SSL VPN Service

Secure Sockets Layer Virtual Private Network (SSL VPN) provides CUHK staff with a secure remote access to on-campus resources over an Internet connection. Once connected, all traffic for accessing on-campus resources go through the VPN tunnel. The rest traffic goes through your original Internet connection.

The SSL VPN service provides an alternate secure VPN connection for end users. DUO Two Factor Authentication (2FA) is mandatory in using this service.

Available to

Staff & students

Service Charge and Application

Free; Pre-requisite: account must be enabled with 2FA

Service Availability

24 X 7; except maintenance period

1. Installing SSL VPN Client to Use SSL VPN

Pre-requisite:

DUO Two Factor Authentication (2FA) must be enabled

Set up and Connect CUHK SSL VPN with

Android ()
iOS ()
Windows (, )
Mac (, )

Details of CUHK SSL VPN

Hostname: intranet.cuhk.edu.hk
Max connection session: 12 hours with 1 hour idle time out

Additional Resources

Comparison of CUHK VPN and SSL VPN services

2. Benefits

Benefits

Protect your sensitive information transferred online
Avoid lengthy idle time and moderate IP addresses usage
Prevent network resource abuse by prohibiting multiple logins to CUHK VPN / ClassNet
Unify access restriction methods on CUHK online resources. System developers therefore can restrict their resources by asking users to connect to SSL VPN with email address (staff: name@cuhk.edu.hk , students: student-id@link.cuhk.edu.hk) + OnePass (CWEM) password.

3. Services Require VPN Connection

Services Require VPN Connection

The following central IT resources or services require a campus network connection when you’re outside CUHK.
- CUHK Restricted Webpage at http://www.cuhk.edu.hk
- CUPIS – CU Personnel Information System
- CUSAP Financial System
- IOPAS – Integrated Outside Practice Administration System
- SPUS – Staff Profile Update System
- SSAS – Staff Superannuation Administration System
- ITSC managed Research Computing Platforms (Newcluster, AVES, GAIA)
- Kaspersky anti-virus download center
- Camtasia registration list
- RDP (Remote Desktop Protocol) – policy
- SMB (Server Message Block) – policy
- Wake-on-LAN
- Changing Email Alias or Email Address http://cai.itsc.cuhk.edu.hk/alias
- ITSC Computing Account Application and Management System
Access ClassNet, a wired network in CUHK classrooms
For department IT services, please consult related departmental IT support.

4. Policy and Guidelines

When using CUHK VPN service, users are subject to the following policies:
No concurrent access to VPN is allowed regardless of the connection methods – through ClassNet, ResNet or non-CUHK connection. This mechanism insures the fair share of network resources.
The maximum connection duration of CUHK VPN is 12 hours. Idling for 1 hour will trigger timeout.
There will be suspension of access to CUHK VPN / campus network if ITSC observes abnormal network traffic from your device / account.

5. Known Issues

You may experience an unstable VPN connection from mainland China with the gradual upgrade of China’s Great Firewall. Most of the University systems do not require a VPN connection. You can do your email, access eLearning system, browse CUHK websites, etc. through any Internet connection. Please check out services that require a VPN connection.
For MacOS / iOS / iPadOS: With the network policy in Mainland China, you may not able to download the SSL VPN client (Aruba VIA) from Apple App Store. Please download the app before you go to the mainland. You can then connect to SSL VPN in the mainland.
Kaspersky Endpoint Security 11 blocks Aruba Connection on MacOS:
Aruba will prompt error “Fail to resolve Server name” or it does not prompt window for user authentication. Please close Kaspersky and then connect to SSL VPN.
Reference: ITSC Knowledge Base