Pilot CUHK VPN Add-On Service for Online Teaching and Learning Activities - Updates on Apr 28, 2021

Background

  • Unstable CUHK VPN connection reports have been received from users in Mainland China starting Oct 1, 2020
  • This article aims to provide an overview of the current status and some workaround identified for the moment.

CUHK VPN

  • For the VPN server address vpn.cuhk.edu.hk, 137.189.192.201 and 137.189.192.204, reduced number of connections from China was observed

CUHK VPN (with Add-On Service supported by Huawei Cloud)

  • VPN connection still can be established by using VPN server IP 139.9.74.177 or 124.71.114.73
  • Multiple retries might be needed before connecting successfully

Common issue (1) [Windows]

  • Server no response error (windows)

  • Press windows key + R, type “regedit” to run


  • Check and verify in

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\

Value for ProhibitIpSec should be 0


\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\

Value for AssumeUDPEncapsulationContextOnSendRule should be 2


Reboot the machine and try again if the value in Windows Registry changed.

  • If ProhibitIpSec does not exist, please create one under \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\

    If AssumeUDPEncapsulationContextOnSendRule dosen’t exist, please create one under \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\

    and set the values as suggested above,

    and then restart the computer,

    and test again with the CUHK VPN Add-on IPs ( 139.9.74.177 or 124.71.114.73 ).

  • Make sure

    \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\

    Value for ProhibitIpSec should be 0

    \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\

    Value for AssumeUDPEncapsulationContextOnSendRule should be 2

Common issue (2)

  • Credentials error:

  • Please make sure your credentials are accurate,
    and then try to login with password in the form of "[OnePass],[DUO 6digit token]",
    please be noted that there is a comma in between,

Common issue (3) [Mac]

  • Miscellaneous errors [Mac]:
  • Create a new VPN profile with VPN type "CiscoIPSec",  
    then retry with the CUHK VPN Add-on IPs ( 139.9.74.177 or 124.71.114.73 ) as the Server Address.
    P.S. Other fields remains the same as setting up CUHK VPN.

             

Alternative services

  • Besides the L2TP/IPsec CUHK VPN solution above, you may also consider the following to access some of the learning materials in the internet.

Alternative service (1): CUHK SSL VPN

  • CUHK SSL VPN for CUHK network restricted website, https://www.itsc.cuhk.edu.hk/all-it/wifi-and-network/ssl-vpn/
  • This is a split tunneling solution i.e. only CUHK network website will go through this VPN,
    while other destination e.g. google, twitter remain using original ISP route.
  • It can help you to access CUHK on-campuse resources/services requiring a CUHK VPN connection.

Alternative service (2):

  • If you are travelling from HK to Mainland China, please consider preparing an HK SIM card with data roaming service in Mainland China as a backup arrangement.

Alternative connection method for L2TP/IPsec CUHK VPN 

  • Connect to CUHK SSL VPN first,
     and then connect to the L2TP/IPsec CUHK VPN using CUHK VPN address / IPs (vpn.cuhk.edu.hk, 137.189.192.201 or 137.189.192.204 )