VPN is "Virtual Private Network"

Basically, VPN refers to  technology that extends trustworthiness to remote computers & users while using the public network.  VPN uses PPTP (Point to Point Tunneling Protocol) or IPSec to connect a "remote" computer to a central VPN server in order to allow access to various services. The "remote" computer might be a home system (connecting through Telus or Shaw, or whatever) or a computer connecting wirelessly either on campus or elsewhere. The user presumably wants access to some protected resource: the "home file system"; departmental web pages; etc.

The PHAS VPN is just a subset of the UBC VPN. UBC IT provides the department with a range of IP addresses which are reserved for people with a CWL role of ca.ubc.service.vpn.phas.users.   If you connect to a PHAS service with one of these IPs, the server knows that you are a trusted "phas person".

How To connect to the PHAS VPN:

  1. Obtain a CWL role of ca.ubc.service.vpn.phas.users. Note: This is for PHAS department members only. Send a request to sysadmin@phas.ubc.ca with your CWL username.
  2. Since PHAS VPN is just a subset of the UBC VPN, to connect to the PHAS VPN you follow the same steps as used to connect to the UBC VPN (see below for instructional links) with the exception of adding ".phas" to your CWL username.
    For example, if your CWL username is smith, you would enter:
    smith.phas  (No longer works, please see UPDATE below)
    as your username in the VPN login window.

UPDATE: Starting Tuesday September 15th, 2020 we are enabling Multi-factor Authentication (MFA) when connecting to the PHAS-VPN.

The main change you will need to be aware of is that when using the Cisco AnyConnect Security Mobility Client you will need to type “@” after your username along with how you want to authenticate;  see table below.

Duo App Enter username.phas@app if you wish to authenticate using your smartphone
Phone Call Enter username.phas@call if you wish to authenticate by a phone call either to a landline (deskphone) or mobile phone. Please note that if you used username.vpnpool@phone before, this '@phone' prefix still works too.
Passcode Enter username.phas@****** if you wish to authenticate using a passcode generated by a hardware token or a soft token using the Duo app.
The * indicates the unique code generated for a particular authentication instance. Enter the numbers as they appear on your token after @, not the actual asterisks).

So, for instance, if my CWL username is "asmith" in the Cisco AnyConnect Security Mobility Client, I would need to enter


for my Username if I am going to use the Duo App for authentication.

We strongly urge everyone to review the webpage at  https://mfadevices.id.ubc.ca/vpn for more information including screenshots.

After you have read that webpage, if you have any questions or concerns please contact one of the PHAS-IT staff as soon as possible to ensure that you are prepared for the change.

Further Notes

After connecting to the PHAS VPN, the IP address you are assigned should be in the range from: to (aka

Windows users can verify this by opening a CMD window and typing "ipconfig". Linux users can do the same by typing "ifconfig" in a terminal window.

Please see the following UBC IT page for detailed instructions: UBC IT myVPN Setup Documentation

Please report any problems to sysadmin@phas.ubc.ca, including the following information:

  • When did the problem occur, date and time?
  • What is your CWL login? (no passwords please)
  • What is your workstation Operating System?
  • What internet service are you using (Shaw, TELUS, other)?
  • Browser and it's version?
  • Have you successfully used the VPN w the same setup previously?