Home  >  Service  >  Network  >  SRAS  >  SRAS VPN (Virtual Private Network)

SRAS VPN (Virtual Private Network)

Updated 2021/05/29

 

SRAS VPN is a service that connects to the campus network from outside the university such as your home or business trip via the Internet.

VPN is called "Virtual Private Network" and is a method of connecting to the campus network via the Internet.

You can use services such as AMI, MyVolume, etc..., outside campus by using SRAS VPN.

 

* Since May 2020, GlobalProtect has been adopted as a method for securely connecting to the university's network in Coronavirus. This is possible to connect to the university network without the need to apply for SRAS VPN due to AMI.

 

Target person All students & teachers
Application AMI 
Services requiring SRAS VPN
Cautions

Read the cautions carefully and use SRAS VPN properly

  • We cannot answer questions regarding the connection environment or settings at home or on business trips. Please solve the problem yourself by referring to the manual / web of the connected device.
  • Depending on the Internet connection environment you are using, the VPN remote access service may not be available.
  • If the communication required for VPN connection is blocked by the security software, you may need to change the settings of the security software.
  • If you are using a broadband router, etc., and VPN pass-through and PPTP pass-through settings are disabled, you may not be able to connect. Please check the instruction manual of your broadband router.
FAQ

 

Connection method and Authentication method

 

Connection method GlobalProtect
(Recommend)

You can connect using the app. Compatible with Windows / MacOS X / iOS / Android.
If the application cannot be installed, it cannot be used.

SSTP Use TCP port 443 (HTTPS). Basically, it can be connected in an environment where Web communication is possible. Because the connection destination server is authenticated, it is highly secure. The intermediate certificate must be installed with administrator privileges.
L2TP + IPSec Use UDP port 500 and ESP (protocol 50) or UDP port 4500 (NAT traversal). In a NAT / NAPT / LSN environment, if the router (broadband router, etc.) does not have the VPN (IPSec) pass-through function enabled, or UDP ports 500 and 4500 (NAT traversal) cannot communicate, connection is not possible. Also, if these communications are blocked by a firewall or security software, you cannot connect. Since SRAS VPN IPSec uses a pre-shared key (common), there is a risk of man-in-the-middle attacks.
Authentication method MS-CHAPv2 There is a risk of connecting to a fake VPN server because it does not authenticate the destination VPN server (whether the VPN server is genuine). (Except when using SSTP as the connection method)
EAP-PEAP Because it is possible to authenticate the destination VPN server, it is highly secure. The root CA certificate must be installed with administrator privileges.

 

Safety by Combination

 

Connection method Authentication method safety
GlobalProtect(Recommend) -
SSTP MS-CHAPv2
EAP-PEAP
L2TP + IPSec MS-CHAPv2 ×
EAP-PEAP

 

Guide

 

Connection method Authentication method Guide
GlobalProtect -  Windows
 MacOS X
 iOS
 Android
SSTP MS-CHAPv2  Windows   ※
EAP-PEAP -
L2TP + IPSec MS-CHAPv2

 MacOS  ※

EAP-PEAP

 iOS/Android  ※

 ※If you want to get the manuals of SSTP / L2TP + IPSec, connect VPN via GlobalProtect to download the manuals or contact us,   oshiete@sic.shibaura-it.ac.jp   from your University email address.