Background
- Unstable CUHK VPN connection reports have been received from users in Mainland China starting Oct 1, 2020
- This article aims to provide an overview of the current status and some workaround identified for the moment.
CUHK VPN
- For the VPN server address vpn.cuhk.edu.hk, 137.189.192.201 and 137.189.192.204, reduced number of connections from China was observed
CUHK VPN (with Add-On Service supported by Huawei Cloud)
- VPN connection still can be established by using VPN server IP 139.9.74.177 or 124.71.114.73
- Multiple retries might be needed before connecting successfully
Common issue (1) [Windows]
Server no response error (windows)
- Press windows key + R, type “regedit” to run
- Check and verify in
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\
Value for ProhibitIpSec should be 0
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\
Value for AssumeUDPEncapsulationContextOnSendRule should be 2
Reboot the machine and try again if the value in Windows Registry changed.
- If ProhibitIpSec does not exist, please create one under \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\
If AssumeUDPEncapsulationContextOnSendRule dosen’t exist, please create one under \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\
and set the values as suggested above,
and then restart the computer,
and test again with the CUHK VPN Add-on IPs ( 139.9.74.177 or 124.71.114.73 ). Make sure
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\Value for ProhibitIpSec should be 0
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\
Value for AssumeUDPEncapsulationContextOnSendRule should be 2
Common issue (2)
- Credentials error:
- Please make sure your credentials are accurate,
and then try to login with password in the form of "[OnePass],[DUO 6digit token]",
please be noted that there is a comma in between,
Common issue (3) [Mac]
- Miscellaneous errors [Mac]:
- Create a new VPN profile with VPN type "CiscoIPSec",
then retry with the CUHK VPN Add-on IPs ( 139.9.74.177 or 124.71.114.73 ) as the Server Address.
P.S. Other fields remains the same as setting up CUHK VPN.
Alternative services
- Besides the L2TP/IPsec CUHK VPN solution above, you may also consider the following to access some of the learning materials in the internet.
Alternative service (1): CUHK SSL VPN
- CUHK SSL VPN for CUHK network restricted website, https://www.itsc.cuhk.edu.hk/all-it/wifi-and-network/ssl-vpn/
- This is a split tunneling solution i.e. only CUHK network website will go through this VPN,
while other destination e.g. google, twitter remain using original ISP route. - It can help you to access CUHK on-campuse resources/services requiring a CUHK VPN connection.
Alternative service (2):
- If you are travelling from HK to Mainland China, please consider preparing an HK SIM card with data roaming service in Mainland China as a backup arrangement.
Alternative connection method for L2TP/IPsec CUHK VPN
- Connect to CUHK SSL VPN first,
and then connect to the L2TP/IPsec CUHK VPN using CUHK VPN address / IPs (vpn.cuhk.edu.hk, 137.189.192.201 or 137.189.192.204 )