Carnegie Mellon University

How to Use a Virtual Private Network (VPN)

Which Option?  |  Install On Mac or Windows  |  Install on Mobile  | Troubleshoot

When you connect your computer or mobile device to a CMU Virtual Private Network, your device will act as if it's on campus. This means you'll be able to securely access CMU resources even when you’re out of the country.

VPN connections are encrypted, which make them more secure than connecting from public Wi-Fi or even from your home network.  The VPN takes your computer's request and sends it to a website or system. The requested data is then forwarded back to you through that same secure connection.

At CMU, we use the Cisco AnyConnect Secure Mobility Client to connect to the network through VPN. You have two choices when connecting to VPN.

What VPN option do I need?

Option 1: Campus VPN

What it is:
The Campus VPN is a split-tunnel VPN. Basically, that means that your connection is only encrypted when you're using campus resources.

When to use:
If you are learning and working remotely, but only need to access some CMU resources, such as shared network drives, ACIS services (SIS, DecisionCast, HRIS), or library systems, Campus VPN is the solution for you.

Option 2: Full VPN

What it is:
Full VPN is just like being on campus. All of your online activity is encrypted and redirected through the CMU network.

When to use:
This is the perfect solution for Library licensed resources, such as ArtSTOR, NetLibrary ebooks, and AP Photo Archive. International students may wish to use the Full VPN option to ensure a smooth experience and access to all university resources.


Important!
You may notice decreased performance when connecting to this option as all of your activity will be tunneled through the CMU network.

Install and Connect on Mac and Windows

Install

  1. Uninstall any previous versions of the Cisco AnyConnect Secure Mobility Client.
  2. Download the Cisco AnyConnect Secure Mobility Client.
  3. Double-click the downloaded file to run the installer.
  4. Follow the onscreen instructions to install.
  5. Uncheck all the boxes except VPN for Installation Type.
  6. If prompted, enable the AnyConnect System Extension and allow content filtering by following the on-screen prompts.

Connect to VPN

  1. Connect to the internet.
  2. Open Cisco AnyConnect Secure Mobility Client.
  3. Enter vpn.cmu.edu and click Connect.
  4. Click the Group drop-down and choose the VPN option that best suits your needs.
  5. Enter your Andrew userID and password.
  6. Authenticate with 2fa (DUO).
  7. Click OK

Disconnect VPN

  1. To end your VPN session, open the Cisco AnyConnect Secure Mobility Client.
  2. Click Disconnect.  

Install and Connect on Mobile

Install

  1. Uninstall any previous versions of Cisco AnyConnect.
  2. Install Cisco AnyConnect app from the Apple App Store or Google Play Store.
  3. Open the Cisco AnyConnect app.
  4. Select Add VPN Connection.
  5. Enter a Description, for example, CMU VPN and the Server Address vpn.cmu.edu.
  6. If prompted, allow the changes.
  7. Click Save.

Note: Mobile VPN updates and versions do not coincide with Windows and Mac installations. All mobile updates are managed through the App Store, not the university's software update process.

Connect

  1. Open the Cisco AnyConnect app.
  2. Select the connection you added, then turn on or enable the VPN.
  3. Select a Group drop-down and choose the VPN option that best suits your needs.
  4. Enter your Andrew userID and password.
  5. Authenticate with 2fa (DUO).
  6. Tap Connect.

Disconnect VPN

  1. To end your VPN session, open the Cisco AnyConnect app.
  2. Tap Disconnect.  

Troubleshoot Cisco AnyConnect 

If you are experiencing difficulty connecting to VPN, verify the following:
  • You are connected to the Internet.
  • You entered vpn.cmu.edu as your VPN.
  • You are logging in with your Andrew userID and password.

If you are still unable to connect, consider the following:

  • Make sure your antivirus or firewall allows AnyConnect. You may need to temporarily disable your antivirus or firewall to determine if a connection can be established.
  • Review the sleep settings on your computer. All VPNs rely on an active Internet connection. When your computer goes to sleep, it may automatically be disconnected from VPN.
  • Uninstall or disconnect from other VPN apps. If you are currently running another VPN app, this may conflict with the Cisco AnyConnect Secure Mobility Client.
  • Uninstall SSH TectiaRemove the app from your computer or mobile device and then reinstall using the Typical installation method.
  • Uninstall Cisco AnyConnect. Remove the app from your computer or mobile device, delete your Cisco profile, and reinstall AnyConnect.

Note: Do not enable proxy servers or Internet connection sharing for network devices when using Cisco AnyConnect software.

You may not see the VPN prompt while on iOS or macOS devices. One of the following will happen:

  • Error message - You cannot browse this page at "duo.com" because it is restricted.
  • Gray box displays instead of the DUO prompt.

This is an issue with content restrictions. Follow the appropriate steps below to allow VPN.

  1. Go to Settings > Screen Time > Content & Privacy Restrictions > Content Restrictions > Web Content on the device.
  2. Uncheck Limit Adult Websites to completely disable content restrictions.
    If you do not want to fully disable content restrictions, allow duosecurity.com within the Content Restrictions option. This will allow the DUO prompt to display even if content restrictions are enabled.
  1. Go to Settings > General > Restrictions > Websites.
  2. Uncheck Limit Adult Content to disable content restrictions.
    If you do not want to fully disable content restrictions, allow duosecurity.com within the Specific Websites Only option. This will allow the DUO prompt to display even if content restrictions are enabled.
  1. Open System Preferences. 
  2. Select Screen Time > Content & Privacy. 
  3. Set Web Content restrictions to Unrestricted Access.
    If you do not want to fully disable content restrictions, allow duosecurity.com within the Allowed Websites Only option. This will allow the DUO prompt to display even if content restrictions are enabled.

Note: If you are opening Screen Time for the first time and haven't set up this feature, you will be prompted to set up the phone for yourself or a child and have the option to set a passcode.