Home > Service > Network > SRAS > SRAS VPN (Virtual Private Network)
SRAS VPN (Virtual Private Network)
Updated 2022/02/24
SRAS VPN is a service that connects to the campus network from outside the university such as your home or business trip via the Internet.
VPN is called "Virtual Private Network" and is a method of connecting to the campus network via the Internet.
You can use services such as AMI, MyVolume, etc..., outside campus by using SRAS VPN.
* Since May 2020, GlobalProtect has been adopted as a method for securely connecting to the university's network in Coronavirus. This is possible to connect to the university network without the need to apply for SRAS VPN due to AMI. |
Target person | All students & teachers |
Application | AMI |
Services requiring SRAS VPN |
|
Cautions |
Read the cautions carefully and use SRAS VPN properly
|
FAQ |
Connection method and Authentication method
Connection method | GlobalProtect (Recommend) |
You can connect using the app. Compatible with Windows / MacOS X / iOS / Android. |
SSTP | Use TCP port 443 (HTTPS). Basically, it can be connected in an environment where Web communication is possible. Because the connection destination server is authenticated, it is highly secure. The intermediate certificate must be installed with administrator privileges. | |
L2TP + IPSec | Use UDP port 500 and ESP (protocol 50) or UDP port 4500 (NAT traversal). In a NAT / NAPT / LSN environment, if the router (broadband router, etc.) does not have the VPN (IPSec) pass-through function enabled, or UDP ports 500 and 4500 (NAT traversal) cannot communicate, connection is not possible. Also, if these communications are blocked by a firewall or security software, you cannot connect. Since SRAS VPN IPSec uses a pre-shared key (common), there is a risk of man-in-the-middle attacks. | |
Authentication method | MS-CHAPv2 | There is a risk of connecting to a fake VPN server because it does not authenticate the destination VPN server (whether the VPN server is genuine). (Except when using SSTP as the connection method) |
EAP-PEAP | Because it is possible to authenticate the destination VPN server, it is highly secure. The root CA certificate must be installed with administrator privileges. |
Safety by Combination
Connection method | Authentication method | safety |
GlobalProtect(Recommend) | - | ◎ |
SSTP | MS-CHAPv2 | ◎ |
EAP-PEAP | ◎ | |
L2TP + IPSec | MS-CHAPv2 | × |
EAP-PEAP | ○ |
Guide
Connection method | Authentication method | Guide |
GlobalProtect | - | Windows |
MacOS | ||
iOS | ||
Android | ||
SSTP | MS-CHAPv2 | Windows ※ |
EAP-PEAP | - | |
L2TP + IPSec | MS-CHAPv2 |
MacOS ※ |
EAP-PEAP |
※If you want to get the manuals of SSTP / L2TP + IPSec, connect VPN via GlobalProtect to download the manuals or contact us, oshiete@sic.shibaura-it.ac.jp from your University email address.