Virtual private network for employees

From WSU Technology Knowledge Base
Jump to navigation Jump to search

Winona State University Information Technology Services provides a secure virtual private network for employees working from off-campus locations. To maintain data security, access to some online systems and services requires a direct connection to our private campus network. Using our virtual private network (VPN), employees working remotely can emulate this direct, private connection and access these services as if they were on campus. Most employees do not need a continuous VPN connection when working remotely. Employees cannot establish a VPN connection using a personally-owned device and must use multi-factor authentication to verify their credentials when connecting to our VPN.

Setting up VPN

Step 1: Install an authenticator app

Winona State University Information Technology Services supports two authenticator apps for use with our VPN:

  • Microsoft Authenticator (recommended): Install this app if you prefer using your phone or tablet to verify your VPN credentials.
  • Authy: Install this app if you prefer using your WSU laptop to verify your VPN credentials.

Step 2: Add your VPN account to your authenticator app

This step must be completed while on the Winona or Rochester campus. Please use Google Chrome to complete this step. There are known issues with other browsers. If using a Winona State University laptop, you must be connected to the Wazoo wireless network. You can also complete this step using your office desktop with a secure wired network connection.

  1. If using a laptop, ensure that it's connected to the Wazoo wireless network wireless network
  2. Use Chrome to go to the VPN enrollment site at
  3. Select the link, "Proceed to set up my StarID for campus VPN access"
  4. Enter your StarID (e.g., ab1234cd) in the Username field and select Submit
  5. Enter your StarID password and select Submit
  6. Click the Add OATH Token button
  7. Click the radio button next to Online then click Add. You will be presented with a QR code and a manual code.
  8. Open your authenticator app. If using Microsoft Authenticator on your phone or tablet, tap Add Accounts, then Work or School account. The app will ask for permission to use your camera, tap Allow. Then, use your phone to scan the QR code on your computer screen. Your account will be added to the app. If you are using Authy, select the "+" icon, copy and paste the manual account code from the VPN enrollment screen to the field in Authy, and select the Add Account button.
  9. IMPORTANT: Select the Done button on your computer screen to complete the enrollment process.
  10. Close and reopen your authenticator to ensure that the Winona online account was added. You will use the rolling code for that account to verify your VPN credentials. Note that you may have other accounts listed in your authenticator app with their own rolling codes.

Step 3: Test your VPN connection

Off-campus: You can now test your VPN connection from off-campus using instructions below for PC or Mac.

On campus: VPN does not work if you are connected to the WSU network (Warrior or Wazoo). You will need to change your wireless network to Eduroam. To log in to Eduroam, use the format of your username and do not enable the connection to reconnect automatically. When you are done testing disconnect your VPN connection.

More articles

External links