Migration Notice: LegacyVPN is undergoing a migration to Cisco's ASA VPN. Please refer to https://isea.utoronto.ca/services/vpn/utorvpn/ for documentation on the new service.

Technical

1. Everything seemd to install OK under Windows , and I am able connect to LegacyVPN. However, when I browse the internet it seems as if I am not on the UofT network. Library sites still ask me for a password, and resources I expect to be able to access are still forbidden. What is wrong?
You must use the "Run As" feature to start up the LegacyVPN with Administrator privileges. Being logged in as administrator is not sufficient for OpenVPN to work. This can be done by right-clicking on the icon on your desktop and choosing the "Run As" option, and selecting a user with administrative rights to your computer.

2. When I try to run the VPN, there is an error message in my log file saying: "WARNING: Your certificate has expired!"
Your certificate has reached its expiry date. Please recreate your configuration file by visiting the secure site at https://vpn.utoronto.ca/. Follow the instructions for installing your configuration file.

3. When I try to run the VPN, there is an error message in my log file saying: "SSL_CTX_use_certificate:ca md too weak"
Your certificate is out of date. Please recreate your configuration file by visiting the secure site at https://vpn.utoronto.ca/. Follow the instructions for installing your configuration file.

4. OpenVPN fails to start and I see the following entry in the log file:
Options error: Unrecognized option or missing or extra parameter(s) in utorvpn.ovpn:25: tls-remote (2.4.0)
Newer versions of OpenVPN don't support an old configuration file. If you see this error, you will need to edit your configuration file. You can do this by:
  • Windows: Right click on the OpenVPN icon in the task bar and select "Edit Config".
  • MacOS (Tunnelblick): Click the Tunnelblick icon in the task bar, and select "VPN Details...". On the configurations tab, click the gear icon in the lower left corner and choose "Edit OpenVPN Configuration File..."
You will need to replace this line:
tls-remote UTORvpn-Server
with this:
verify-x509-name UTORvpn-Server name

General

5. Who has access to the LegacyVPN service?
Currently this service is only available to staff, faculty and graduate students.

6. What Windows versions does OpenVPN run on?
Windows Vista and later.

7. What versions of Unix does OpenVPN run on?
Linux, OpenBSD, FreeBSD, NetBSD, and Solaris.

8. Does OpenVPN run on Macintosh platforms?
Yes, OpenVPN runs on Mac OS X 10.4 (Tiger) through 10.10 (Yosemite). It is also supported on iOS devices.

Signup

10. I am trying to log into the website with my barcode number and keep getting refused access. Why is that?
You must have a UTORid to use the LegacyVPN service. Please consult this page to find out how you can obtain your UTORid: http://utorauth.utoronto.ca/?page=get_utorid

11. I'm using my UTORid and password to log in, and they even work over at my.utoronto.ca, but I'm being rejected here. Why is that?
Please visit this page: https://www.utorid.utoronto.ca/cgi-bin/utorid/verify.pl and "verify" your UTORid. Then come back here and try again.

12. When trying to download, I get a message telling me that the installer could not be created because the source file could not be read. What's wrong?
This is a problem with the Netscape browser, specifically version 7.1. If you use a different browser like Mozilla Firefox or Internet Explorer, you will be able to download your installer. [To read more about Firefox, click here]

Operation

13. Which internet traffic is routed through the VPN when I am connected?
When you are connected to LegacyVPN, all of your internet traffic will be routed through the UofT network.

14. My connection to LegacyVPN fails, and there is a line in the log file saying "TLS Error: TLS handshake failed". What should I do?
Your keys are being rejected by LegacyVPN because a newer copy of them exist on the server. Go back to the download site and download your configuration-only installer. Once you install that package, you will have no problems connecting to LegacyVPN.

15. I am running OpenVPN under either Unix or MacOS X, and when I start the service from the command line I get the following after entering my username and password: "FAILED -> utorvpn.ovpn not connected ..."
You must run the OpenVPN service with root privileges.

16. When I try to run the VPN, I get an error message telling me that "All TAP-Win32 adapters on this system are currently in use." What can I do to fix this?
Please make sure that the LegacyVPN network adapter is active. You can do this by looking in your "Network Connections" under the Control Panel. Find the one that is associated with a TAP-Win32 adapter and check to see if it is deactivated. If so, you can re-activate it by right clicking on the network adapter icon.


If you have a question that is not answered here, email it to vpn@utoronto.ca. In the email, please attach a copy of your log file.

last updated 2013/07/18 15:11:35: v. 1.2