SSL VPN Service

Pre-requisite:

• DUO Two Factor Authentication (2FA) must be enabled

Set up and Connect CUHK SSL VPN with

• Android ()
• iOS  ()
• Windows  (, )
• Mac  (, )

Details of CUHK SSL VPN

• Hostname: intranet.cuhk.edu.hk
• Max connection session: 12 hours with 1 hour idle time out

Additional Resources

• Comparison of CUHK VPN and SSL VPN services

Benefits

• Protect your sensitive information transferred online
• Avoid lengthy idle time and moderate IP addresses usage
• Prevent network resource abuse by prohibiting multiple logins to CUHK VPN / ClassNet
• Unify access restriction methods on CUHK online resources. System developers therefore can restrict their resources by asking users to connect to SSL VPN with email address (staff: name@cuhk.edu.hk , students: student-id@link.cuhk.edu.hk) + OnePass (CWEM) password.

Services Require VPN Connection

• The following central IT resources or services require a campus network connection when you’re outside CUHK.
  • CUHK Restricted Webpage at http://www.cuhk.edu.hk
  • CUPIS – CU Personnel Information System
  • CUSAP Financial System
  • IOPAS – Integrated Outside Practice Administration System
  • SPUS – Staff Profile Update System
  • SSAS – Staff Superannuation Administration System
  • ITSC managed Research Computing Platforms (Newcluster, AVES, GAIA)
  • Kaspersky anti-virus download center
  • Camtasia registration list
  • RDP (Remote Desktop Protocol) – policy
  • SMB (Server Message Block) – policy
  • Wake-on-LAN
  • ITSC Computing Account Application and Management System
• Access ClassNet, a wired network in CUHK classrooms
• For department IT services, please consult related departmental IT support.

• When using CUHK VPN service, users are subject to the following policies:
  • Wired Network Use Policy for General Users
  • Wireless LAN (Wi – Fi) Acceptable Use Policy and Guidelines
  • Computer Network – Policies and Guidelines on Access and Usage
• No concurrent access to VPN is allowed regardless of the connection methods – through ClassNet, ResNet or non-CUHK connection. This mechanism insures the fair share of network resources.
• The maximum connection duration of CUHK VPN is 12 hours. Idling for 1 hour will trigger timeout.
• There will be suspension of access to CUHK VPN / campus network if ITSC observes abnormal network traffic from your device / account.

• You may experience an unstable VPN connection and even fail to connect from Mainland China even followed all steps correctly. Most of the University systems do not require a VPN connection. You can do your email, access eLearning system, browse CUHK websites, etc. through any Internet connection. Please check out services that require a VPN connection.
• For MacOS / iOS / iPadOS: With the network policy in Mainland China, you may not able to download the SSL VPN client (Aruba VIA) from Apple App Store. Please download the app before you go to the mainland. You can then connect to SSL VPN in the mainland.
• Kaspersky Endpoint Security 11 blocks SSL VPN (Aruba VIA) Connection on MacOS 11.3.1 or before:
  For Mac running MacOS before 11.3.1, SSL VPN Login will prompt error “Fail to resolve Server name” or it does not prompt window for user authentication.  Please update the MacOS to its latest version to resolve this problem.
  Reference: ITSC Knowledge Base