College guidance on use of VPN

ICT provides many solutions for remote access. Historically the College VPN was the preferred method of connecting remotely, however, while VPNs can be used to securely extend a network to a remote location they have several problems, and for the reasons listed below ICT believe it is better to move away from using VPNs.

Please use the alternative methods detailed on the remote access page.

Problems when using VPNs

Problems when using VPNs

1. VPNs require specific software to be installed and then configured. This process can be difficult across a range of devices, particular on non-college-owned systems.

2. VPNs are often blocked, intentionally or accidentally, by networks. This can prevent the use of a VPN - and VPN-dependent services - entirely.

3. VPNs may be rate-limited and therefore suffer from an unreliable or poor performing connection. This is common on residential broadband connections, where many ISPs limit VPNs entirely.

4. When connected to a VPN traffic may be channelled through a route the user isn’t aware of, as they are not application specific. Examples include BBC iPlayer or Netflix, or other traffic which is legitimate at home, but not permitted. This has been problematic in the past, as ICT have to address these violations of the AUP, even though the user did not intend this.

5. In some countries, VPNs are not legal. By relying on the use of VPN for our services, we either exclude or place customers in these locations at risk. Staff and Students are advised to consider what they are trying to access and ensure that they will have access to this files from their designated destinations before departing. It is the responsibility of the individual to ensure that their data is located in a safe secured repository in line with the College's Data Protection Policy (Section 4).

If you have any questions regarding the college VPN Service, or would like advice on how to access the locations that you need to remotely please contact the ICT Service Desk.

The method you should use to access your College PC using an Virtual Private Network (VPN) connection is determined by the operating system on the device you wish to use.

Operating system of your device

Map an H: drive?

Contractor VPN Service



Can I use the Virtual Private Network (VPN) to access ICIS?

The College (VPN) will not allow you to access ICIS remotely. A secure access gateway service has been developed to permit remote access to ICIS.

I am having problems with my home Virgin router.

Often it is necessary to change the settings on your home router to allow access to the Virtual Private Network (VPN).

Some routers need to have their Point to Point Tunnelling Protocol (PPTP) settings changed before they will work with the Imperial College London VPN. Contact your Internet service provider to arrange this.

If your VPN settings are correct but you are still unable to connect, follow these steps:

  1. Look at the sticker on the back of router and locate the web address under Super Hub Settings (or similar).
  2. Open a web browser on your machine and enter the web address.
  3. Enter the username and password on the sticker when prompted.
  4. Click on Advanced Settings and then Firewall Settings to make sure that PPTP Pass Through is ticked.
  5. Click on Services and make sure PPTP Pass Through is ticked.
  6. Click on Firewall Settings, then Advanced Settings, then Security and make sure that PPTP Pass Through is ticked.
  7. Try setting up the VPN connection again.


Steps 4-6 are general as all routers are slightly different.

Occasionally your home Internet service provider will update your router without telling you and resetting any changes you have made. If your VPN connection suddenly stops working and you receive an Error 619, 800 or a message that states The PPP server could not be authenticated, then you will need to make the changes again.

I am trying to connect from an Intercollegiate Hall.

Some Intercollegiate Halls may block access to Virtual Private Network (VPN) services. Please contact your local IT support for more information.

I am trying to use the Virtual Private Network (VPN) from behind a corporate firewall/other academic site. What ports and protocols does the VPN use?

Many other websites (academic or otherwise) may use a firewall to control network traffic outside of their network. For instance, NHS Trust websites do not allow access to the College VPN service. To gain access, you must request that your local IT support team opens the following on their firewall: Port 1723/TCP (PPTP) Protocol #47 (GRE)

The remote site may need to enable PPTP ALG or PPTP fixup on their firewall or Internet router.

Please note that VPN access is against current NHS Trust policies, so if you are using the NHS Trust networks, you must find alternative methods to gain access to College resources.

I cannot connect to the Virtual Private Network (VPN) through an Apple Airport.

You need to ensure that you are using Airport 2.0.4 pr higher to connect to the College VPN service.

I get a message saying that my username is invalid.

Please make sure that the you are using the username and password for your College account and that your username is not prefixed with IC e.g. IC\yourusername.

I get a message telling me there is a name conflict on the network. What does this mean?

If your remote machine has a name that is already in use by an on-campus machine, you may be sent this error message: No domain controller could be found. This may prevent you from being able to login to the College network and see other devices through the Network Neighbourhood. If you can change the name of your remote machine to a unique name, the problem will be resolved.

Please make sure you change the name of your machine to a name that does not already exist on the Windows network. Due to the nature of Windows host naming, there is no list to check. There are no restrictions to how often you may change the name of your machine, so keep trying until it works. Adding a few extra letters or numbers to the name usually solves the problem.

I have a firewall on my remote computer.

Some firewalls will block VPN connections by default. You will usually have to enable your firewall to allow this traffic in order to use the College VPN.

Please consult your firewall manufacturer's instructions. If the instructions ask for an address range, then you should allow PPTP traffic to/from the College VPN IP address:

Due to the wide variety of firewall products now available we cannot offer specific advice on how to set up your firewall to allow the College VPN service.


Problems have been reported when using Zone Labs ZoneAlarm (ZA), so please turn it off and try again.

I have configured my web browser to use my service provider's web cache. Will Virtual Private Network (VPN) still work?

You may experience some problems e.g. longer page loading times and problems with some interactive sites.

You may wish to disconnect your web browser from your service provider's web cache while you are using the College VPN. You do not need to specify the College cache because the VPN service will divert to it automatically. Reconnect your service provider's web cache connection when you are finished using the College VPN.

I have set up the Virtual Private Network (VPN) client as instructed but it still does not work.

Please try the following things:

  • Verify your installation.
  • Ensure that your operating system (Windows, Mac OS, Linux etc.) is fully updated and patched.
  • Check with your Internet service provider's help desk that it allows Point to Point Tunnelling Protocol (PPTP).

If these do not work, then contact the ICT Service Desk.

I try to connect and keep getting Error 800, which says that my security parameters are incorrect.

If you receive the Error 800 message when trying to connect to the Imperial College London Virtual Private Network (VPN), please follow these steps:

  1. Check that the Type of VPN field under VPN properties on the Networking tab is set to PPTP.
  2. Check that your personal firewall is set to allow VPN connections or that your corporate or academic website firewall allows these connections.

This error will be seen from places that do not allow VPN connections, including Halls of Residence, some Intercollegiate Halls of Residence and NHS Trust networks.

Why does my Virtual Private Network (VPN) connection disconnect itself sometimes?

This may be due to heavy network traffic at times of peak demand such as evenings and weekends. You should be able to reconnect straight away.

Will my service provider email account still work?

It is unlikely that your service provider email account will still work when you are accessing the College network remotely. This is because service providers restrict access to their email service to their own networks. If you access the network remotely, your request to view your email account will appear to be coming from outside your service provider's network, so it will be rejected.

To use your service provider email account, stop accessing the network and restart your service provider email client.