If you are the owner or operator of an IT service related to U of T, then you may need to decide to allow, or deny, access to your service for users connecting through UTORvpn.

All UTORvpn users are being connected through Carrier Grade NAT. UTORvpn connections will come from the network ranges:,,

Note that VPN client will be assigned an IP address in the network range or reserved for carrier-grade NAT. The address range is translated to IP range specified above to access resources on the UofT network and the Internet.

Specifically, we will block:

  • Nameserver (port 42)
  • DHCP (ports 67-68)
  • TFTP (port 69)
  • SNMP and SNMP trap (ports 161-162)
  • PortsĀ 593, 707, and 4444

If your service requires additional protocols or ports, please contact us with your business justification. Requests will be reviewed in the context of the service’s intended use and the University’s overall security posture. If your use-cases is limited to specific individuals please consider our AdminVPN service.

If you are identifying bad conduct originating from the UTORvpn network range, please contact us.