The VPN Service of the University Computing Centre
VPN stands for Virtual Private Network und enables for a secure connection via insecure networks.
The VPN Service in Detail
Insecure networks - e.g. the Internet - in principle allow unauthorized tapping and falsification of communication relationships. To prevent this, VPNs use special protocols that encrypt the data. At Chemnitz University of Technology, the Transport Layer Security Protocol (TLS) and the IPsec standard (IP Security) are used for this purpose. In principle, a tunnel is established between your computer (at home or on the road) and the VPN server at Chemnitz University of Technology, through which any IP data is sent in encrypted form.
Whom is this service intended for?
- Users, who want to access to the TU Chemnitz campus network securely way with their own computers via external internet providers
- Users who want to access the campus network of Chemnitz University of Technology securely from a connection at another university or any other internet access (e.g. on business trips, congresses etc.)
- Users who want to access the campus network of Chemnitz University of Technology securely from their computer via data outlets in public rooms of Chemnitz University of Technology.
When the connection is established, an authentication with your URZ user ID and password is performed. If a VPN tunnel is successfully established, the computer receives an IP address from the address range of Chemnitz University of Technology. This also allows access to services that require a sender address from the address range of the university.
Preconditions
- a valid user login
- a computer with a with functioning Internet/network connection or WLAN connection functioning in the WLAN radio network
A so-called VPN client must be installed on your computer. If no VPN client can/may be installed on your computer, a purely browser-based access to web-based services of Chemnitz University of Technology is possible via web browser (WebVPN).
The TLS-based Anyconnect client from Cisco is recommended. Campus licenses are available free of charge to all students and employees of the university.
VPN via Client
Here you find instructions for setting up VPN on the different plattforms.
- Windows 10
- Linux
- Mac OS
- iPhone/iPad
- Android
- Usage Instructions Cisco Anyconnect Secure Mobility Client
Windows 10
Cisco Anyconnect Secure Mobility Client (Windows)
Two installation versions for the Cisco Anyconnect Secure Mobility Client are offered.
Classical Installation using the donwloaded Installation Package
Administration rights are necessary for installation.
- Download the current version of the installation package (.msi)
- Start the downloaded .msi-file.
- Confirm the security warning „Execute“.
- Confirm the welcome window with „Next“.
- Accept the license conditions. Click "Next".
- Start installation with "Install".
- Installation is executed.
- Close with "Finish" after successful installation.
- As normal user, start the client from the start menu.
- Instructions for first configuration and usage can be found under Using Anyconnect
Installation using the Web Browser
For the installation, administration or root rights are necessary. Furthermore, Java or ActiveX have to be available on your computer.
- Enter the following address into your browser: https://vpngate.hrz.tu-chemnitz.de/
- Authenticate with your TUC user login and password ob the login page.
- After successful authentication, the following page is shown:
- Choose AnyConnect on the left menu:
- Click Start AnyConnect
- An automatic system recognition, the of Cisco Anyconnect Secure Mobility Client on your system and a VPN connection are done by the VPN server.
- Installation is finished. The future establishment and termination of VPN connections can be controlled directly via the interface of the Cisco Anyconnect Secure Mobility Client.
If the automatic installation fails, you also have the possibility to do the classical installation. The download of the needed installation package is offered
in your browser then.
Linux
Cisco Anyconnect Secure Mobility Client (Linux)
For installation you need to be root.
- Download the current installation package
- Unzip the archive.
tar xvfz anyconnect-[release].tar.gz
- Change into the directory vpn. Start the script vpn_install.sh.
cd anyconnect-[release]/vpn
./vpn_install.sh
- Copy the "Root Certificate " ISRG Root X1“ into the ca-directory.
cp isrgrootx1.pem /opt/.cisco/certificates/ca
- Start the client on the command line:
or/opt/cisco/vpn/bin/vpnui
or in your graphical user interface as a normal user:/opt/cisco/anyconnect/bin/vpnui
- Notes for the first configuration and for usage you find under Using Anyconnect
Free TLS Client for Linux – Openconnect
For Linux, the free TLS client Openconnect is offered for connections to the Cisco VPN server.
In the current system versions of Suse, Fedora, or Debian Openconnect is offered as a standard package, but also the installation from the origin sources is possible.
With new Linux systems (e.g. Fedora from version 11), VPN access can be configured via Network Manager.
Mac OS
Cisco Anyconnect Secure Mobility Client (ab Mac OS 10.14)
- Download the current installation package onto your computer: anyconnect-macos-4.10.05095-predeploy-k9.dmg
- Start the installation by double-clicking the VPN icon.
- Follow the installation instructions.
- You'll find information and helpful notes under Using Anyconnect
iPhone/iPad
Cisco Anyconnect Secure Mobility Client
In iTunes Store, a version of Anyconnect for iPhone/iPad from iOS Version 6.0 is available. Search there for Cisco AnyConnect and install this program. Start the program and choose Add a new VPN connection. Use vpngate.hrz.tu-chemnitz.de as server address.
Android
Cisco Anyconnect Secure Mobility Client
In the Google PlayStore a free version of Anyconnect for Android from Version 4.x is available. Search there for Cisco AnyConnect ICS+ and install the program. Start the program and choose Add a new VPN connection. Configure:
- Description: TUC (optional)
- Server address: vpngate.hrz.tu-chemnitz.de
- Done
Use instructions for Cisco Anyconnect Secure Mobility Client
Using the example of the Cisco Anyconnect Secure Mobility Client under Windows the initial configuration and using instructions are explained. These also apply to the clienty of other operating systems.
- At the initial start of the client, enter the address vpngate.hrz.tu-chemnitz.de
in the anyconnect start window and click on “Connect”.
- Enter your user name into the field „Username:“. The related password has to be entered into the field „Password:“.
Start the connection by clicking on „OK“.
- After the successful connection setup the Cisco AnyConnect window will be minimised and hides behind the Anyconnect symbol in the task bar.
- You will gain access to statistical and connection based information by clicking on „Advanced …” in the Anyconnect start window.
- The connection will be closed by „Disconnect“ in the Anyconnect start window.
WebVPN
WebVPN is a browser-based solution for secure access to the campus network of the TU Chemnitz. Some web-based services at the TU Chemnitz, e.g. library research, are only accessible for computers, which are located in the IP address range of the TU Chemnitz. With the help of WebVPN, these offers can also be used without installation of a VPN client outside the TU Chemnitz. WebVPN offers an encrypted and authenticated connection via SSL/TLS.
Precondition for use: Cookies and JavaScript have to be allowed in the browser.
Procedure:
- Enter the following address in your browser: https://vpngate.hrz.tu-chemnitz.de/
- Authenticate on the login page using your username and password:
- After a successful authentication the following page is presented:
- After entering an URL directly into the field address the given website will be opened via WebVPN.
- Under web spplications you get a list of predefined bookmarks:
- Under Any Connect the VPN Client Cisco AnyConnect is offered (which is not necessary for WebVPN).
- The control of a WebVPN session is done by an additional menu bar, which appears in the upper right corner of the brwoser
window after calling the URL or bookmark:
Security note: When Using WebVPN no end-to-end-security is guaranteed. That means, when calling TLS-secured websites the corresponding certificates are accepted by the WebVPN gateways automatically!