FAQ | Information Technology | University of Florida

1. How do I VPN into campus, then RDP to my desktop machine, and then VPN from my remote desktop to access campus resources using tools only installed on my campus desktop machine?

The key to this process is to use the campus-only option with your campus desktop. The following process should work for either general VPN use or departmental VPN services:

Use the anyconnect client on your remote/home device to VPN into campus as you would normally do. This can be a full or campus-only tunnel and use general or department VPN services.
Remote desktop into your Desktop machine.
From your remote desktop, launch the anyconnect client.
When entering your username, use the campus only option:
- For general vpn tunnels, this is username@ufl.edu/campus
- For departmental tunnels, this is username@ufl.edu/dept-campus where dept is the actual name of your departmental tunnel.
Authenticate as your normally do.

This process should allow your RDP session to survive the VPN connection you are building on your campus desktop. If you try to build a full tunnel on your campus desktop, your RDP session will be killed, or the campus desktop will close the anyconnect client.

2. If my Gatorlink account is two-factored, how can I direct the VPN to use a different factor/device other than my default factor/device?

The Gatorlink VPN supports “append mode“

How to use append mode:

Enter your password and the authentication method you want to use, separated with a comma. It will look something like this:

password,authentication_method

In place of authentication_method:

Type...	To...
password,passcode	Log in using a passcode, either generated with Duo Mobile, generated by your hardware token, or provided by an administrator. Examples: "mypass123,123456" or "mypass123,1456789"
password,push	Push a login request to your phone (if you have Duo Mobile installed and activated on your iOS, Android, or Windows Phone device). Just review the request and tap "Approve" to log in.
password,phone	Authenticate via phone callback.

You can also add a number to the end of these factor names if you have more than one device registered. For example, push2 will send a login request to your second phone, phone3 will call your third phone, etc.

3. If I want to allow Gatorlink VPN users to access my services, what IP range(s) should I allow?

On campus, Gatorlink VPN users will be in 10.228.0.0/16. Departmental VPNs are more specific and can be found on the subnet managers list here:

https://net-services.ufl.edu/cgi-bin/subnet-form.cgi

Once VPN traffic leaves campus, it is NATed into UF IP space (128.227.0.0/16) and into the general NAT pools which cannot be distinguished from other NATed traffic such as wireless or wired desktops.