VPN on macOS

IMT HilfeWiki - das Wiki
Die deutsche Version finden Sie auf der Seite VPN unter macOS

VPN (Virtual Private Network) is required if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN guarantees secure access to the University network through other networks (dial-in via other providers, external company or university networks).

What needs to be done? - Quick guide[Bearbeiten | Quelltext bearbeiten]

  1. Install Tunnelblick in the most recent stable version. https://tunnelblick.net/downloads.html Tunnelblick] (Version 3.8.0 is used in this manual).
  2. Create your personal network certificate in the service portal.
  3. Download the configuration file
    Click on Download in the drop-down menu above!
  4. Create a new folder on your desktop with the name you want your connection to have, e.g. "VPN Uni".
  5. Put your personal network certificate and the configuration file in the folder you just created.
  6. Delete the serial number in the filename from your network certificate, so that Network_Certificate_<username>_******.p12 becomes Network_Certificate.p12
  7. Add the file extension .tblk to this folder by renaming it to VPN Uni.tblk.
  8. Double click the file just created to install the connection.
  9. You will be asked to enter your Mac password to allow the configuration.
  10. Now click on the Tunnelblick icon at the top of the menu bar and select your connection, which is now named the same as your folder. Enter the import password, which you can find in the service portal under Network Preferences. Select the option to save the password in your keychain.
  11. Wait until the font turns green. You are now connected.

Step-by-step instructions: Preparation[Bearbeiten | Quelltext bearbeiten]

Install Tunnelblick[Bearbeiten | Quelltext bearbeiten]

Tunnelblick Download.png

  • Install Tunnelblick in the most recent stable version.
  • Click on the link provided and then on the version marked "Stable".
  • Then open your downloads and double click on the Tunnelblick download. Tunnelblick will now install itself automatically.

Create network certificate[Bearbeiten | Quelltext bearbeiten]

VPN Serviceportal.png

  1. Create your personal network certificate in the Serviceportal.
    • You can also use existing certificates for the VPN connection, if they are still valid.
  2. Log in to the service portal to access the certificate. Open "User management" in the upper drop down menu, then click on Network settings.
  3. Create a new certificate!

VPN unter macOS - 02.png

  • With a click on "Create new certificate" you create a new network certificate
  • Click on Download network certificate and save the certificate on your computer!
  • You will also find the associated password on the newly appearing window under Import Password. It can also be viewed any time by clicking "Edit > Certificate information".
  • For network certificate see below

VPN unter macOS - 03.png
VPN unter macOS - 04.png

Set up Tunnelblick[Bearbeiten | Quelltext bearbeiten]

Download the configuration file, select the VPN you want to connect to and click on Download. Usually "Uni-VPN (standard)" should work, but if you have problems with the connection, try "Uni-VPN-TCP".

VPN Ordner.png

  • Create a new folder and name it "vpn-upb".
  • Now place the personal network certificate and the configuration file in the created folder.
  • Rename your personal network certificate, for example Network_Certificate_<username>_******.p12 becomes Network_Certificate.p12

VPN Suffix.png

  • Rename the folder and add the file extension .tblk
  • e.g. "vpn-upb"' becomes "vpn-upb.tblk"

Add file extension

  • You must accept the changes.
  • Click on Add".

VPN tblk.png

  • Double-click the file just created from the folder to install the connection.

Install configuration

  • You get asked, for which user the configuration should be installed.
  • Choose "Just for this user".

VPN Konfiguration.png

  • You will be asked to enter your Mac password to install the configuration.

VPN verbinden.png

  • Now click on the Tunnelblick icon at the top of the menu bar and select Your connection, which now has the same name as your folder, for example "VPN Uni".

VPN Passwort.png

  • In the next step you will be asked to enter a password. Enter the Import password already mentioned above, which belongs to the certificate.
  • In addition you should definitely select the option "Save in keychain" to save the password (otherwise you will have to enter the import password again and again).

VPN verbunden.png

  • Wait until the font turns green and you are connected.
  • You can quickly connect and disconnect using the tunnelblick icon.

OpenSSL problem[Bearbeiten | Quelltext bearbeiten]

As of version 4.0.0, Tunnelblick can no longer unpack the network certificates of Paderborn University. You can work around this temporarily by downgrading OpenSSL to v1.
Proceed as follows if you receive the following error when connecting with Tunnelblick:
Authentication failed - The passphrase was not accepted


  • Click on "Discard".


  • Click on the "Tunnelblick-Icon" in the menu bar.
  • Click on "VPN-Details".


  1. Click on "Configuration".
  2. Choose your VPN connection on the left.
  3. Go to the tab "Settings".
  4. Chosse the following settings:
    • OpenVPN Version: 2.6.9 - OpenSSL v1.1.1w

Click on "Connect". Tunnelblick should now establish a connection.

This setting must be reversed at a later date. We will inform you about this here.

Change Config[Bearbeiten | Quelltext bearbeiten]

If you have been using VPN access for some time, it may be necessary at some point to update the configuration file to the latest version. In the following we explain how this works.

  • Download the new config file.

Config file

  • Select the new config file.
  • Open the context menu via right click.

Open with...

  • Choose "Open with". (1)
  • Click on "Other...". (2)

Choose program

  • Choose "TextEdit" from the app list. (1)
  • Click on "Open". (2)

Copy config file

  • Copy the contents of the file to the clipboard.
  • You can use the following shortcuts:
    • cmd + A (Mark all)
    • cmd + C (Copy)


  • Click on the Tunnelblick-Icon in the menu bar at the top. (1)
  • Click on "VPN-Details". (2)


  • Choose "Configurations". (1)
  • Select the configuration, that you want to update. (2)
  • Click on the circle with the three dots at the bottom of the window.
  • Scroll down in the upcomming window.
  • Click on "Change OpenVPN-Config-File..." (3)

Replace and save content

  • The config file opens.
  • You can recognize your config file by checking "date" and "version". (1)
  • Delete the content from the file and insert the content from the clipboard.
  • You can use the following shortcuts
    • cmd + A (Mark all)
    • Delete
    • cmd + V (Insert)
  • You can tell that the file has been modified by the "edited" indicator (2)
  • Close the application by clicking on the red X. (3)

Congratulations. You changed your config file successfully.

Known issues[Bearbeiten | Quelltext bearbeiten]

It's possible that while downolading the .ovpn conifiguration file is changed to a .txt file. If this is the case:

  • Select the configuration file.
  • Click cmd + i.
  • Check the ending in the section Suffix.
  • If necessary delete the .txt part.
  • The name should end as .opvn

Bei Fragen oder Problemen wenden Sie sich bitte telefonisch oder per E-Mail an uns:

Tel. IT: +49 (5251) 60-5544 Tel. Medien: +49 (5251) 60-2821 E-Mail: imt@uni-paderborn.de

Das Notebook-Café ist die Benutzerberatung des ZIM - Sie finden uns in Raum I0.401

Wir sind zu folgenden Zeiten erreichbar:

Mo Di-Do Fr
Vor-Ort-Support 08:30-16 Uhr 08:30-14 Uhr
Telefonsupport 08:30-16 Uhr 08:30-14 Uhr

Das ZIM:Servicecenter Medien auf H1 hat aktuell von Montag bis Donnerstag von 08:00-16:00 Uhr und Freitags von 08:00 bis 14:30 Uhr geöffnet.

Cookies helfen uns bei der Bereitstellung des IMT HilfeWikis. Bei der Nutzung vom IMT HilfeWiki werden die in der Datenschutzerklärung beschriebenen Cookies gespeichert.