REANNZ develops and supports a range of products and services to support the specialist needs of our members in the R&E and innovation community.
We operate NZ's national research and education network and seamlessly connect with 120+ networks globally to enable researchers to collaborate.
REANNZ is proud to support the specialist needs of our members from NZ's research, education and innovation community.
Find out more about who REANNZ is, what we do and the people that operate New Zealand’s national research and education network.
Access the internet or your institution's network via an encrypted connection.
eduVPN is an easy to deploy VPN solution designed for and by the research and education community. With ready-to-use client apps for all major platforms, modest hardware requirements and great value performance, eduVPN is an effective tool designed to support secure access to the internet or an institution’s network.
eduVPN has a choice of authentication and redundancy options.
It provides useful visibility through its user portal. Admin access enables the management of users, their configurations, connections and devices and provides an overall view of statistics.
There is also the option to set up alerts and monitoring, which is available through Prometheus.
Organisations have increased demands on their current VPN solutions, with the growing uptake of flexible work arrangements and hardware firewalls with longer replacement cycles. The solution:eduVPN runs OpenVPN on a Linux server, in an easy to set up and use way. It also has great reach, an eduVPN solution can support up to 1000 simultaneous connections.
eduVPN is also known as Let'sConnect, a simplified, flexible, opensource VPN solution.
The VPN clients available include Linux, Windows, Mac OSX, Android, iOS or any OpenVPN client (but it is recommended that the above clients are used).
It provides a secure Internet connection on the go.
The VPN server meets the specialist needs of the community, with additional security provided through federated login.
Up to 1000 concurrent clients can run on one server (16 CPU cores with AES-NI)
The load is split over multiple CPU cores via multiple OpenVPN processes, running on alternate ports.
It can also scale higher over multiple nodes (with a single controller, also serving as a worker node).
Typical deployment of a VPN solution involves manual configuration and the crafting of individual, per user profiles. With eduVPN this process is simplified:
eduVPN creates an OpenVPN configuration,
eduVPN installs and runs a CA for OpenVPN X509 certificates,
eduVPN creates user connection profiles on-demand (after the user authenticates),
eduVPN client apps fetch and deploy OpenVPN profiles, user authentication is done from within the app (built-in or on an external browser).
eduVPN also makes authentication easier through the following options:
LDAP to existing directory service (such as Active Directory),
RADIUS to existing network authentication infrastructure,
SAML to Tuakiri IdP,
Or authentication through cloud infrastructure (AzureAD, Office365, Google Apps). Cloud-based authentication can also include 2FA natively.
Local username and password options are also available.
Any of the above authentication options can be strengthened with 2FA managed by eduVPN (where not provided natively such as for cloud-based authentication).
Authentication, including 2FA, only occurs when retrieving a profile - not for every connection.
Access controls can establish the permissions a user gets and map them to the correct OpenVPN profiles. OpenVPN profiles can grant users distinct network level access:
Access to campus network,
Access to privileged internal resources,
Access to outside network only - but coming from institutional IP addresses (for example, resource subscriptions)
Split tunnel access (retaining direct outside connectivity, but using the VPN for access to the internal network only)
Each profile uses a distinct range of IP addresses that each have separate configuration to a firewall.
eduVPN does not provide a firewall solution, it is a VPN solution only. A separate firewall that meets the needs of its users should still be included as a part of an organisation’s overall security solution.
A hosted eduVPN deployment offers additional simplicity and convenience. Administration of the configurations and user management can still be managed by members through the portal, but the operational, networking and deployment overhead is managed by REANNZ. This solution is designed to support smaller organisations or internal teams within larger organisations (for example, a research group or technology team within a CRI or University).
REANNZ can host an eduVPN deployment for a member through the integration of existing network services, which would be a suitable option for smaller organisations of about 200 users. Ongoing support from the REANNZ team alleviates the operational overhead for smaller IT teams.
REANNZ can support members to self-deploy an eduVPN solution. This would not be managed by REANNZ, but technical assistance would be available during the deployment. This assistance would be done in a consulting capacity by a REANNZ engineer.
Should members require assistance after the deployment, an additional consulting contract may be required based on the type of work needed. Support is available to members via the helpdesk at help@reannz.co.nz.
A self-deployment of eduVPN would not have contracted SLAs associated with it, REANNZ will answer questions and support the community where possible.
eduVPN is provided by GÉANT (the pan-European NREN) and can be implemented by NRENs or institutions. For more information visit eduVPN.org.
Get in touch with the team at engagement@reannz.co.nz if you have any questions or would like to know more about eduVPN as a service.
Find out more about REANNZ Products and Services.
Find anything about our products, services, and more. Enter a query in the search input above.
