How do I use the VPN with Duo?

Overview

This article covers using the University of Idaho VPN with Duo multifactor authentication.

 

Are VPN connections be protected by Duo?

Yes, VPN connections require that you approve a login attempt. Once you enter your username and password, a Duo Push notification will automatically be sent to your primary device which has the Duo Mobile app installed. Once you approve the Duo Push, your connection will complete. If you do not use the Duo Mobile app, you can use a hardware token, SMS code or a voice call.

Can I use a passcode or hardware token to connect to the VPN?

Yes, passcodes and hardware tokens are supported for VPN connections by using something called "Append Mode". To use Append Mode, enter your username into the VPN connection prompt as you would normally do, then enter your password followed by a comma (",") and then the passcode. If your password was G0Vandals and the passcode you wanted to use was 123456, this would become G0Vandals,123456. When you click "Connect", the VPN will complete the connection process without sending a Duo Push. Passcodes can be obtained from the Duo Mobile app, from SMS backup codes, from a hardware token or a bypass code provided by your TSP, System Administrator or the Student Technology Center.

Can I use a phone call with Duo and the VPN?

If you have not enabled Secure MFA, you can receive phone calls from Duo to complete your authentication when logging in to the VPN. If you have a landline phone or a mobile phone number (not the Duo app) enrolled, Duo automatically dials the phone number when you login. However, if you have the Duo mobile app enrolled from any mobile device, Duo sends a push notification to the mobile app by default. Duo only dials a phone number automatically if you do not have the Duo app enrolled in your account.

If you have enabled Secure MFA, you cannot use a phone call, or SMS code to approve any login attempt.

If you have multiple phones or phone numbers enrolled, Duo will dial the first one by default. If you want to receive a call on a different phone number, you can specify which one using a method similar to "Append Mode". For example, to receive a phone call at the second phone you enrolled, enter your username into the VPN connection prompt as you would normally do, enter your password followed by a comma (",") and then "phone2" without quotes. You can specify the phone using phone1, phone2, phone3, etc, depending on how many phone numbers you have enrolled. The first or oldest phone number currently associated with your account is assigned phone1, the next oldest is phone2, and so on.

 

Type... To...
password,passcode Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator.
Examples: "mypass123,123456" or "mypass123,1456789"
password,push Push a login request to your phone (if you have Duo Mobile installed and activated on your iOS, Android, or Windows Phone device). Just review the request and tap "Approve" to log in.
password,phone Authenticate via phone callback.
password,sms Get a new batch of SMS passcodes.
Your login attempt will fail — log in again with one of your new passcodes.

 

100% helpful - 2 reviews

Details

Article ID: 875
Created
Wed 6/13/18 8:50 AM
Modified
Mon 9/12/22 11:43 AM

Related Articles (16)

Current VPN solution and its uses.
Information on DUO tokens
Add a U2F or FIDO token to Duo.
This is a tutorial for how to add and manage your Duo devices.
This tutorial explains how to set up the UI VPN for a machine running OS X.
Setting up a VPN for Windows.
This tutorial goes over how to set up the UI Cisco Any Connect VPN onto a Linux machine.
This tutorial explains how to set up VPN for an iOS device.
Setting up VPN for Android.
This article contains resources and information to enroll and implement multi-factor authentication at U of I.

Related Services / Offerings (1)

I need to connect to my University of Idaho resources (Banner, shared drives, etc.) from home or another location off campus.