VPN - JHU

INTRO

Several JHU IT-based resources require your computer to be connected to the JHU network for access. For example, JHU-located share drives and certain JHU websites/services. If you're outside of JHU, for instance, at home or at a hotel, you are not on the JHU network, and therefore, cannot access the JHU Network-only resources.
Enter the VPN. A VPN (Virtual Private Network) is a way to access resources of another network, for example, your business's network, without physically residing on that network. You can connect to a VPN from home/mobile, and it will look to your computer and to the business server as if you were on the business network, even if physically, you're not.
JHU hosts its own VPN. The JHU VPN will allow JHU users' home/mobile/etc. computers who are outside of the JHU network to connect to JHU as if they were physically on campus.


Connecting to the JHU VPN

STEP 1: Setting Up Multi-Factor Authentication

JHU now requires Multi-Factor Authentication (MFA) to access some of its services... including the JHU VPN. JHU is now using Microsoft Azure for providing JHU's Multi Factor Authentication service.
(Besides this page we're providing you, WSE IT has put together a document discussing MFA here as well.)
You will need to visit the Azure MFA Resource Center's Enrollment Page to enroll.
That page and its video will show you how to enroll your JHED ID with the Azure MFA. The video is very helpful in explaining the process. You are encouraged to watch it all the way through.

Authenticators

As part of the MFA setup process, you will end up having to choose an authenticator method to use. There are several authenticator methods:
  • Text your phone: When JHU needs your code, they will text your phone with the code that you will use to enter into whatever prompt they send you.
  • Use an app/program: Alternatively, you can choose to install an authenticator program on your computer (or phone.) The authenticator, when run, will provided a 6-digit number to enter when you are prompted at JHU for your code. JHU suggests you use the Microsoft Authenticator App (for Windows) to generate that numerical code. You can download Microsoft Authenticator according to instructions from the enrollment process video. Additionally, you can choose to run other authenticators to run (under Windows) instead, including a program called WinAuth. Macs, Androids and IPhones have various authenticators available as well.
Please install your Authenticator program before continuing.
NOTE: If you want to change your authenticator method or manage your MFA at some point, please first visit the main Azure MFA page and then click on Manage Azure MFA.

You will need your MFA configured in order to access the JHU VPN in the next step.

NOTE: If you have any issues with setting up Multi-factor authentication, you should contact JHU IT's support helpdesk by phone at 410-516-HELP.


STEP 2: Installing and Running the JHU VPN Client Program, JH Pulse Secure

Please visit the JHU VPN Resource page.
Once there, Under VPN Quick Links on the right, choose Request VPN Access. It's possible you might already have VPN access (and if you think you already do, you can skip below the next step.)
Next, below the VPN Quick Links section on that page, you'll find VPN CLient Installs (for New VPN Installs). Click on the operating system you're downloading for. This will download the Pulse Secure software that will run on your computer as your gateway to the JHU VPN.
Install the Pulse Secure package.
Run the Pulse Secure program. The following is for a Windows systems running Pulse Secure. Other operating systems may be similar.
  • Look for Connections.
  • If for some reason, there are no connections listed, follow the steps directly below...
    • Click on the + symbol right next to the word Connections.
    • The + sign opens up the Add Connections section.
      • Leave the Type as is.
      • Give the VPN connection a Name (e.g. JHU VPN), just so you can identify it.
      • Then, enter in the Server URL (which is basically, the VPN address. Use vpn.jhu.edu
      • Now, click Add, and you should have a new connection ready to go.
  • Choose the JHU VPN from your list of connections.
    • Click Proceed
    • You will be prompted for your JHED credentials. Enter them.
  • You'll see Enter code". This is where you need your MFA Authenticator code from Step 1 above. So, depending how you set up your MFA, you might receive a code via Text or you might need to run your Authenticator program (e.g., Microsoft Authenticator, WinAuth, etc.) and enter in the 6-digit code it provides you. Once you enter that code, Pulse Secure will complete making the VPN connection.
  • When you are done for the work day, go back to the Pulse Secure App and click Disconnect.
    • Note that when you are on the VPN, you are now passing all your computer's network traffic through JHU before it goes out to the rest of the Internet. When you are done using the VPN, disconnecting from Pulse Secure will allow your computer's network traffic to run through your ISP's network directly out to the Internet (as it normally does.)


NOTE: If you have any issues with installing the JH Pulse Secure client on your computer, you should contact JHU IT's support helpdesk by phone at 410-516-HELP.


Changing your default JHU VPN authentication Method

By default, the new JHU VPN (hosted by Microsoft Azure) seems to make texting your phone the way to provide you a code to use to connect to the VPN. Some users might want to change this to using an authenticator app (e.g., WinAuth or similar) instead, as it was before JHU moved to using Azure.
To change your default authentication method, simply log into https://aka.ms/mfasetup Once logged in, you'll see a list of your authentication options, and you can change the default option to using a Hardware Token (Authenticator App) instead of the Phone (text) option.