SRAS VPN - SIT Center for Science Information

Home > Service > Network > SRAS > SRAS VPN (Virtual Private Network)

SRAS VPN (Virtual Private Network)

Updated 2022/02/24

SRAS VPN is a service that connects to the campus network from outside the university such as your home or business trip via the Internet.

VPN is called "Virtual Private Network" and is a method of connecting to the campus network via the Internet.

You can use services such as AMI, MyVolume, etc..., outside campus by using SRAS VPN.

* Since May 2020, GlobalProtect

has been adopted as a method for securely connecting to the university's network in Coronavirus. This is possible to connect to the university network without the need to apply for SRAS VPN due to AMI.

Target person	All students & teachers
Application	AMI
Services requiring SRAS VPN	S gsot（Registration, etc） AMI Assignment submission folder （ShareFolders） SIC Drive 2021/03/31 End of service Download server（\\ download2.sic.shibaura-it.ac.jp \ download） Links with mark in web.sic.shibaura-it.ac.jp
Cautions	Read the cautions carefully and use SRAS VPN properly We cannot answer questions regarding the connection environment or settings at home or on business trips. Please solve the problem yourself by referring to the manual / web of the connected device. Depending on the Internet connection environment you are using, the VPN remote access service may not be available. If the communication required for VPN connection is blocked by the security software, you may need to change the settings of the security software. If you are using a broadband router, etc., and VPN pass-through and PPTP pass-through settings are disabled, you may not be able to connect. Please check the instruction manual of your broadband router.
FAQ	You can't access S*gsot（Windows10) Will SRAS VPN disconnect after a certain amount of time?

Connection method and Authentication method

Connection method	GlobalProtect (Recommend)	You can connect using the app. Compatible with Windows / MacOS X / iOS / Android. If the application cannot be installed, it cannot be used.
	SSTP	Use TCP port 443 (HTTPS). Basically, it can be connected in an environment where Web communication is possible. Because the connection destination server is authenticated, it is highly secure. The intermediate certificate must be installed with administrator privileges.
	L2TP + IPSec	Use UDP port 500 and ESP (protocol 50) or UDP port 4500 (NAT traversal). In a NAT / NAPT / LSN environment, if the router (broadband router, etc.) does not have the VPN (IPSec) pass-through function enabled, or UDP ports 500 and 4500 (NAT traversal) cannot communicate, connection is not possible. Also, if these communications are blocked by a firewall or security software, you cannot connect. Since SRAS VPN IPSec uses a pre-shared key (common), there is a risk of man-in-the-middle attacks.
Authentication method	MS-CHAPv2	There is a risk of connecting to a fake VPN server because it does not authenticate the destination VPN server (whether the VPN server is genuine). (Except when using SSTP as the connection method)
Authentication method	EAP-PEAP	Because it is possible to authenticate the destination VPN server, it is highly secure. The root CA certificate must be installed with administrator privileges.

Safety by Combination

Connection method	Authentication method	safety
GlobalProtect(Recommend)	-	◎
SSTP	MS-CHAPv2	◎
SSTP	EAP-PEAP	◎
L2TP + IPSec	MS-CHAPv2	×
L2TP + IPSec	EAP-PEAP	○

Guide

Connection method	Authentication method	Guide
GlobalProtect	-	Windows
		MacOS
		iOS
		Android
SSTP	MS-CHAPv2	Windows ※
SSTP	EAP-PEAP	-
L2TP + IPSec	MS-CHAPv2	MacOS ※
L2TP + IPSec	EAP-PEAP	iOS/Android ※

※If you want to get the manuals of SSTP / L2TP + IPSec, connect VPN via GlobalProtect to download the manuals or contact us, oshiete@sic.shibaura-it.ac.jp from your University email address.