VPN

Last modified by Aysegül Omus on 2024/01/08 14:57

Setting up a VPN connection to a Chair  in the CIT Departments

1. General

1.1 Activation and configuration file

A VPN is available for each chair (as well as service offices etc.). However, the VPN must first be set up with the cooperation of the Chair admin or IT supervisor. If you want to get VPN access, please get in touch with your Chair admin or IT supervisor. These are ultimately also responsible for the configuration, RBG only takes over the operation and consultation.

The Access must be activated for each user by the chair admin, the configuration file will be found here.

Please note: A connection to the VPN can only be established from outside the respective chair network (for example, the networks configured in the VPN). On the one hand, since a connection would create double routes, the VPN usually uses a UDP connection and UDP is completely blocked in most networks.

The VPN does not allow a direct connection to the Internet. Under Windows, access to the Internet should be possible via the direct network connection of the computer; under Linux, either the web proxy (proxy.in.tum.de) can be used or the routing table must be set so that the VPN is only used for routes provided by the VPN (no default route to the VPN).

1.2 Login and password

Login: CIT account (e.g. musterma)
password: CIT password

1.3 Required Software

On the Mac we recommend Tunnelblick:

macOS: Tunnelblick

Otherwise, the software openvpn-client must be downloaded and installed:

Windows: OpenVPN for Windows

Ubuntu: sudo apt-get install openvpn

2. Windows:

Install the OpenVPN-Client software that can be found here:: https://openvpn.net/community-downloads/

Start the installer:

https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/Vpn/WebHome/OpenVPNinstallWindows.png

Copy the OVPN-file (as described here) to the config folder. Usually, it is to be found here: C:\Program Files\OpenVPN\config

https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/Vpn/WebHome/OpenVPNWindowsConfig.png

Launch the VPN client via the desktop icon. (it may have already been launched, which will result in a corresponding message).

https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/Vpn/WebHome/OpenVPNwindowsIcon.png

Right-click the OpenVPN Icon on the taskbar and choose Connect.

https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/Vpn/WebHome/OpenVPNWindwosConnect.png

Enter your credentials (without @cit.tum.de)

https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/Vpn/WebHome/OpenVPNwindowsLogin.png

Your connection should be established now, as indicated by a green OpenVPN icon in the taskbar.

Screenshot 2020-03-20 at 13.48.37.png

3. macOS:

If you have not installed Tunnelblick, you can download it here and install it.

Note: Access must be activated for each user by the chair administrator, the configuration file is available from https://vpn.in.tum.de. 

Open the page https://vpn.in.tum.de and search for your chair in the list.

openvpnstandard.png

Right-click on the configuration file (standard, legacy, ios) and select Save the file as ... off.

vpndownloadovpn.png
 

 

Select the location of the file.

openvpnsave.png

The file was saved as a .txt file. Delete the ending .txt.

openvpnrename.png

Open the configuration file with a double click or with the right mouse button as below.

openvpnopenwith.png

You can choose whether the configuration file should be installed for all users of the laptop or only for the current user, i.e. for you.

openvpnonlyme.png

Enter the system password to confirm the installation.

openvpninstallconfiguration.png

When the configuration file has been installed, the following window appears in the upper right corner:

openvpnsuccessfullyinstalled.png

You will see a tunnel symbol when the program has started. Next, you can click it and select Connect vpn-xxx-standard to connect to the VPN.

connectopenvpn.png
 

 

 Finally, enter the CIT ID (without @cit.tum.de) and the CIT password in the opened window and click on OK.

openvpnlogin.png

When the connection is established the Tunnelblick symbol is white as can be seen in the screenshot below.

Screenshot 2020-03-20 at 13.53.25.png

4.  Linux:

Save the configuration file, e.g. to the Home folder.
 In the terminal, go to this directory and execute this command: sudo openvpn Configuration file, e.g. for group XXX:
sudo openvpn vpnxxx.ovpn
Then enter the CIT ID (without @cit.tum.de) and the CIT password.

4.1 Import VPN profile into network manager

The RBG VPN profile can be imported either via the Gui or via the command line.

4.1.1 Via the GUI tool nm-connection-editor:

Right-click on the nm applet and click on Edit connections: Then choose Add and then Import a saved one VPN configuration

4.1.2 Via the terminal:

Enter the following command in the terminal: nmcli connection import type openvpn file  / vpn-rbg-standard.ovpn

4.2 Possible Problems

It is possible, that openvpn has problems with Ubuntu.
 The problem is that in the network manager from the openvpn plugin in the settings page, this thing has to be activated: ''Use this connection only for resources on its network''. When activated there is no possible defaultgateway. Although the RBG VPN has no default gateway, thinks the network manager, that there is one and so is the problem lost

vpnipv4.jpg.png

The same has to be done for the IPv6 Settings.

vpnipv6.png

5. Special cases

5.1 Multiple VPNs

In Windows with multiple simultaneous OpenVPN  a connections another TAP device must be added.

Windows 7:

  • add hdwwiz.exe (Add Hardware Wizard) to be able to add a new hardware component.
  • Manually select the hardware from the list (advanced setting), leave the settings at Show all components, click on Installation media available
  • The path for the driver is:C:\Program Files\TAP-Windows\driver
  • TAP-Windows Select Adapter V9
    all Windows versions:

Run the following in an administrator shell: | C:\Program Files\TAP-Windows\bin\tapinstall install C:\Program Files\TAP-Windows\driver\OemVista.inf tap0901 |.