Apple built-in VPN will stop working at ETH

The central IT services will gradually disable the older IPSec protocol for ETH VPN:

  • 16th Nov 2023 for students (@student-net.ethz.ch realm)
  • 13th Dec 2023 for employees (@staff-net.ethz.ch realm)

Those of you who are already using the Cisco Secure Client for their VPN connections will not be affected by this change. Also the Linux openconnect client will continue to work.

However, any client relying on the IPSec protocol will become non-functional. In particular, the built-in VPN of Apple operating systems (macOS, iOS, iPadOS) will stop working. All affected users must migrate to the Cisco Secure Client in the upcoming weeks, to avoid any disruption of the VPN service.

For the actual installation, please refer to the VPN documentation of Informatikdienste, or our own readme for macOS.

Also note that, in the upcoming months, ETH will enable Multi-Factor-Authentication (MFA) for the VPN service. So all users will have to enter a one-time-password (OTP) when connecting the VPN. This is similar to the other services, mainly the cloud services of Microsoft, Adobe and Zoom, where MFA has already been enforced for ETH accounts. Further details regarding the VPN MFA migration will be announced as soon as the precise dates have been fixed.

Tags: