UTORvpn is a general, remote access, VPN service. It connects your computer to the University’s network and protects the traffic across suspect intermediate networks such as hotels and coffee shops. UTORvpn cannot be combined with other network security measures such as Anonymous VPNs or TOR. When connected, all internet traffic from your computer will pass through UTORvpn. You will sign into UTORvpn using your UTORid and password.
It can be used for easier access to library e-resources and access other services which may be restricted to general on-campus networks. UTORvpn should not be used for privileged access or other security-sensitive work; please see AdminVPN for those needs.
What can I use UTORvpn for?
Use of UTORvpn is subject to the University’s Appropriate use of Technology Guidelines. Most web browsing or common e-communications activities are permitted. Because UTORvpn protects all of your internet traffic, and this is a shared service, please be cognizant of how much bandwidth you are using.
For Service Owners
If you are the owner or operator of an IT service related to U of T, then you may need to decide to allow, or deny, access to your service for users connecting through UTORvpn.
All UTORvpn users are being connected through Carrier Grade NAT. UTORvpn connections will come from the network ranges: 126.96.36.199/24, 188.8.131.52/23, 184.108.40.206/23
Note that VPN client will be assigned an IP address in the network range 100.98.0.0/19 or 100.98.128.0/17 reserved for carrier-grade NAT. The address range is translated to IP range specified above to access resources on the UofT network and the Internet.
Migration Notice: UTORvpn is undergoing a migration from OpenVPN to Cisco’s ASA VPN. For LegacyVPN documentation, see http://vpn.utoronto.ca/
UTORvpn is available to all University Faculty, Staff, and Students identified by UTORid.
Guest accounts (with a qq prefix) or other irregular accounts cannot connect to UTORvpn.
- Users that exceed 20GBs/day will receive an automatic warning e-mail from firstname.lastname@example.org
- If suspicious/abusive patterns are identified while using UTORvpn, further action may be taken to protect your account and the integrity of the service. Before starting any leisurely activities, users are advised to disconnect from the service.
- Dynamic Split Tunnelling has been integrated into UTORvpn, which makes users exclude specific domains from the UTORvpn service. That is, if a user attempts to access an excluded domain (e.g. YouTube), access would be dependent on the user's ISP (internet service provider), and any usages on the excluded domain would not contribute to the 20GBs/day cap.
In addition, UTORvpn blocks:
- Nameserver (port 42)
- DHCP (ports 67-68)
- TFTP (port 69)
- NETBIOS (port 139)
- SNMP and SNMP trap (ports 161-162)
- Microsoft Directory Service (port 445)
- Ports 593, 707, and 4444
If your service requires additional protocols or ports, please contact us with your business justification. Requests will be reviewed in the context of the service’s intended use and the University’s overall security posture. If your use-cases is limited to specific individuals please consider our AdminVPN service.
If you are identifying bad conduct originating from the UTORvpn network range, please contact us.
List of excluded domains for dynamic split tunnelling: YouTube
Microsoft Teams, Skype, SFB
Amazon Prime Video
Some FAQs are directly linked with Enterprise Service Centre's Knowledge Base. If you initially receive an error that states "Article not found", login using your UTORid and then try again.
How do I connect to UTORvpn (for Windows, Mac, Linux)?
Where can I download Cisco AnyConnect (for Windows, Mac, Linux)?
How can I connect to UTORvpn on iOS/Android? (assuming I have Cisco AnyConnect downloaded from the app store)
I want to continue to use LegacyVPN, but on a new machine. How can I connect to LegacyVPN?
Note: LegacyVPN was initially intended to be decommissioned, but in response to the COVID-19 pandemic, the decision to decommission LegacyVPN is temporarily suspended until further notice. See the "News" tab for further updates. If you do not have any prior knowledge of LegacyVPN/OpenVPN, please use Cisco AnyConnect.