Setting up GlobalProtect VPN on Windows

There are several steps to setting up GlobalProtect at Aber, and they need to be done in different locations (i.e. some steps can only be done from on the campus network and some can only be done from off it. While the IS pages give all the information needed, they’re not laid out in a particularly friendly way and it’s all too easy to miss essential steps in the setup. This page tries to give the basics. Don’t fret about how long the page is - it doesn’t take too long to work through!

Step 1: Two Factor Authentication

The VPN requires not just your username and password, but also a one time passcode (OTP) - a six digit number that changes every 30 seconds. You need to set this up from on campus - it can’t be done from home.

While you might think you’ve already done this for Office365 a couple of months back, the VPN uses a different OTP code. The numbers generated for one are incompatible with the other.

The relevant IS FAQ page for this step is here, but I’ll describe the basics below.

You need an app on your phone, tablet or computer in order to generate the codes.

Since you need to setup your OTP codes whilst on campus, using the Windows application pretty much means you will have to bring your home machine into work and connect it to eduroam (there are hacky ways around this, but they make things much more difficult).

For this reason, if you have an Android or Apple phone/tablet, I’d strongly recommend using the phone/tablet app rather than the Windows software.

The next step, which must be done from on campus, is to visit https://mfa.aber.ac.uk/ to create an OTP token for use in the app. Log into the website and click “Enroll Token” in the left hand box. On the next page, enter “VPN” (or whatever you like) into the description and click the “Enroll Token” button underneath the description. The next page will show you a QR Code. What you do next will depend on the app you installed above:

Don’t note your OTP code down or try to remember it - it changes every 30 seconds!

Step 2: GlobalProtect VPN

You should install the VPN software on the computer you’re intending to use at home.

The relevant IS FAQ page for this step is here, but, again, here’s my version of it!

While you can install the software while your home computer is on campus, you cannot use the VPN from within the Aber network (eduroam wireless or the wired network) and, if you try, you’ll get connection errors. If you have a phone with “hotspot” capabilities, you could connect your computer to that to test via the mobile network, but I’ll leave it to you to figure that one out!

The software is very easy to install. Download and run it from here. Click “Yes” or “Next” at every prompt and “Close” once it says it’s installed.

Connecting to the VPN from outside the campus network

You should now have a small, grey circular icon in your system tray area:

Click on it. The first time you do this, you will be asked for your “portal address”. Enter pa-vpn.aber.ac.uk and click “Connect”. If you get an error at this stage, check that you are connected to a working WiFi/wired/4G network. Note again that this will not work from Aber’s eduroam network.

You should then be prompted for your username and password. These should be your Aber username and password. The username should not contain the “@aber.ac.uk” part (e.g. use auj rather than auj@aber.ac.uk).

The next prompt will ask you for your OTP code. This is the six digit number from the Authenticator app or the WinAuth software that you used earlier. Start whichever app you chose and enter the number it shows. The number is nominally valid for 30 seconds, but you’re given a bit of leeway, so don’t worry if you overrun the time a bit.

Once you’ve entered the code, the VPN should connect and the grey icon in the system tray should turn blue & green, at which point you’ll realise it’s supposed to be an icon of the Earth!

Congratulations, you should now have a working VPN connection and should be able to access ABW and other Aber-only web pages!

If you now want to enable remote access to Windows on your work PC, please see this page.