Accessing UofA Learning Management Systems (LMS) from Inside Mainland China
Introduction
The University of Alberta has subscribed to the Alibaba Cloud Network Service service for users with CCIDs learning from inside mainland China. This service improves their connectivity to UofA learning resources such as eClass, Gmail, G Suite, online proctoring, etc.
Applicability
This article is applicable to any University affiliate with a CCID who is inside mainland China and requires access to UofA learning resources.
For remote access to all other campus resources see KB0012158 - Access the University of Alberta VPN
Note About Usage and Access
This service uses the Alibaba Cloud with the primary point of presence residing in a data center in Shanghai. Since the service resides on a Chinese cloud provider's infrastructure inside mainland China, the Cloud Network Service is required to comply with regulations enforced inside mainland China. Due to these regulations we are not able to offer full access to the Internet through this service and are only able to provide access to UofA resources directly related to teaching and learning. Websites such as Facebook, YouTube and Google Translate (not an exclusive list) are not accessible through this service.
If a service or website is encountered that is not directly tied to teaching and learning, the following message, or one similar to it, may be displayed in the browser:
“An application is stopping Chrome from safely connecting to this site” “Fortinet is not configured correctly. Uninstalling Fortinet usually fixes the problem. Applications that can cause this error include antivirus, firewall, and web-filtering or proxy software”
If this happens, record the URL, disconnect from the service, and try accessing again. If the link came from eClass or a University website please email ist@ualberta.ca with the URL and a brief description of where it came from. We will do our best to enable that URL while still complying with Chinese regulations.
Accessing Library Resources
Once connected to the service, your device will use an IP address in the Alibaba Cloud. This means campus Library resources will see your connection attempts coming from the public Internet and not from UofA owned networks. To ensure continued access to Library resources please follow the instructions posted here: https://www.library.ualberta.ca/services/off-campus-access
Common Problems, Causes and Solutions
For a list of common problems, what causes them and solutions, click here.
Installing and Connecting the Client
The following steps have been tested with FortiClient 7.0.7 on Windows and Mac. If you are using an older version it is strongly suggested you upgrade.
1) Download the free FortiClient VPN software from one of the following locations:
Note: The Offline installer contains all files required to install the software without any further downloading. This file may take additional time to download and install than the Online installer. The Online installer will download all required files during installation. This may be faster then the offline method, but may be blocked. If you're unsure which file to download, select the Offline installer.
Preferred - Hosted on UofA servers in Edmonton:
Alternate - Hosted on Alibaba servers in Shanghai (use this if the Edmonton servers are not accessible):
2) Run the installation file. This guide uses the Windows Online installer as it contains an extra step but the Mac and offline installers are similar except where noted.
Note: Local administrator credentials are required.
3) Running the installer will automatically start the download of all required files to complete the installation.
Note: This step only happens if you are using the Online installer. If you are using the Offline installer, this step is not present so proceed to Step 4.
Note: The download happens directly from Fortinet servers which the UofA has no control over. If this download takes too long, pauses or does not start, then refer to the Step 1 and download the Offline installer from either the Preferred or Alternate sites.
4) If prompted to allow changes, click OK or Accept. Accept the license agreement, leave the installation directory as-is, click Install. When done, click Finished. Proceed to step 5.
Step 5) A shortcut to the FortiClient VPN should be on your desktop, in your Start Menu and/or in your Task bar. Double click any of them to begin configuring the client.
Step 6) Click on Configure VPN
Step 7) Configure the VPN with the following values:
VPN: SSL-VPN
Connection Name: Whatever you choose. Recommend UofA Remote Learning
Remote Gateway: 139.196.92.112
Customize Port: 443
Authentication: Prompt on login
Click Save
Step 8) Select the VPN you just created in the VPN Name dropdown field, enter your CCID and CCID password. Click Connect. A certificate error will be presented - click Yes to proceed.
Step 9) The VPN will take a few moments to connect. A % will be displayed as it connects. Once the screen shows 100%, the VPN Connected screen as shown below will be present. At this point, the service is ready for use.
Note: If the connection stalls at any %, refer to the next section about common problems and how to solve them.
Common Problems, Causes and Solutions
Problem: A password is required to install the FortiClient VPN software.
Cause: The FortiClient VPN software requires local admin.
Solution:
1) Run the installation software with local admin credentials.
Problem: The installation stalls when downloading the additional VPN software components.
Cause: Access to the Fortinet controlled server is being blocked or is unreliable.
Solutions:
1) Download the offline installer from the UofA managed storage service in the Alibaba Cloud. This installer comes with the additional components that do not require separate downloading.
Windows Offline Installer http://vpnclientstorage.oss-accelerate.aliyuncs.com/forticlientvpnoffline.exe
Mac Offline Installer http://vpnclientstorage.oss-accelerate.aliyuncs.com/forticlientvpnoffline.dmg
Linux Deb Offine Installer http://vpnclientstorage.oss-accelerate.aliyuncs.com/forticlientvpn.deb
Linux Rpm Offline Installer http://vpnclientstorage.oss-accelerate.aliyuncs.com/forticlientvpn.rpm
Problem: Antivirus software is not permitting access to oss.aliyuncs.com
Cause: The antivirus software believe oss.aliyuncs.com to be malicious
Solution:
1) Add an exception to permit oss.aliyuncs.com by following your antivirus products documentation. Note* consider removing this exception when the FortiClient VPN is fully installed.
Problem: The connection stalls around 40% or 45%
Cause: Certificate validation has failed
Solutions:
1) Try reconnecting - random failures do occur but are rare.
2) Check for a pending window/prompt with a certificate error. Occasionally it pops up behind the FortiClient window. Click Yes/Accept.
3) Try again on a different device or network
Problem: The connection stalls around 80% and generates an error 'Unable to establish a VPN connection. The VPN server may be unreachable'
Cause: Credentials could not be validated
Solutions:
1) Ensure the user has not typoed their CCID or password.
2) Ensure the username is just their CCID and not ccid@ualberta.ca
3) Try reconnecting - random authentication failures do occur but are rare
Problem: Access is blocked by a local firewall.
Cause: While this shouldn't be an issue for a vast majority of users, but you may have to permit the following IP if traffic is being blocked on your device.
Solution: Permit traffic from 47.251.34.255.
Problem: Browser errors occur when trying to access websites. The error message may read something similar to "“An application is stopping Chrome from safely connecting to this site” “Fortinet is not configured correctly. Uninstalling Fortinet usually fixes the problem. Applications that can cause this error include antivirus, firewall, and web-filtering or proxy software”
Cause: The VPN service is unable to properly identify the website or service in question and is attempting to further identify the site.
Solution: If possible, follow the browsers documentation to accept the error message. If the site is ultimately blocked, see the Problem below.
Problem: User is unable to access a website they expected to be accessible.
Cause: The service is blocking the website or service trying to be accessed.
Solution: This VPN service is not a commercial 'unblocking' service and thus open access to the entire internet is out-of-scope. The VPN service by default blocks all traffic and only permits traffic explicitly required to access UofA owned learning management systems. If the user thinks the site being accessed should be unblocked then record the full URL or domain they want unblocked and send a ticket to IST Security for review.
Note* Social media platforms like Facebook, media sharing sites like Youtube and translation services like Google Translate will not be permitted. No exceptions.
Keywords: china, vpn, networking, eclass, lms, learning, management, system network, mainland, fortinet, forticlient, remotelearning, remotelearning.ualberta.ca