You'll need to find out the IP address/range of the VPN. You can then use the IncludeIP directive to force users coming in on the VPN to always authenticate. A better solution may be to use the AutoLoginIP directive that was already suggested. Heather · · · · · · · · · · · · · · · Heather Klish Systems Librarian University Library Technology Services [log in to unmask] 617.627.5853 sent from my phone Joselito Dela Cruz <[log in to unmask]> wrote: Hi Heather, Yes our VPN uses split tunnel. -----Original Message----- From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Klish, Heather J Sent: Thursday, October 18, 2012 2:20 PM To: [log in to unmask] Subject: Re: [CODE4LIB] VPN & EZ Proxy This also depends on if your VPN is full tunnel or split tunnel. Here's my very, very simplified explanation: If full tunnel, users who are logged into the VPN shouldn't need to authenticate as traffic to the external resource should be seen as coming from 'on-campus'. If split tunnel, users who are logged into the VPN will need to authenticate because traffic directed to external sites will be using the IP address of the user (I believe). We had problems with this while our VPN was split tunnel. We had to set EZproxy to always authenticate users coming in from our VPNs IP address. Heather ---------- Heather Klish Systems Librarian University Library Technology Services Tufts University 617.627.5853 [log in to unmask] ________________________________________ From: Code for Libraries [[log in to unmask]] on behalf of Joselito Dela Cruz [[log in to unmask]] Sent: Thursday, October 18, 2012 1:46 PM To: [log in to unmask] Subject: [CODE4LIB] VPN & EZ Proxy Hi All, We use EZ Proxy for authentication and we always tell the staff who uses VPN to turn their VPN off so they can access our databases. Is this the right way? Looking for answers around and could not find any. I thought I would throw this in here. Thanks for feedbacks. Jay Dela Cruz