Contact ITsupport |  IT Service Catalogue |  A to Z

VPN is "Virtual Private Network"

Basically, VPN refers to  technology that extends trustworthiness to remote computers & users while using the public network.  VPN uses PPTP (Point to Point Tunneling Protocol) or IPSec to connect a "remote" computer to a central VPN server in order to allow access to various services. The "remote" computer might be a home system (connecting through Telus or Shaw, or whatever) or a computer connecting wirelessly either on campus or elsewhere. The user presumably wants access to some protected resource: the "home file system"; departmental web pages; etc.

The PHAS VPN is just a subset of the UBC VPN. UBC IT provides the department with a range of IP addresses which are reserved for people with a CWL role of ca.ubc.service.vpn.phas.users.   If you connect to a PHAS service with one of these IPs, the server knows that you are a trusted "phas person".

How To connect to the PHAS VPN:

  1. Obtain a CWL role of ca.ubc.service.vpn.phas.users. Note: This is for PHAS department members only. Send a request to ITsupport@phas.ubc.ca with your CWL username.
  2. Since PHAS VPN is just a subset of the UBC VPN, to connect to the PHAS VPN you follow the same steps as used to connect to the UBC VPN (see below for instructional links) with the exception of adding ".phas" to your CWL username.

NOTE:  Multi-factor Authentication (MFA) is mandatory when connecting to the PHAS-VPN.

When using the Cisco AnyConnect Security Mobility Client you will need to type “@” after your username along with how you want to authenticate;  see table below.

Duo App Enter username.phas@app if you wish to authenticate using your smartphone
Phone Call Enter username.phas@call if you wish to authenticate by a phone call either to a landline (deskphone) or mobile phone. Please note that if you used username.vpnpool@phone before, this '@phone' prefix still works too.
Passcode Enter username.phas@****** if you wish to authenticate using a passcode generated by a hardware token or a soft token using the Duo app.
The * indicates the unique code generated for a particular authentication instance. Enter the numbers as they appear on your token after @, not the actual asterisks).

So, for instance, if my CWL username is "asmith" in the Cisco AnyConnect Security Mobility Client, I would need to enter

asmith.phas@app

for my Username if I am going to use the Duo App for authentication.

We strongly urge everyone to review the webpage at  https://mfadevices.id.ubc.ca/vpn for more information including screenshots.

After you have read that webpage, if you have any questions or concerns please contact one of the PHAS-IT staff as soon as possible to ensure that you are prepared for the change.

Cisco Secure Client (starting February 18, 2025)

In its next version update, AnyConnect will be replaced with a new, rebranded version of the VPN application, Cisco Secure Client. This change will occur on February 18, 2025, at 9:00am.  After the update users will notice the new name (Cisco Secure Client) and a refreshed look. Functionally, the VPN client will remain unchanged, and steps for connecting to VPN will also remain unchanged.

Old look (Cisco AnyConnect):
 New look (Cisco Secure Client):
secure client
What do I need to do?
  • Windows and Mac users: the update to Cisco Secure Client will be automatic, and you will notice the new name and refreshed look the next time you connect using VPN after February 18 at 9:00am.
  • Linux users: must download and install the update manually from the UBC Downloads page

Further Notes

After connecting to the PHAS VPN, the IP address you are assigned should be in the range from:

128.189.122.32 to 128.189.122.64 (aka 128.189.122.32/27)

Windows users can verify this by opening a CMD window and typing "ipconfig". Linux users can do the same by typing "ifconfig" in a terminal window.

Please see the following UBC IT page for detailed instructions: UBC IT myVPN Setup Documentation

Please report any problems to sysadmin@phas.ubc.ca, including the following information:

  • When did the problem occur, date and time?
  • What is your CWL login? (no passwords please)
  • What is your workstation Operating System?
  • What internet service are you using (Shaw, TELUS, other)?
  • Browser and it's version?
  • Have you successfully used the VPN w the same setup previously?