VPN – service
VPN is used when you work off campus and want to reach the KI network and internal resources - such as shared folders on a file server.
On Tuesday, May 30, KI's central VPN service for working off campus is being updated for all users at KI. To start using the updated VPN service, follow the manuals below.
If you work in the Central Administration (UF) you are already using the updated service.
Download the VPN-client and log on using these manuals:
About the updated VPN-service
- The current VPN service is old and disruptively buggy and needs replacing. The updated version will provide a more stable and reliable service.
- The updated service will provide additional protection against unauthorised access and hackers intent on stealing user names and passwords. You will therefore have to ID yourself in two steps when logging in. You first enter your user name and password (as before) and then a one-off code generated by an app – PointSharp - on your mobile or by a pin-code device issued by IT support.
- When connected via the VPN, your computer will function exactly as it does when you’re working on campus. All network traffic to and from your computer passes through the VPN service in what’s called a VPN tunnel. This means that you will be identified as a KI employee and will have direct access to electronic journals and the like with no extra login. If you want to connect to private network equipment (e.g. an external storage device or a network printer) you will have to disable the VPN service.
If you have any questions, please contact IT-support.
Q & A on KI’s updated VPN service
1. What is KI’s VPN service?
KI’s VPN (Virtual Private Network) is used to gain access to KI’s network and internal resources, such as shared folders on a file server, when working outside the KI campus, e.g at home or when travelling.
VPN is a means of creating secure links or “tunnel” between two points on a non-secure computer network (internet, Wi-Fi, etc.) – in this case between your computer and KI’s internal resources.
2. How do if know if I have KI’s central VPN?
The central VPN service uses the Cisco AnyConnect client. When you start the VPN client (and use the central VPN) you’ll see the following box with the address vpn.ki.se under “Ready to connect”.
If your VPN client does not look like this or if another address appears in the “Ready to connect” window you’re not using KI’s central VPN service and you’ll not be affected by the new update.
3. Why the update?
KI’s current VPN has been around for years and the central hardware (i.e. the servers providing the service) is outdated and must be replaced as it causes disruptions and malfunctions.
The new hardware has already been installed and has been in use by the University Administration since November 2016. Once all KI users are connected to the new hardware, the old will be dismantled.
Tighter security with full VPN tunnel
The updated VPN service extends KI’s network to wherever you happen to be, which means that you’re connected up to it as if you were physically on campus. Put simply, it’s as if you’ve run a network cable from KI to your laptop, no matter where in the world you are.
With a full VPN tunnel, you’re identified as coming from KI when you communicate with external services (e.g. publishing or journal services).
This increases security as your unit (laptop) cannot be used as a backdoor into KI’s internal networks by unauthorised individuals trying to access them from units able to connect to your own computer at such places as internet cafés, airport lounges and other universities – as they are able to do with the old VPN solution.
Two-step authentication for greater security
Data loss is one of the greatest risks facing KI today, and research data must be protected. The updated VPN service therefore has a two-step login process in which you’ll have to identify yourself twice with a one-off code. This gives greater protection against hackers’ intent on stealing usernames and passwords.
4. How does full VPN tunnel work?
The updated VPN service has a so called full VPN tunnel. This means that all network traffic to and from your computer passes through the VPN service in what’s called a VPN tunnel and this is a safer way of transferring data when you work away from your office, lab or clinic etc.
The VPN service extends KI’s network to whatever your location might be, which means that you’re connected as if you were physically on campus. Put simply, it’s as if you’ve run a network cable from KI to your laptop, no matter where in the world you are.
Please note. Services which you can reach today without using VPN, e.g Internet and the web mail, will continue to be reachable in the same way as before, without VPN.
As the VPN tunnel creates a connection to KI:s internal network resources, it shuts down other local network resources for security reasons. This means you have to disconnect the VPN service to reach local network resources, such as a network printer or an external storage device
5. How do I print at home?
If you need to print something on your private network printer when connected through the VPN, you will have to save the document on your local hard drive and disable the VPN after that. You will then be able to print it out as normal. USB printers will be working as usually.
Which operating system (OS) do I need on my PC/Mac to be able to use the VPN client Cisco AnyConnect (version 4.3)?
PC: You need Windows 7 SP1 or later versions. The VPN client do not work on XP which is obsolete and unsecure. Mac: You need Mac OS X 10.9 or later versions.
Which version of iOS do I need to have on my iPhone to be able to download the PointSharp app?
You need iOS 8 or later versions.
Which version do I need on my Android to be able to download the PointSharp app?
You need Android 1.6 or later versions.
7. Two-step verification
What is Two-step verification?
Two-step verification means that you have to ID yourself twice in order to log in and access KI’s resources via the VPN. You’ll first enter your user name and password and then a one-off code generated by an app on your mobile.
Two-step verification is much more reliable in ensuring that the right users are accessing our IT system. It involves three personal elements: what you are (your KIID), what you know (your password) and what you have (a one-off code from the PointSharp app on your mobile).
8. First login with Two-step verification
How do I download the app onto my phone?
Make sure that you have registered your mobile number in My pages in KimKat. All mobile numbers entered into the system are automatically hidden. The first time you log in to the new VPN service you’ll receive an automatic text message to your mobile with a link and an activation code. See our manuals above for more details.
I don’t have an Apple ID or Google account connected to my KI mobile. What do I do?
You can use your private Apple ID or Google account, create a new one with your KI mail address, or create a new mail address. Follow the instructions on your mobile. Do not use your KI password for your Apple ID or Google account.
I use a private mobile. Will it still work for me?
You can download the app to any mobile.
I don’t have a Swedish number, can I download the app anyways?
It’s only possible to insert Swedish numbers in KimKat, so instead you will get a link with the activation code via mail. Please open the the e-mail on your mobile phone.
I’ve only received the email – how do I get the app onto my phone?
If you can read your KI mail in your phone, you’ll see that the email contains a link. Open and read the message on your mobile and click on the link. If you happen to open the mail and click on the link on your computer, you’ll need to download the app via your phone’s app store. Search for PointSharp and download it (do not confuse it with PointSharp pin).
I’ve not received a text or a mail. What do I do?
Contact ITemail@example.com for help, please also check your junk mail or spam folder.
I accidentally deleted the text message with the activation code. What can I do?
Please contact ITfirstname.lastname@example.org for help.
I didn’t get an email.
If you have your mobile number registered in My pages in Kimkat, you’ll receive a text message rather than an email. Otherwise if you haven’t received an email, check your junk or spam folder. Look for the sender line KI Secure Login Service [mailto:email@example.com].
If you don’t find it, contact ITfirstname.lastname@example.org for help.
I’ve entered my one-off code, but can’t log in. What do I do?
Downloading, installing and activating the app takes longer than the time for which the code window is active. This means that your first attempt to log in can fail and you will have to log in again. Enter your user name and password in the VPN AnyConnect client again and click on the update symbol (two arrows forming a ring) in PointSharp to get a new code. Enter the code and you will be logged in.
I can’t read mails on my mobile. How do I download the app?
Search for PointSharp in the App Store or Play Store and install it. (Do not install PointSharp pin). Then use the activation code you’ve got via mail.
Does the app PointSharp cost anything?
No, it is free of charge.
Do I need internet connection to get the one-off code?
No, there are a large amount of codes already downloaded in the app.
What kind of company is PointSharp?
PointSharp AB is a Swedish company with over 1,000 customers, including Sveriges Riksbank and the Swedish armed forces.
9. I don’t have a mobile – how do I get hold of the one-off code?
If you don’t have a mobile but need to work off campus outside of your usual workplace, you can order a separate pin-code device from the IT support in order to generate the one-off code. The device is personal and must be collected by you in person on presentation of your ID as it is a security record. If you are in need of a pin-code device, please fill out the order form (download the form here) and send it to the IT support. They will get back you when the pin-code device can be collected at the IT support at Administrationshuset, Nobels väg 5, Campus Solna or at the IT support at Campus Flemingsberg.
10. My Pages in KimKat
Before you can receive a text message with the link to the PointSharp app you’ll have to register your mobile number in My Pages in KimKat (in case it is not registered yet).
What do I need to do?
Please register your mobile or check that the mobile registered is correct. You need to be working on the KI network or be connected via the old VPN-service to log in to KimKat.
- Go to http://kims.ki.se/kims/faces/start.xhtml and select “Review visible details”
- Go to “KI-mobile phone”
- Select “Add telephone” and enter your mobile number ( 07x xx xxx xx).
- Click on “Review changes” at the bottom of the page and confirm.
Please note that your mobile number will not be visible to others.
If your mobile number does not appear in My Pages, you will instead receive the installation message via email. Please open the email on your mobile. If you cannot find the email, please check your folder for junk e-mails.
I have a private mobile that I use at work, but I don’t want my number to be visible. What do I do?
PointSharp can be installed on any mobile, it doesn’t have to be a KI phone. You can easily use your private phone. All mobile numbers entered or updated in My Pages in KimKat are hidden by default and are not visible. If you don’t want your mobile number to remain in KimKat once you’ve started using the app, you can delete it after having received the text message.