Virtual Private Network (VPN) - Quickstart

Index

1. Installing and using a VPN-client

2. Connection-profiles

3. Troubleshooting

4. FAQ

Installing and using a VPN-client

Note: We only support Windows XP/7/8 systems. If you use another operating system you may ask for help but you shouldn't expect an answer. Anyway here are some hints.

Requirements

• Internet access
• Administrator privileges
• TF-Account

Installation steps

1. Download the OpenVPN-Windows-Installer

2. Install the OpenVPN-Client with Administrator privileges

3. Download configuration files to config-folder (%ProgramFiles%\OpenVPN\config)

4. Execute OpenVPN-GUI with Administrator privileges

5. Choose appropriate connection-profile and connect (see Connection-profiles)

6. Authenticate using your TF-Account

Do you need detailed step-by-step instructions?

Using the VPN-connection

When a VPN-connection is established your computer acts as if it was inside the faculty. You can e.g. access your personal data (known as "your U:") by typing \\YOUR-WORKGROUP-SERVER.tf.uni-kiel.de\YOUR-ACCOUNT-NAME into the address bar of Windows Explorer.

Example: A student with the username abcd gives in \\stuserver.tf.uni-kiel.de\abcd.

When asked for username and password enter TF\username and the TF-password.

back to index

Some hints for unsupported operating systems

This is a list of hints provided by us or affected users that may help you to install and use a VPN-Client on your preferred operating system that we don't support. We can't give you any help in cases of errors. Use these instructions on your own response.

You need the configuration files by any means and you don't need a client certificate. Your TF-Account is used to authenticate.

• Instructions for FreeBSD
• Instructions for Mac OS X
• Instructions for Ubuntu distributions, Debian derivates, openSUSE

back to index

Connection-profiles

We offer two connection-profiles through two different configuration-files. We suggest that you download both and choose the right one when needed.

TF-normal

General view: The first is called TF-normal and should be used to connect to shares of your workgroup-server (e.g. your profile, specific workgroup-shares) as well as to connect to campus websites that usually could be reached only from within the faculty (e.g. publications research in university library).

Technical view: Using this profile every access to university-IPs (134.245.0.0) is transfered through the VPN-tunnel. DNS requests are answered by the faculty's DNS-Servers.

TF-roadwarrior

General view: The second connection-profile is called TF-roadwarrior and should be used by thoses members of the faculty that are travelling and that need to connect to the internet through unknown/untrusted accesspoints (e.g. in hotels, airports, foreign universities). In addition it can be used to connect to non-campus websites that only could be reached from within the faculty (e.g. publications research on third-party supplier's sites).

Technical view: Using this profile every access to IPs not being member of your LAN is transfered through the VPN-tunnel. DNS requests are answered by the faculty's DNS-Servers.

Download config-files

back to index

Troubleshooting

In cases of troubles please check that you followed the installation-instructions thoroughly. Check the FAQ-Section for useful hints. If you did both and the problem still exists, send a mail to admin (at) tf.uni-kiel.de and attach the following informations:

• Description of what you tried to do that went wrong (e.g. surfing a certain site, accessing a specific share)

• The log-file of the connection that failed (normally C:\Program Files (x86)\OpenVPN\log\TF-normal.log on Windows 7 and Windows 8 and C:\Programs\OpenVPN\log\TF-normal.log on Windows XP). These logs are also availbale through the Client-icon in the lower right corner.

  

• The normal routing table when the VPN-connection is not established (in Windows: Start > Run > cmd > route print)

  

• The routing table when the VPN-connection is established (in Windows: Start > Run > cmd > route print)

• Output of this site when the VPN-connection is not established

• Output of this site when the VPN-connection is established

We will analyse your problem as soon as possible and inform you about the results.

back to index

FAQ

• How can I access the VPN with my iPhone, iPad, iMac, MacBook, Android, Debian, Ubuntu, openSUSE, Linux Mint ...?

  We don't support any other operating system but Windows XP/7/8. Use these hints or search the internet for instructions. If you found a workable instruction, tell us about it.

• I want to use the VPN but I can't connect to it. Can you help me?

  This might have several reasons.

  • Maybe you don't have internet connection at all.
  • Or you don't have a TF-Account. Create one.
  • Did your TF-Account get locked? You'll need to come to our offices and prove your rights to use a TF-Account (students identification card, passport). We will unlock your account.
  • Maybe you forgot your password. You'll need to come to our offices and prove your rights to use a TF-Account (students identification card, passport). We will assign a new password.
  • Maybe your password contains non-ASCII characters. You'll need to change it.
  • Or you are inside the faculty (see next FAQ).
  • Do you really have another problem: Try this.

• I'm inside the faculty and VPN doesn't work. What's wrong?

  The VPN-service is meant to be used from outside the faculty to reach services inside the faculty. If you are already inside the faculty, using this service is useless and made impossible. Anyway if you are connected to the TF-WLAN you are able to connect to the VPN-service.

• OK. I'm connected to the VPN, but I can't connect to the workgroup server. Did I do something wrong?

  • As your computer in most cases is not a member of the Windows-TF-domain, you have to enter the full-qualified hostname of your workgroup-server (e.g. if the server you wanted to access is stuserver then you have to enter \\stuserver.tf.uni-kiel.de in Windows Explorer).
  • Or you use the VPN-profile of the University Computing Center. With this profile you will not be able to connect to your workgroup-server.

• After some login attempts I can't login anymore. Why is this?

  Obviously you forgot your password. The VPN-Server locks your computer if you try to login with the wrong password too often. After a while the server will unlock your computer and you can login again.

• After some time I have to re-enter my TF-username and password. Is my computer configured badly?

  No, not at all! For security-reasons your credentials aren't cached in your computer's memory. If your computer losts the connection to the OpenVPN-server it tries to reconnect and you have to enter your credentials again. When the encryption of your VPN-session gets updated you also have to re-enter your credentials. Under normal cirumstances this mostly happens once an hour.
  Update: As from 21. August 2012 the connection-profiles contain an option that disables renegotiation on client side. Renegotion is now controlled by the server and should only take place each 12 hours. If you are still using old connection-profiles from before 21. August 2012 and if you want to benefit from the new settings you'll have to replace the old ovpn-files with the new ones.

• Normally VPN works fine. But I'm sitting in a hotel/airport/... right now and I'm not able to establish a VPN-connection. Can you help me?

  We can't help you at the moment. It might be that the provider of your internet-connection blocks VPN-traffic. Please ask them whether or not the suspicion is right and if they can grant you VPN-traffic. If they are blocking VPN-traffic please inform us for statistically purposes.

• I'm unable to connect to a certain website for publications research. Can you help me?

  Please try the following steps:

  1. Double-check if you can connect to the affected site from our Terminal-Servers superman or spiderman (instructions). If it works do the next step. Otherwise it might be a problem outside our reference.
  2. Try if it works with the second provided connection profile (TF-normal or TF-roadwarrior). If it doesn't work go to the next step.
  3. Restart your browser after you connected to the VPN. Try again to connect to the research site. Do this procedure with both connection-profiles. If this doesn't work take the next step.
  4. Remove your browser's cookies for the site your want to connect to. Try again. If it doesn't work redo this step and previous step. If this doesn't work take the last step.
  5. Do the generic Troubleshooting procedure.

• I'm unable to establish a VPN connetion after I upgraded my system. Can you help me?

  Please try the following steps:

  1. Check if your VPN adapter (TAP-Windows Apapter V9) still exists as a network connection. It might be deleted during the upgrade procesdure.
  2. If the network adapter is present, please deactivate and reactivate it.
  3. If the network adapter is not present, execute the batch-file C:\Program Files (x86)\OpenVPN\bin\addtap.bat on Windows 7 and 8 and C:\Programs\OpenVPN\bin\addtap.bat on Windows XP to add an adapter to your system. The question wether to install a driver from unknown source you have to answer with "yes". If it doesn't work or the batch-file doesn't exist go to the next step.
  4. Reinstall OpenVPN and select the option "TAP Virtual Ethernet Adapter" to install/upgrade the necessary network adapter. If this doesn't work take the last step.
  5. Do the generic Troubleshooting procedure.

back to index