Re: Questions about your VPN

[Eric Hays <erichays () ILLINOIS EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> Who do you allow on your VPN (fac, staff, students, IT)?

Everyone with an account can access our VPN.

> How many profiles do you have (one for each above, more granular)?

Four, not restricted to user category, as follows:

TunnelAll - tunnels all traffic through our VPN
TunnelAll_Duo - same as above with Duo required to connect
SplitTunnel - tunnels campus traffic through our VPN
SplitTunnel_Duo - same as above with Duo required to connect

> Do you require two-factor authentication?

Only on the Duo profiles.

> Do you require a managed workstation to access the VPN?

No.  This would be infeasible, given that we allow everyone to use the
VPN and that most of them are doing so from personally-owned devices.

We are currently rolling out 2FA to campus and we are encouraging our
campus IT Pros to restrict things to the Duo profile IP ranges, but
since many of those services are accessible from off-campus without
VPN use, this is a hard sell.

- -- 
Eric Hays
IT Security Analyst
Privacy and Information Security
Technology Services at Illinois
University of Illinois at Urbana-Champaign
PGP Fingerprint:
C6F9 BFA9 C134 AB9A 66E3
21B5 42D0 22BA 4346 9D28

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJX/QVDAAoJEELQIrpDRp0ocQEIAJSyoVHNeV6poGsvVrX0oG5y
pWXBpRCiHDB/PUvUqgwZ4Us6KlOASvoITb/XmZOvv+vAD39q5WISjNB/7QuRaNzp
ciTbPI7FZcecVLQA1Q1/mXqT8hkZj+m7z+LNdRjsiceTVJSXNuaTU6WwK3Dut9Oi
LPRm5oHOSx+SASy0xK08NZ6/U46jBetzU8xdbthykcTsTcl3Aou405oxrGloGwZt
f0EFDr9X9r2vPc9vh/Th+HRb9SERNuZCKOLujGR+zyw2uh+l+u6jcbho0mThWyk2
LL8I3TAC3Y86W2+W8WVuMkQnM9F/ivi8U8m5v21jLdbVlkJ74jlKh4yXT6zxvQo=
=AYzV
-----END PGP SIGNATURE-----