Expand Menus:
Hide Menus:

VPN Virtual Private Network

Developers and system administrators of the Administrative Systems should use the Public VPN Client and authenticate through Stanford University Access Control (SUNAC) to gain access to the systems and databases.


Virtual Private Network (VPN) is a remote access technology that creates a private encrypted connection over the Internet between a single host and Stanford's private network, SUNet. Stanford's VPN service allows any Stanford affiliate with an active SUNet ID to connect to the campus from any available network connection almost anywhere including from home, from many hotels, and even from within some company networks.


When using VPN, your off-campus computer is dynamically assigned a Stanford IP address to connect back to Stanford's network. A Stanford IP address allows you access to Stanford's computing resources and certain campus services (e.g., departmental file and print servers). The Stanford IP address granted by VPN is visible only to Stanford network resources; all other non-Stanford computing resources (e.g. non-Stanford web sites) will see the IP address provided by your internet service provider.

A major benefit of the VPN is to provide users with a Stanford IP address, thereby making access to restricted services possible. Examples include:

  • Users on the MedSchool and Hospital networks who need to access resources on the University network (SUNET).
  • Users connecting from corporate networks.

Note: The VPN does not enable access to licensed library resources. For access to these materials, please see the proxy setup instructions on the libraries' Off-Campus Access page.

Stanford DSL users receive a Stanford IP address automatically and do not benefit from using the Stanford VPN service.

Data security restrictions

Stanford VPN provides encryption from your computer to the Stanford VPN gateway. While Stanford VPN provides encryption between your computer and the Stanford network, be aware that other security measures, such as proper password use, operating system security patches, firewall settings, up-to-date virus scanners, and the like are still required to protect the data you are sending electronically. Please use caution and do not send your passwords or other confidential information as you would over a secure network. (Logging in to an HTTPS destination is OK.)

If you are using a wireless network or are connecting from outside the Stanford network (for example, at a conference), it is recommended that you use Stanford VPN to connect to the Stanford network. (VPN use is for wired and wireless use.) If you are using a wired computer and are on the Stanford network, it is generally sufficient to use encrypted protocols such as SSH, HTTPS, and IMAPS instead of VPN. (Using VPN in this case would not measurably improve security.)


If you encounter problems or need assistance, please submit a HelpSU request.


Currently, IT Services provides VPN service, including the client software and necessary support, free of charge.

Getting started

Stanford provides two options for establishing a Public VPN connection to Stanford's network, SUNet: the Cisco VPN Client and the Secure Sockets Layer (SSL) VPN Client. All that's required is to download, install, and run the VPN client software.

The Cisco VPN Client is available for Windows XP (32-bit only), Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit ), Mac OS X, and Linux operating systems. Installation instructions are available via the menu links on the left side of this page.

The SSL VPN Client provides an alternative to the traditional Cisco IPSec VPN. It lets you use SSL as the VPN transport to connect to Stanford's Public VPN in locations that do not permit IPSec traffic. Also, SSL VPN supports 64-bit versions of Windows XP, Windows Vista, and Windows 7.

Once started, the VPN connection will transfer any traffic you send toward a Stanford IP over the VPN connection. For example, if you connect via VPN, and log into any computer system at Stanford, you'll appear to be connecting from a Stanford IP. All other traffic will use your conventional network connection.

Note: If you log into any other system outside of Stanford, you'll connect using the IP number provided to you by your ISP company.

Users who have installed the client and successfully established a first connection/session generally have not experienced problems thereafter. If you have difficulty establishing an initial connection, please try uninstalling the client and then reinstalling it as your first step in troubleshooting.

Last modified Fri, 12 Nov, 2010 at 13:37