Use Stanford's remote access virtual private network (VPN) to create a private encrypted connection over the Internet between a single host and Stanford's private network, SUNet.
Stanford's VPN allows you to connect to Stanford's network as if you were on campus, making access to restricted services possible. There are two types of VPN available:
- Default Stanford (split-tunnel) allows access to anything at stanford.edu via the VPN connection but non-Stanford traffic flows normally on an unencrypted internet connection.
- Full Traffic (non-split-tunnel) encrypts all internet traffic from your computer but may inadvertently block you from using resources on your local network, such as a networked printer at home.
- When using VPN, your off-campus computer is dynamically assigned a Stanford IP address to connect back to Stanford's network.
- A Stanford IP address allows you access to Stanford's computing resources and certain campus services (e.g., departmental file and print servers).
- Cisco AnyConnect Start Before Logon
Faculty, staff, and students
- An active SUNet ID
- Windows 8 SP1 and later
- Mac OS X 10.9 and later*
- iOS 10 or later
- Android OS 6.0 or later
*Note for Mac High Sierra (10.13): When you log in to the Cisco AnyConnect VPN, you may be prompted to upgrade to a new version of software. If you choose to upgrade, you'll see a System Extension Blocked alert directing you to go to System Preferences > Security & Privacy to allow the extension. The approval field is only present in the Security & Privacy preferences pane for 30 minutes after the alert. If the extension is not approved with in 30 minutes the software will not function correctly.
Select your operating system to see the VPN configuration instructions for your device:
Note: if you are experiencing DNS issues, you can *temporarily* configure your VPN client to connect to the Stanford VPN directly via IP address: 22.214.171.124
- Do I need VPN to access Stanford systems remotely?
Many commonly used Stanford applications and services are available directly from the Internet without the use of VPN. While VPN does encrypt your data in transit, nearly all of the web-based applications you access already default to secure https communication, and are therefore already encrypted.
Examples of commonly used Stanford services which do not require VPN:
- Office 365
- Oracle Financials
- Cisco Jabber
- Google Drive
- G Suite
University IT (UIT) recommends that you do not enable your VPN connection unless the server or application that you are trying to access requires a VPN connection. Using VPN adds unnecessary additional overhead, which may degrade the user experience while connected, especially for video conferencing, streaming services, or applications.
- How can I tell if I need to use VPN?
Many secure servers within the Stanford University network do require the use of VPN. There is no published list of these servers, but it is easy to quickly determine whether the server/system you are attempting to connect to requires VPN with this simple test: try performing daily duties without the VPN enabled. If you cannot access a service, enable the VPN and try again.
- I need to enable VPN. Do I use the split-tunnel or full-tunnel profile?
If you do require a VPN connection, UIT recommends that you use the split-tunnel profile rather than full-tunnel. The split-tunnel profile enables the Internet-bound traffic to flow directly outbound via your home ISP, without first going to the Stanford VPN, and then route to the Internet. This also ensures better performance overall. Please remember that when using the full-tunnel profile, all traffic from your system routes first through the Stanford VPN and then out to the Internet.
- How do I access restricted library journals from off-campus?
Stanford University Libraries (SUL) updated the method by which authorized community members access restricted journals from off-campus.
Rather than using Stanford's VPN (Virtual Private Network), SUL wants community members to use its EZProxy service: http://library.stanford.edu/using/connect-campus/ezproxy-alternative-campus-access