The VPN client allows you to 'tunnel' all of your traffic to USC over an encrypted, authenticated link which terminates on campus at our VPN concentrator (server). The VPN concentrator decrypts your traffic and forwards to whatever its original destination was, but it changes the source address of your traffic from your ISP assigned address to a private USC assigned address. This way, all of your traffic appears to be coming from on campus and is not limited by our Internet firewall rules.

• How do I enable VPN traffic through my LinkSys router/ cable modem/ etc?
   
  1. Bring the router up to the latest firmware revision (check vendor's web site).
  2. Make sure IPSec Pass Through is enabled on the setup menu in the router configuration.
  3. On the VPN client, turn off the Enable Transparent Tunneling option and make sure the "Statefull Firewall (always on )" option is checked under the client options.
     
     Note: Turning on "Stateful Firewall" may cause other things such as mapping drives or shares on Microsoft Windows machines to break. If this causes problems such as this, go ahead and uncheck it, but be aware that it leaves you vulnerable to some attacks."
      

A useful analogy:
Imagine that you want to send a secret letter to your friend on campus, but you are afraid the mailman will steam open the paper envelope and read the message. You also know that your friend throws away all envelopes from off-campus because she assumes they are either junk mail or they may contain a mail bomb (firewalling). You find out that the University post office offers a service called VPN where you can buy a steel envelope, a home welding kit, and a home Jaws of Life kit. So here is what you do:

1. You go get the kit from the USC post office and they tell you the address of the on-campus post office which will unpack the steel envelope (VPN concentrator.) They also give you an on-campus post office box.
2. You put your secret message in the paper envelope and address the paper envelope to your friend. You put your new on-campus post office box as the return address so she will not throw your message away.
3. You put the paper envelope into the steel envelope and weld it shut (encryption).
4. You address the steel envelope to the on-campus post office and use your home address as the return address. You then drop the steel envelope in the mail.
5. The on-campus post office receives the steel envelope and opens it with the Jaws of Life. They then forward the paper envelope to your friend who thinks it is coming from you on campus, so she opens and reads it.
6. Your friend decides to answer you, and places the answer in a paper envelope addressed to your on-campus post office box.
7. The post office receives the paper envelope and places it in a steel envelope which they address to your home address, with the post office as the return address and sends it through the mail.
8. You receive the answer and open the steel envelope with your home Jaws of Life kit. You open the paper envelope, confident that the mailman has not read your mail.

A few things to note:

1. Once the on-campus post office has opened your steel envelope, whomever is doing the on-campus delivery of the paper envelope could still steam it open and read it before it gets to your friend.
2. If someone breaks into your house (computer) and sends a letter to your friend, they could still insert a mail bomb or a junk mail advertisement. But your friend will trust the source and open it because it looks like it is coming from you. So you need to install an alarm system and lock your doors in your home (personal firewall and anti-virus protection) to prevent this from happening.

What the VPN does NOT do for you:

1. The VPN software does not allow you to remote control a machine or view the desktop of your work machine. You need to purchase other software to do that. The VPN would just securely tunnel the traffic from whatever software you purchase to accomplish this.
2. The VPN software does not map drives for you. You need to log into the VPN and then either map your drives by hand, or, if you use the Novell client at work, install the Novell client at home and log into the Novell network and let that map your drives for you.
3. If you have any questions about how to work from home, ask your System Administrator. The VPN administrators only know how to get your traffic here securely, they don't know systems administration.