University Computing Centre
Campus Network

The VPN Service of the University Computing Centre

VPN stands for Virtual Private Network und enables for a secure connection via insecure networks.

The VPN Service in Detail

Insecure networks - e.g. the Internet - in principle allow unauthorized tapping and falsification of communication relationships. To prevent this, VPNs use special protocols that encrypt the data. At Chemnitz University of Technology, the Transport Layer Security Protocol (TLS) and the IPsec standard (IP Security) are used for this purpose. In principle, a tunnel is established between your computer (at home or on the road) and the VPN server at Chemnitz University of Technology, through which any IP data is sent in encrypted form.

Illustration of an VPN tunnel

Whom is this service intended for?

  • Users, who want to access to the TU Chemnitz campus network securely way with their own computers via external internet providers
  • Users who want to access the campus network of Chemnitz University of Technology securely from a connection at another university or any other internet access (e.g. on business trips, congresses etc.)
  • Users who want to access the campus network of Chemnitz University of Technology securely from their computer via data outlets in public rooms of Chemnitz University of Technology.

When the connection is established, an authentication with your URZ user ID and password is performed. If a VPN tunnel is successfully established, the computer receives an IP address from the address range of Chemnitz University of Technology. This also allows access to services that require a sender address from the address range of the university.

Preconditions

  • a valid user login
  • a computer with a with functioning Internet/network connection or WLAN connection functioning in the WLAN radio network

A so-called VPN client must be installed on your computer. If no VPN client can/may be installed on your computer, a purely browser-based access to web-based services of Chemnitz University of Technology is possible via web browser (WebVPN).

The TLS-based Anyconnect client from Cisco is recommended. Campus licenses are available free of charge to all students and employees of the university.

VPN via Client

Here you find instructions for setting up VPN on the different plattforms.

Windows 10

Cisco Anyconnect Secure Mobility Client (Windows)

Two installation versions for the Cisco Anyconnect Secure Mobility Client are offered.

Classical Installation using the donwloaded Installation Package

Administration rights are necessary for installation.

  1. Download the current version of the installation package (.msi)
  2. Start the downloaded .msi-file.
  3. Confirm the security warning „Execute“. security warning
  4. Confirm the welcome window with „Next“. welcome notification
  5. Accept the license conditions. Click "Next". License Agreement
  6. Start installation with "Install". installation request
  7. Installation is executed. installation process
  8. Close with "Finish" after successful installation. request for finishing
  9. As normal user, start the client from the start menu. mobile client
  10. Instructions for first configuration and usage can be found under Using Anyconnect

Installation using the Web Browser

For the installation, administration or root rights are necessary. Furthermore, Java or ActiveX have to be available on your computer.

  1. Enter the following address into your browser: https://vpngate.hrz.tu-chemnitz.de/
  2. Authenticate with your TUC user login and password ob the login page. Loginseite des VPN-Dienstes
  3. After successful authentication, the following page is shown: welcome screen after registration
  4. Choose AnyConnect on the left menu: menu entry Anyconnect
  5. Click Start AnyConnect
  6. An automatic system recognition, the of Cisco Anyconnect Secure Mobility Client on your system and a VPN connection are done by the VPN server. Anzeige Verbindungsaufbau
  7. Installation is finished. The future establishment and termination of VPN connections can be controlled directly via the interface of the Cisco Anyconnect Secure Mobility Client. If the automatic installation fails, you also have the possibility to do the classical installation. The download of the needed installation package is offered in your browser then. Hinweis manuelle Installation

Linux

Cisco Anyconnect Secure Mobility Client (Linux)

For installation you need to be root.

  1. Download the current installation package
  2. Unzip the archive. 
    tar xvfz anyconnect-[release].tar.gz
  3. Change into the directory vpn. Start the script vpn_install.sh. 
     cd anyconnect-[release]/vpn 
     ./vpn_install.sh
  4. Copy the "Root Certificate " ISRG Root X1“ into the ca-directory. 
    cp isrgrootx1.pem /opt/.cisco/certificates/ca
  5. Start the client on the command line: 
    /opt/cisco/vpn/bin/vpnui
    or 
    /opt/cisco/anyconnect/bin/vpnui
    or in your graphical user interface as a normal user: call menu for VPN client
  6. Notes for the first configuration and for usage you find under Using Anyconnect

Free TLS Client for Linux – Openconnect

For Linux, the free TLS client Openconnect is offered for connections to the Cisco VPN server.

In the current system versions of Suse, Fedora, or Debian Openconnect is offered as a standard package, but also the installation from the origin sources is possible.

With new Linux systems (e.g. Fedora from version 11), VPN access can be configured via Network Manager.

Network Manager

Mac OS

Cisco Anyconnect Secure Mobility Client (ab Mac OS 10.14)

  1. Download the current installation package onto your computer: anyconnect-macos-4.10.05095-predeploy-k9.dmg
  2. Start the installation by double-clicking the VPN icon.
  3. Follow the installation instructions.
  4. You'll find information and helpful notes under Using Anyconnect

iPhone/iPad

Cisco Anyconnect Secure Mobility Client

In iTunes Store, a version of Anyconnect for iPhone/iPad from iOS Version 6.0 is available. Search there for Cisco AnyConnect and install this program. Start the program and choose Add a new VPN connection. Use vpngate.hrz.tu-chemnitz.de as server address.

Android

Cisco Anyconnect Secure Mobility Client

In the Google PlayStore a free version of Anyconnect for Android from Version 4.x is available. Search there for Cisco AnyConnect ICS+ and install the program. Start the program and choose Add a new VPN connection. Configure:

  • Description: TUC (optional)
  • Server address: vpngate.hrz.tu-chemnitz.de
  • Done
Now, choose the configured VPN connection and start it. After username and password were entered the VPN connection will be enabled.

Use instructions for Cisco Anyconnect Secure Mobility Client

Using the example of the Cisco Anyconnect Secure Mobility Client under Windows the initial configuration and using instructions are explained. These also apply to the clienty of other operating systems.

  1. At the initial start of the client, enter the address vpngate.hrz.tu-chemnitz.de in the anyconnect start window and click on “Connect”. a1.png
  2. Enter your user name into the field „Username:“. The related password has to be entered into the field „Password:“. Start the connection by clicking on „OK“. a2.png
  3. After the successful connection setup the Cisco AnyConnect window will be minimised and hides behind the Anyconnect symbol in the task bar. a5.png
  4. You will gain access to statistical and connection based information by clicking on „Advanced …” in the Anyconnect start window. Annyconnect start window extended start window
  5. The connection will be closed by „Disconnect“ in the Anyconnect start window. Disconnect-Button

WebVPN

WebVPN is a browser-based solution for secure access to the campus network of the TU Chemnitz. Some web-based services at the TU Chemnitz, e.g. library research, are only accessible for computers, which are located in the IP address range of the TU Chemnitz. With the help of WebVPN, these offers can also be used without installation of a VPN client outside the TU Chemnitz. WebVPN offers an encrypted and authenticated connection via SSL/TLS.

Precondition for use: Cookies and JavaScript have to be allowed in the browser.

Procedure:

  1. Enter the following address in your browser: https://vpngate.hrz.tu-chemnitz.de/
  2. Authenticate on the login page using your username and password: moz1.jpg
  3. After a successful authentication the following page is presented: wv1tiny.jpg
  4. After entering an URL directly into the field address the given website will be opened via WebVPN.
  5. Under web spplications you get a list of predefined bookmarks: wv2tiny.jpg
  6. Under Any Connect the VPN Client Cisco AnyConnect is offered (which is not necessary for WebVPN).
  7. The control of a WebVPN session is done by an additional menu bar, which appears in the upper right corner of the brwoser window after calling the URL or bookmark: webvpnmenue.jpg

Security note: When Using WebVPN no end-to-end-security is guaranteed. That means, when calling TLS-secured websites the corresponding certificates are accepted by the WebVPN gateways automatically!