desktop support group.
v4, 2015-11-03, Changed Android instructions to indicate only vpn.uregina.ca should be entered(not https://vpn...)
v5, 2016-06-14, Added Windows 10 as working for VPN client
v6, 2017-12-02, Changed macOS instructions to FortiNet Client
v7, 2018-01-02, Changed iOS instruction to FortiNet Client