Navigation

Jump to main content
University Computing Centre
Campus Network

The VPN Service of the University Computing Centre

VPN stands for Virtual Private Network und enables for a secure connection via insecure networks.

The VPN Service in Detail

Insecure networks - e.g. the Internet - in principle allow unauthorized tapping and falsification of communication relationships. To prevent this, VPNs use special protocols that encrypt the data. At Chemnitz University of Technology, the Transport Layer Security Protocol (TLS) and the IPsec standard (IP Security) are used for this purpose. In principle, a tunnel is established between your computer (at home or on the road) and the VPN server at Chemnitz University of Technology, through which any IP data is sent in encrypted form.

Illustration of an VPN tunnel

Whom is this service intended for?

  • Users, who want to access to the TU Chemnitz campus network securely way with their own computers via external internet providers
  • Users who want to access the campus network of Chemnitz University of Technology securely from a connection at another university or any other internet access (e.g. on business trips, congresses etc.)
  • Users who want to access the campus network of Chemnitz University of Technology securely from their computer via data outlets in public rooms of Chemnitz University of Technology.

When the connection is established, an authentication with your URZ user ID and password is performed. If a VPN tunnel is successfully established, the computer receives an IP address from the address range of Chemnitz University of Technology. This also allows access to services that require a sender address from the address range of the university.

Preconditions

  • a valid user login
  • a computer with a with functioning Internet/network connection or WLAN connection functioning in the WLAN radio network

A so-called VPN client must be installed on your computer. If no VPN client can/may be installed on your computer, a purely browser-based access to web-based services of Chemnitz University of Technology is possible via web browser (WebVPN).

The TLS-based Anyconnect client from Cisco is recommended. Campus licenses are available free of charge to all students and employees of the university.

Under Linux, the freely available IPsec-based VPN client VPNC or the freely available TLS-based VPN client Openconnect can be used.

Mac OS version 10.6 and higher has its own native IPsec-based VPN client on board. The included native IPsec-based VPN client can also be used on iOS devices (iPhone, iPad, iPod touch) and Android devices.

VPN via Client

Here you find instructions for setting up VPN on the different plattforms.


Windows 7 / Windows 8 / Windows 10

Cisco Anyconnect Secure Mobility Client (Windows)

Two installation versions for the Cisco Anyconnect Secure Mobility Client are offered.

Classical Installation using the donwloaded Installation Package

Administration rights are necessary for installation.

  1. Download the current version of the installation package (.msi)
  2. Start the downloaded .msi-file.
  3. Confirm the security warning „Execute“. security warning
  4. Confirm the welcome window with „Next“. welcome notification
  5. Accept the license conditions. Click "Next". License Agreement
  6. Start installation with "Install". installation request
  7. Installation is executed. installation process
  8. Close with "Finish" after successful installation. request for finishing
  9. As normal user, start the client from the start menu. mobile client
  10. Instructions for first configuration and usage can be found under Using Anyconnect

Installation using the Web Browser

For the installation, administration or root rights are necessary. Furthermore, Java or ActiveX have to be available on your computer.

  1. Enter the following address into your browser: https://vpngate.hrz.tu-chemnitz.de/
  2. Authenticate with your TUC user login and password ob the login page. Loginseite des VPN-Dienstes
  3. After successful authentication, the following page is shown: welcome screen after registration
  4. Choose AnyConnect on the left menu: menu entry Anyconnect
  5. Click Start AnyConnect
  6. An automatic system recognition, the of Cisco Anyconnect Secure Mobility Client on your system and a VPN connection are done by the VPN server. Anzeige Verbindungsaufbau
  7. Installation is finished. The future establishment and termination of VPN connections can be controlled directly via the interface of the Cisco Anyconnect Secure Mobility Client. If the automatic installation fails, you also have the possibility to do the classical installation. The download of the needed installation package is offered in your browser then. Hinweis manuelle Installation

Linux

Cisco Anyconnect Secure Mobility Client (Linux)

For installation you need to be root.

  1. Download the current installation package
  2. Unzip the archive.
    tar xvfz anyconnect-[release].tar.gz 
  3. Change into the directory vpn. Start the script vpn_install.sh.
     cd anyconnect-[release]/vpn 
    ./vpn_install.sh
  4. Copy the "Wurzelzertifikat T-Telesec Global Root Class 2" T-TeleSec_GlobalRoot_Class_2.pem into the ca-directory.
    cp T-TeleSec_GlobalRoot_Class_2.pem /opt/.cisco/certificates/ca
  5. Start the client on the command line:
    /opt/cisco/vpn/bin/vpnui
    or
    /opt/cisco/anyconnect/bin/vpnui
    or in your graphical user interface as a normal user: call menu for VPN client
  6. Notes for the first configuration and for usage you find under Using Anyconnect

Free TLS Client for Linux – Openconnect

For Linux, the free TLS client Openconnect is offered for connections to the Cisco VPN server.

In the current system versions of Suse, Fedora, or Debian Openconnect is offered as a standard package, but also the installation from the origin sources is possible.

With new Linux systems (e.g. Fedora from version 11), VPN access can be configured via Network Manager.

Network Manager

VPN client for Linux - VPNC

For Linux, a free IPsec Client is offered for the connection to the Cisco VPN server.

In the current system versions of Suse, Fedora, or Debian VPNC as a standard package is available, but also the installation from the origin sources is not complicated.

The necessary configuration file is named differently in the systems, but the file content is the same. For Fedora and Suse this is the file /etc/vpnc/default.conf. The information contained here must be included in your own configuration.

With new Linux Systems (e.g. Fedora from version 10) VPN-access can be configured via Network Manager. Choose „Cisco compatible VPN Client (vpnc)“ as connection type. (for group password see tuc-internet)

VPN-Networkmanager

When using VPNC the specifications ofFAQ point 11 have to be observed.


Mac OS

Cisco Anyconnect Secure Mobility Client (ab Mac OS 10.8)

  1. Download the current installation package onto your computer: anyconnect-macos-4.8.01090-predeploy-k9.dmg
  2. Start the installation by double-clicking the VPN icon.
  3. Follow the installation instructions.
  4. You'll find information and helpful notes under Using Anyconnect

Native VPN Client (ab Mac OS 10.6)

From Mac OS 10.6 IPsec with the necessary Cisco-Features will be natively supported. Therefore, no additional VPN client software has to be installed. Only a network connection with the necessary parameters must be established:

  1. From the „Apple Menu“ choose → „System Configurations“ → „Network“ and click on the + (on the bottom left) to create a new connection.
  2. In the settings, choose the connection „VPN“ und the type „Cisco IPSec“. Enter „TUC“ into the field for the service name and confirm with „Create“: gewählte Netzwerkeinstellungen
  3. Now, enter the following connection data and activate the checkbox „Show VPN state in the menu bar“.
    • Server address: vpngate.hrz.tu-chemnitz.de
    • Account name: Your URZ username
    • Password: the related password
    Serveradresse, Accountname und Kennwort eingetragen
  4. Click on authentification settings to enter the group name and key and confirm with „OK“
    • Group name/IPsec ID: tuc-internet
    • You find the key (shared secret) on our website ( open with text editor if you use Safari).
    Schlüssel und Gruppenname eingetragen
  5. Configuration is finished with that and the new connection can be used. After starting the connection, you will be asked for your authentification: Asking for user name and password
Thanks to Max Bernstein for sending the graphics.

iPhone/iPad

Cisco Anyconnect Secure Mobility Client

In iTunes Store, a version of Anyconnect for iPhone/iPad from iOS Version 6.0 is available. Search there for Cisco AnyConnect and install this program. Start the program and choose Add a new VPN connection. Use vpngate.hrz.tu-chemnitz.de as server address.

Native VPN Client

With iOS it is possible, to create a VPN connection to the campus network without installation of additional software. For this, the iOS-integrated IPsec client is used. Configure a new VPN connection:

  • Type: IPsec
  • Server address: vpngate.hrz.tu-chemnitz.de
  • Group name/IPsec ID: tuc-internet
  • Group password: from our website

Android

Cisco Anyconnect Secure Mobility Client

In the Google PlayStore a free version of Anyconnect for Android from Version 4.x is available. Search there for Cisco AnyConnect ICS+ and install the program. Start the program and choose Add a new VPN connection. Configure:

  • Description: TUC (optional)
  • Server address: vpngate.hrz.tu-chemnitz.de
  • Done Now, choose the configured VPN connection and start it. After username and password were entered the VPN connection will be enabled.

    Nativer VPN Client

    With Android from Version 4.0it is possible, to create a VPN connection to the campus network without an installation of additional software. For this the integrated IPSec client is used. Configure a new VPN connection:

    • Type: IPsec Xauth PSK
    • Server address: vpngate3.hrz.tu-chemnitz.de
    • Group name/IPsec-ID: tuc-internet
    • Group password: from our website
    See also intsallation guide in our blog.

    Use instructions for Cisco Anyconnect Secure Mobility Client

    Using the example of the Cisco Anyconnect Secure Mobility Client under Windows the initial configuration and using instructions are explained. These also apply to the clienty of other operating systems.

    1. At the initial start of the client, enter the address vpngate.hrz.tu-chemnitz.de in the anyconnect start window and click on “Connect”. a1.png
    2. Enter your user name into the field „Username:“. The related password has to be entered into the field „Password:“. Start the connection by clicking on „OK“. a2.png
    3. After the successful connection setup the Cisco AnyConnect window will be minimised and hides behind the Anyconnect symbol in the task bar. a5.png
    4. You will gain access to statistical and connection based information by clicking on „Advanced …” in the Anyconnect start window. Annyconnect start window extended start window
    5. The connection will be closed by „Disconnect“ in the Anyconnect start window. Disconnect-Button

WebVPN

WebVPN ist eine reine browserbasierte Lösung für den gesicherten Zugang zum Campusnetz der TU Chemnitz. Einige webbasierte Angebote an der TU Chemnitz, z. B. Bibliotheksrecherchen, sind nur für Rechner freigegeben, die sich im IP-Adressbereich der TU Chemnitz befinden. Mit Hilfe von WebVPN können diese Angebote auch ohne Installation eines VPN-Clients außerhalb der TU Chemnitz abgerufen werden. WebVPN bietet eine verschlüsselte und authentisierte Verbindung über SSL/TLS.

Voraussetzung für die Nutzung: Cookies und JavaScript müssen im Web-Browser zugelassen sein.

Vorgehensweise:

  1. Geben Sie in Ihrem Web-Browser folgende Adresse ein: https://vpngate.hrz.tu-chemnitz.de/
  2. Authentisieren Sie sich auf der Loginseite mit Ihrem URZ-Nutzerkennzeichen und Passwort: moz1.jpg
  3. Nach erfolgreicher Authentisierung wird folgende Seite angezeigt: wv1tiny.jpg
  4. Nach Eingabe eines URLs direkt im Feld Address wird die eingegebene Webseite über WebVPN geöffnet.
  5. Unter Web Applications erhalten Sie eine Liste von vordefinierten Bookmarks: wv2tiny.jpg
  6. Unter Any Connect steht der VPN-Client Cisco AnyConnect zur Verfügung (wird für WebVPN nicht benötigt).
  7. Die Steuerung der WebVPN-Sitzung erfolgt über eine zusätzliche Menüleiste, die nach Aufruf von URL oder Bookmark in der oberen rechten Seite des Browserfensters erscheint: webvpnmenue.jpg

Sicherheitshinweis: Bei der Benutzung von WebVPN wird keine Ende-zu-Ende-Sicherheit gewährleistet. D. h., bei Aufruf von TLS-geschützten Webseiten werden die entsprechenden Zertifikate automatisch vom WebVPN-Gateway akzeptiert!