VPN unter Windows/en: Unterschied zwischen den Versionen

ZIM HilfeWiki - das Wiki
K (Beyonder verschob die Seite VPN on Windows nach VPN on Windows)
 
(14 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
 
{{translated page
 
{{translated page
|origin=VPN unter Windows 10
+
|origin=VPN unter Windows
 
|lang=en
 
|lang=en
|translated title=VPN on Windows 10
+
|translated title=VPN on Windows
 
}}
 
}}
 
VPN (Virtual Private Network) is needed if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN guarantees secure access to the University network through other networks (dial-in via other providers, external company or university networks).
 
VPN (Virtual Private Network) is needed if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN guarantees secure access to the University network through other networks (dial-in via other providers, external company or university networks).
 
<br clear=all>
 
<br clear=all>
  
==== You need VPN, if you ====
+
==== You need VPN if you ====
 
* want to access licensed databases of the University Library,
 
* want to access licensed databases of the University Library,
 
* want to access a [[Netzlaufwerk_einbinden_(Windows_10)|Network drive/ group storage]]
 
* want to access a [[Netzlaufwerk_einbinden_(Windows_10)|Network drive/ group storage]]
Zeile 16: Zeile 16:
 
<br clear=all>
 
<br clear=all>
  
==== You do not need VPN, if you ====
+
==== You do <span style="color:red">not</span> need VPN if you ====
 
* want to read your e-mails on webmail,
 
* want to read your e-mails on webmail,
* want to send e-mails via the IMT mail server (see [[Mail]]).
+
* want to send e-mails via the ZIM mail server (see [[Mail]]).
<br clear=all>
+
* want to use BigBlueButton or other services for conferences.
 +
==Simultaneous connections==
 +
<bootstrap_alert color=info>
 +
<span style='font-size:30px;'>&#128712;</span>
 +
<br>
 +
Do you want to connect your laptop and your mobile phone to the VPN in addition to your PC? You can set up VPN connections on multiple devices. However, each person can only establish one connection per VPN at the same time.
 +
</bootstrap_alert>
 +
 
 +
<bootstrap_accordion>
 +
<bootstrap_panel heading="What does that mean?" color="info">
 +
'''Uni-VPN'''
 +
* If you use the Uni-VPN, you can only establish one connection at a time.
 +
* You cannot establish a connection to the Uni-VPN on another device at the same time.
 +
* You must disconnect the existing connection first.
 +
 
 +
'''Group VPN'''
 +
* If you use a group VPN, you cannot establish a second VPN connection to this group VPN on another device at the same time.
 +
* You must disconnect the existing connection first.
 +
* However, you can establish a parallel connection to the Uni VPN or another group VPN on another device.
 +
</bootstrap_panel>
 +
</bootstrap_accordion>
  
 
== What needs to be done? ==
 
== What needs to be done? ==
* To use OpenVPN, you must first install a [[Netzwerkzertifikate|personal network certificate]]. If you use Wi-Fi "[[Eduroam einrichten|eduroam]]", the certificate is already installed on your computer.
+
* Install personal network certificate
 
* Install [https://openvpn.net/community-downloads/ OpenVPN].
 
* Install [https://openvpn.net/community-downloads/ OpenVPN].
* Download the configuration file:
+
* Start OpenVPN
<center><iframe key="infoboard" width="600" height="320" path="vpn-config/index.php?group=uni&os=win" /></center>
+
*Download configuration file:
* Place the configuration file '''"OpenVPN-UPB-NG_*.ovpn"''' into the directory '''"C:/User/<Username>/OpenVPN/config/"''.
 
*: The Directory is created at the first start of OpenVPN, so it may not exist before
 
* Connect to the university via OpenVPN
 
  
== OpenVPN installation ==
+
<span style="color:green"> Note:</span> You can click on "Download" here and download your configuration file. This is not a screenshot ;-)
After installing the network certificate, download the current installer from the download page of the OpenVPN website "[https://openvpn.net/community-downloads/ openvpn-install-xxxx-win10.exe]"  and open it.
+
<center><iframe key="infoboard" width="600" height="330" path="vpn-config/index.php?group=uni&os=win&redirect_gateway=1" /></center>
 +
* Import configuration file
 +
* Establish a VPN connection
  
A security warning from the User Account Control may appear first. Click on "Yes".
+
==Step-by-step instructions==
  
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 1.png|600px|mini|ohne|'''Step 1:''' Click on "Next >" in the welcome screen.]]</div>
+
===Install network certificate===
 +
In order to use OpenVPN, a personal network certificate must be installed on your PC.
 +
<br>
 +
<br clear=all>
 +
'''Are you already using the Eduroam WiFi network on this PC?'''
 +
* Then you already have a personal network certificate. Skip this step.
 +
<br clear=all>
 +
'''Are you not using the Eduroam WiFi network on this PC yet?'''
 +
<bootstrap_accordion>
 +
<bootstrap_panel heading="Then click here for help with certificate installation.">
 +
Access using a browser, e.g. Firefox or Edge, go to the [http://sp.upb.de service portal] and log in with your user name and password from your university account.
 +
* Go to '''Benutzerverwaltung''' and then '''Netzwerkeinstellungen'''.
 +
<br clear=all>
  
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 2.png|600px|mini|ohne|'''Step 2:''' Agree to the licence conditions with "I Agree" if you want to use OpenVPN.]]</div>
+
[[Datei:Eduroam-unter-android-4.png|links|mini|ohne|350px]]
 +
<br>
 +
* Click '''Neues Zertifikat erstellen'''.
 +
<br clear=all>
  
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 3.png|600px|mini|ohne|'''Step 3:''' '''Only then''' click on "Next >" to confirm the selection of the components.]]</div>
+
[[Datei:Netzwerkzertifikat-container-v2.png|links|mini|ohne|350px]]
 +
<br>
 +
* Give the certificate a unique name (e.g.: cell phone)
 +
* For Windows 11, select '''Version 2''' as the file format.
 +
* For older versions such as Windows 10 please use '''version 1'''.
 +
* Then click on '''Neues Zertifikat zusenden'''.
 +
<br clear=all>
  
 +
[[Datei:Netzwerkzertifikat-download.png|links|mini|ohne|350px]]
 +
<br>
 +
* A new network certificate has been created for you.
 +
* First copy the '''Import Password''' to the clipboard.
 +
* Now click on '''Download Network Certificate'''.
 
<br clear=all>
 
<br clear=all>
  
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 4.png|600px|mini|ohne|'''Step 4:''' Click on "Install" to install OpenVPN in the specified folder.]]</div>
+
After saving it on the computer, the network certificate must be installed under the account that is to be used with Eduroam. Open the certificate with a double click. The certificate import wizard then starts automatically.
 +
 
 +
[[Datei:Eduroam-windows11-01.png|links|mini|ohne|450px]]
 +
<br>
 +
* Click on '''Continue'''.
 +
<br clear=all>
  
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 5.png|600px|mini|ohne|'''Step 5:''' OpenVPN is now being installed.]]</div>
+
[[Datei:Eduroam-windows11-02.png|links|mini|ohne|450px]]
 +
<br>
 +
* Paste the import password that we just copied.
 +
* Leave the default settings intact.
 +
* <span style="color:orange">'''Note:''' It is not allowed to tick "Activate high security for the private key". The Windows WLAN client currently does not support this function and therefore no connection to eduroam would be possible.</span>
 +
* Then click '''Next'''
 +
<br>
 +
* In the following window, if necessary, click on '''Next''' and finally on '''Finish'''.
 +
<br clear=all>
  
<br clear=all>  
+
[[Datei:Eduroam-windows11-03.png|links|mini|ohne|450px]]
 +
<br>
 +
* If a security warning appears, click Yes.
 +
<br clear=all>
  
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 6.png|600px|mini|ohne|'''Step 6:''' You can set a check mark for the Windows security so that OpenVPN is always trusted, then click on "Install".]]</div>
+
[[Datei:Eduroam-windows11-04.png|links|mini|ohne|450px]]
 +
<br>
 +
* Now click on '''"OK"'''.
 +
<br clear=all>
  
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 7.png|600px|mini|ohne|'''Step 7:''' Once the installation is complete, click on "Next >". <br> Then click "Finish" to close the wizard.]]</div>
+
<span style="color:red">'''Note:''' Now open the same certificate again and install it a second time. This allows us to work around an error in the Windows certificate manager. Do not create a new certificate for this! </span>
 +
</bootstrap_panel>
 +
</bootstrap_accordion>
  
 
<br clear=all>
 
<br clear=all>
  
After the successful installation, the new icon "OpenVPN GUI" appears on your desktop.
+
<span style="color:green"> Note:</span> Only one network certificate from the University of Paderborn may be installed. Multiple certificates can cause problems. More about this [https://hilfe.uni-paderborn.de/VPN_unter_Windows_10#Zertifikate here.]
  
[[Datei:OpenVPN Windows10 - Start.png|200px|mini|ohne|'''Step 8:''' This symbol is used to start the OpenVPN client]]
+
===Download OpenVPN===
 +
Now download the OpenVPN program from the manufacturer's website. <br>
 +
https://openvpn.net/community-downloads/
 +
: '''ATTENTION''': DO NOT install the BETA version!
  
 +
[[File:Vpn-win-10-1.png|550px|mini|without|Download the program here. Not via '''Get OpenVPN!''']]
 
<br clear=all>
 
<br clear=all>
  
== configure OpenVPN ==  
+
=== Install OpenVPN ===
 +
Now let's install the program.
 +
 
 +
<div class="tleft" style="clear:none">[[Datei:OpenVPN-25 Win10 Install-1.png|600px|mini|ohne|'''Step 1:''' Click on "Install Now ".]]</div>
 +
<div class="tleft" style="clear:none">[[Datei:OpenVPN-25 Win10 Install-2.png|600px|mini|ohne|'''Step 2:''' A security warning appears first User Account Control. Click "Yes".]]</div>
 +
<div class="tleft" style="clear:none">[[Datei:OpenVPN-25 Win10 Install-3.png|600px|mini|ohne|'''Step 3:''' The installation is complete. Click "Close".]]</div>
  
 +
<br clear=all>
  
=== Using the OpenVPN configuration for the network of the University of Paderborn ===
+
After successful installation, the new “OpenVPN GUI” icon will appear on the desktop.
  
Download the configuration file, select the VPN you want to connect too and click on Download.
+
[[Datei:OpenVPN-25 Win10 Install-4.png|0px]] '''Step 8:''' The OpenVPN client is started using this symbol.
Usually "Uni-VPN (Standard)" should work, but if you have problems with the connection, try "Uni-VPN-TCP".
 
<center><iframe key="infoboard" width="600" height="320" path="vpn-config/index.php?group=uni&os=win" /></center>
 
  
Place the downloaded file "OpenVPN-UPB-NG_*.ovpn" in the configuration folder under
+
<br clear=all>
C:/User/<User name>/OpenVPN/config/
 
The connection is then automatically added to the OpenVPN GUI.
 
: "C:" usually refers to the Windows partition.
 
  
 +
=== Download configuration file ===
 +
 +
Download the configuration file, select the VPN you want to connect to in the box below and click on Download.
 +
Normally "Uni-VPN (Standard)" should be the right choice, but if you have problems with the connection, try "Uni-VPN-TCP" instead.
 +
<br clear=all>
 +
<span style="color:green"> Note:</span> You can click '''"Download"''' here and download your configuration file. This is not a screenshot ;-)
 +
<center><iframe key="infoboard" width="600" height="330" path="vpn-config/index.php?group=uni&os=win&redirect_gateway=1" /></center>
 
<br clear=all>
 
<br clear=all>
  
== Start OpenVPN ==
+
<bootstrap_accordion>
To run the program, double-click with the left mouse button on the OpenVPN icon on your desktop.
+
<bootstrap_panel heading="Direct all internet traffic through the tunnel?">
 +
*Accessing online resources may require that you route all network traffic through the tunnel.
 +
* You do not need this option to simply access the network drives.
 +
</bootstrap_panel>
 +
</bootstrap_accordion>
  
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 - Start.png|200px|mini|'''Step 1:''' This symbol is used to start the OpenVPN client]]</div>
+
=== Start OpenVPN ===
<div class="tleft" style="clear:none"></div>
+
If OpenVPN is not already started (see tray icon), start it using the "OpenVPN GUI" icon on your desktop.
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 11.png|400px|mini|'''Step 2:''' Subsequently, an icon appears at the bottom of the task bar which, depending on the connection status, lights up grey (no VPN connection), yellow (VPN connection being set up) or green (VPN connection established).]]</div>
 
  
 +
[[Datei:OpenVPN-25 Win10 Install-4.png|links|200px|mini|ohne]]
 +
<br>
 +
* The OpenVPN client is started via this symbol.
 
<br clear=all>
 
<br clear=all>
  
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 12.png|x265px|mini|ohne|'''Step 3:''' Click with the right mouse button on the icon and then on '''"Connect"/"Verbinden"''' to establish a connection to the VPN server.]]</div>
+
[[Datei:OpenVPN-25 Win10 Install-5.png|links|400px|mini|ohne]]
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 13.png|x265px|mini|ohne|'''Step 4:''' When running the program for the first time, the Windows firewall may need the permission to trust OpenVPN in the future. Click on '''"Allow access"'''.]]</div>
+
<br>
 +
* An icon with a small lock will now appear at the bottom of the taskbar.
 +
* Do not confuse it with the Windows network icon.
 +
<br clear=all>
  
 +
===Load configuration===
 +
Open the configuration file with a double click. Alternatively, you can also do the following:
 +
 +
[[Datei:OpenVPN-Win10-1.png|links|mini|ohne|350px]]
 +
<br>
 +
* Right-click on the OpenVPN icon at the bottom right of the task bar.
 +
* Then click '''Import File'''.
 
<br clear=all>
 
<br clear=all>
  
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 verbunden.png|400px|mini|ohne|'''Step 5:''' Then, an IP address is assigned to your computer and the icon turns green.]]</div>
+
[[Datei:VPN-unter-Windows-01.png|links|mini|ohne|350px|select config]]
 +
<br>
 +
* Now open the file '''"OpenVPN-UPB-NG_*.ovpn"''' - We have just downloaded it.
 +
<br clear=all>
 +
 
 +
=== Establish connection===
 +
Now we set up a VPN connection. <br>
 +
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 12.png|x265px|mini|ohne|'''Step 3:''' Please right-click on the icon and then click "'''Connect"/"Connect"''" to establish a connection to the VPN server.]]</div>
 +
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 13.png|x265px|mini|ohne|'''Step 4:''' When you run the program for the first time, the Windows Firewall is required If necessary, the consent to trust OpenVPN in the future. Please click on "'''Allow access'''".]]</div>
 +
 
 +
<br clear=all>
  
 +
<div class="tleft" style="clear:none">[[Datei:OpenVPN Windows10 verbunden.png|400px|mini|without|'''Step 5:''' Finally, your computer will be assigned an IP address and the icon turns green.]]</div>
 
<br clear=all>
 
<br clear=all>
  
As soon as a green indicator is displayed, you are connected to the local university network.
+
You can see the status of the VPN by the color of the symbol:
You can check this status by entering
+
{| class="wikitable"
 +
|-
 +
|  [[Datei:VPN-Win10-4.png]] || No VPN connection active
 +
|-
 +
| [[Datei:VPN-Win10-5.png]] || VPN connection is being established
 +
|-
 +
| [[Datei:VPN-Win10-3.png]] || VPN connection active
 +
|}
 +
 
 +
As soon as a green status is displayed, you are connected to the internal university network.
 +
 
 +
 
 +
===Disconnect===
 +
Disconnect the VPN connection when you no longer need it.
 +
 
 +
[[Datei:VPN-unter-Windows-02.png|links|mini|ohne|350px|Disconnect VPN]]
 +
<br>
 +
* Click on the OpenVPN icon.
 +
* Click '''Disconnect'''.
 +
<br clear=all>
 +
 
 +
==Check VPN==
 +
You can check the functionality of the VPN by visiting:
 
: [https://go.upb.de/ip https://go.upb.de/ip]
 
: [https://go.upb.de/ip https://go.upb.de/ip]
into your browser. Your current IP is displayed and whether you are using the university network or not.
+
Your IP will be displayed there and it will show whether you are in the university network.
  
[[Datei:OpenVPN verbunden - go_ip.png|center|400px|mini|ohne|Example: Existing connection to the university network.]]
+
[[Datei:OpenVPN verbunden - go_ip.png|mitte|400px|mini|ohne|Example: Existing connection to the university network.]]
 +
<br clear=all>
  
<br clear=all>
+
==Troubleshooting==
 +
===Red status messages===
 +
There are some red status messages when connecting, but these are completely normal and do not represent a real problem. See:<br>[[VPN_-_Erklaerung_zu_Meldungen_(Log)|VPN Declaration of Messages (Log)]]
 +
 
 +
===Error messages===
 +
<bootstrap_accordion>
 +
<bootstrap_panel heading="Cannot load certificate" color="info">
 +
Error message:
 +
<pre> Cannot load certificate "SUBJ:@uni-paderborn.de" from Microsoft Certificate Store </pre>
 +
This can have two reasons:
 +
* You do not have a certificate installed
 +
** Install a network certificate (see above)
 +
* You have installed too many network certificates
 +
**Press '''"Win"''' + '''"R"''' to bring up the '''"Run"''' dialog.
 +
**Type the following:
 +
<pre>certmgr.msc </pre>
 +
** Then click '''OK'''.
 +
** Go to the '''My Certificates''' folder and then '''Certificates''' folder.
 +
** There should only be one certificate with the identifier '''"username@uni-paderborn.de"''' in this folder.
 +
** Further certificates with the identifier '''"username@uni-paderborn.de"''' should be deleted.
 +
** If there are several, you can identify the active one by the serial number.
 +
** Double click on the certificate, details, serial number.
 +
** You can find the active certificates with the corresponding serial number in the service portal.
 +
</bootstrap_panel>
 +
<bootstrap_panel heading="Private Key in legacy Store" color="info">
 +
On some systems, the personal user certificate must be installed twice. If you find the following error message in the log:
 +
<br>
 +
<pre>"WARNING: cryptoapicert: private key is in a legacy store. Restricting TLS version to 1.1"</pre>
 +
<br>
 +
Install your personal network certificate a second time. The error message should then disappear.
 +
</bootstrap_panel>
 +
<bootstrap_panel heading="Group VPN ports are blocked - '''TLS Handshake failed''' after a timeout (60 sec)" color="info">
 +
Group VPN connections are established over specific UDP ports. Normally these port sharings are problem-free because they do not overlap with other protocols. However, if your Internet access is of a restrictive nature and only allows certain ports, a connection problem may arise. This affects some university institutions or company networks. Home networks generally do not have this.
 +
 
 +
'''Solution:'''
 +
* change your location or network
 +
* Release the required port or talk to the IT department whether this is possible
 +
*: You can find the port used for your group network within the config file.
 +
* If it is the '''hpc-pc2''' network, contact the PC2 for alternative SSH access
 +
</bootstrap_panel>
 +
 
 +
</bootstrap_accordion>
 +
 
 +
===Configuration file===
 +
<bootstrap_accordion>
 +
<bootstrap_panel heading="Add configuration file manually" color="info">
 +
As an alternative to the '''"Import file"''' function, you can also import the configuration file '''"OpenVPN-UPB-NG_*.ovpn"''' directly into the folder
 +
<pre>C:/Users/<username>/OpenVPN/config/</pre>
 +
place. <br>
 +
You can also delete old configuration files there. <br>
 +
This directory may only be created when OpenVPN is started for the first time.<br>
 +
Files in this folder are only available to the current user account.
 +
<br>
 +
<span style="color:green"> Note:</span> Drive '''C:''' represents the drive with the Windows installation.
 +
<br>
 +
 
 +
Alternatively, configuration files can also be stored in the program folder
 +
<pre>C:\Program Files\OpenVPN\config</pre>
 +
Here they are available to all users of the computer.
 +
</bootstrap_panel>
 +
</bootstrap_accordion>
 +
 
 +
==See also==
 +
* [[Netzwerk]]
 +
* [[VPN Problembehandlung]]

Aktuelle Version vom 16. Dezember 2024, 14:47 Uhr

Die deutsche Version finden Sie auf der Seite VPN unter Windows

VPN (Virtual Private Network) is needed if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN guarantees secure access to the University network through other networks (dial-in via other providers, external company or university networks).

You need VPN if you[Bearbeiten | Quelltext bearbeiten]

  • want to access licensed databases of the University Library,
  • want to access a Network drive/ group storage
  • use the green sockets within the university (these are only available via VPN for security reasons)
  • use a license server of the university,
  • want to access secured pages of the university,
  • would like to work with the CMS TYPO3 from home.


You do not need VPN if you[Bearbeiten | Quelltext bearbeiten]

  • want to read your e-mails on webmail,
  • want to send e-mails via the ZIM mail server (see Mail).
  • want to use BigBlueButton or other services for conferences.

Simultaneous connections[Bearbeiten | Quelltext bearbeiten]

Uni-VPN

  • If you use the Uni-VPN, you can only establish one connection at a time.
  • You cannot establish a connection to the Uni-VPN on another device at the same time.
  • You must disconnect the existing connection first.

Group VPN

  • If you use a group VPN, you cannot establish a second VPN connection to this group VPN on another device at the same time.
  • You must disconnect the existing connection first.
  • However, you can establish a parallel connection to the Uni VPN or another group VPN on another device.

What needs to be done?[Bearbeiten | Quelltext bearbeiten]

  • Install personal network certificate
  • Install OpenVPN.
  • Start OpenVPN
  • Download configuration file:

Note: You can click on "Download" here and download your configuration file. This is not a screenshot ;-)

  • Import configuration file
  • Establish a VPN connection

Step-by-step instructions[Bearbeiten | Quelltext bearbeiten]

Install network certificate[Bearbeiten | Quelltext bearbeiten]

In order to use OpenVPN, a personal network certificate must be installed on your PC.

Are you already using the Eduroam WiFi network on this PC?

  • Then you already have a personal network certificate. Skip this step.


Are you not using the Eduroam WiFi network on this PC yet?

Access using a browser, e.g. Firefox or Edge, go to the service portal and log in with your user name and password from your university account.

  • Go to Benutzerverwaltung and then Netzwerkeinstellungen.


Eduroam-unter-android-4.png


  • Click Neues Zertifikat erstellen.


Netzwerkzertifikat-container-v2.png


  • Give the certificate a unique name (e.g.: cell phone)
  • For Windows 11, select Version 2 as the file format.
  • For older versions such as Windows 10 please use version 1.
  • Then click on Neues Zertifikat zusenden.


Netzwerkzertifikat-download.png


  • A new network certificate has been created for you.
  • First copy the Import Password to the clipboard.
  • Now click on Download Network Certificate.


After saving it on the computer, the network certificate must be installed under the account that is to be used with Eduroam. Open the certificate with a double click. The certificate import wizard then starts automatically.

Eduroam-windows11-01.png


  • Click on Continue.


Eduroam-windows11-02.png


  • Paste the import password that we just copied.
  • Leave the default settings intact.
  • Note: It is not allowed to tick "Activate high security for the private key". The Windows WLAN client currently does not support this function and therefore no connection to eduroam would be possible.
  • Then click Next


  • In the following window, if necessary, click on Next and finally on Finish.


Eduroam-windows11-03.png


  • If a security warning appears, click Yes.


Eduroam-windows11-04.png


  • Now click on "OK".


Note: Now open the same certificate again and install it a second time. This allows us to work around an error in the Windows certificate manager. Do not create a new certificate for this!


Note: Only one network certificate from the University of Paderborn may be installed. Multiple certificates can cause problems. More about this here.

Download OpenVPN[Bearbeiten | Quelltext bearbeiten]

Now download the OpenVPN program from the manufacturer's website.
https://openvpn.net/community-downloads/

ATTENTION: DO NOT install the BETA version!
Download the program here. Not via Get OpenVPN!


Install OpenVPN[Bearbeiten | Quelltext bearbeiten]

Now let's install the program.

Step 1: Click on "Install Now ".
Step 2: A security warning appears first User Account Control. Click "Yes".
Step 3: The installation is complete. Click "Close".


After successful installation, the new “OpenVPN GUI” icon will appear on the desktop.

0px Step 8: The OpenVPN client is started using this symbol.


Download configuration file[Bearbeiten | Quelltext bearbeiten]

Download the configuration file, select the VPN you want to connect to in the box below and click on Download. Normally "Uni-VPN (Standard)" should be the right choice, but if you have problems with the connection, try "Uni-VPN-TCP" instead.
Note: You can click "Download" here and download your configuration file. This is not a screenshot ;-)


  • Accessing online resources may require that you route all network traffic through the tunnel.
  • You do not need this option to simply access the network drives.

Start OpenVPN[Bearbeiten | Quelltext bearbeiten]

If OpenVPN is not already started (see tray icon), start it using the "OpenVPN GUI" icon on your desktop.

OpenVPN-25 Win10 Install-4.png


  • The OpenVPN client is started via this symbol.


OpenVPN-25 Win10 Install-5.png


  • An icon with a small lock will now appear at the bottom of the taskbar.
  • Do not confuse it with the Windows network icon.


Load configuration[Bearbeiten | Quelltext bearbeiten]

Open the configuration file with a double click. Alternatively, you can also do the following:

OpenVPN-Win10-1.png


  • Right-click on the OpenVPN icon at the bottom right of the task bar.
  • Then click Import File.


select config


  • Now open the file "OpenVPN-UPB-NG_*.ovpn" - We have just downloaded it.


Establish connection[Bearbeiten | Quelltext bearbeiten]

Now we set up a VPN connection.

Step 3: Please right-click on the icon and then click "'Connect"/"Connect"" to establish a connection to the VPN server.
Step 4: When you run the program for the first time, the Windows Firewall is required If necessary, the consent to trust OpenVPN in the future. Please click on "Allow access".


Step 5: Finally, your computer will be assigned an IP address and the icon turns green.


You can see the status of the VPN by the color of the symbol:

VPN-Win10-4.png No VPN connection active
VPN-Win10-5.png VPN connection is being established
VPN-Win10-3.png VPN connection active

As soon as a green status is displayed, you are connected to the internal university network.


Disconnect[Bearbeiten | Quelltext bearbeiten]

Disconnect the VPN connection when you no longer need it.

Disconnect VPN


  • Click on the OpenVPN icon.
  • Click Disconnect.


Check VPN[Bearbeiten | Quelltext bearbeiten]

You can check the functionality of the VPN by visiting:

https://go.upb.de/ip

Your IP will be displayed there and it will show whether you are in the university network.

Example: Existing connection to the university network.


Troubleshooting[Bearbeiten | Quelltext bearbeiten]

Red status messages[Bearbeiten | Quelltext bearbeiten]

There are some red status messages when connecting, but these are completely normal and do not represent a real problem. See:
VPN Declaration of Messages (Log)

Error messages[Bearbeiten | Quelltext bearbeiten]

Error message:

 Cannot load certificate "SUBJ:@uni-paderborn.de" from Microsoft Certificate Store 

This can have two reasons:

  • You do not have a certificate installed
    • Install a network certificate (see above)
  • You have installed too many network certificates
    • Press "Win" + "R" to bring up the "Run" dialog.
    • Type the following:
certmgr.msc 
    • Then click OK.
    • Go to the My Certificates folder and then Certificates folder.
    • There should only be one certificate with the identifier "username@uni-paderborn.de" in this folder.
    • Further certificates with the identifier "username@uni-paderborn.de" should be deleted.
    • If there are several, you can identify the active one by the serial number.
    • Double click on the certificate, details, serial number.
    • You can find the active certificates with the corresponding serial number in the service portal.

On some systems, the personal user certificate must be installed twice. If you find the following error message in the log:

"WARNING: cryptoapicert: private key is in a legacy store. Restricting TLS version to 1.1"


Install your personal network certificate a second time. The error message should then disappear.

Group VPN connections are established over specific UDP ports. Normally these port sharings are problem-free because they do not overlap with other protocols. However, if your Internet access is of a restrictive nature and only allows certain ports, a connection problem may arise. This affects some university institutions or company networks. Home networks generally do not have this.

Solution:

  • change your location or network
  • Release the required port or talk to the IT department whether this is possible
    You can find the port used for your group network within the config file.
  • If it is the hpc-pc2 network, contact the PC2 for alternative SSH access


Configuration file[Bearbeiten | Quelltext bearbeiten]

As an alternative to the "Import file" function, you can also import the configuration file "OpenVPN-UPB-NG_*.ovpn" directly into the folder

C:/Users/<username>/OpenVPN/config/

place.
You can also delete old configuration files there.
This directory may only be created when OpenVPN is started for the first time.
Files in this folder are only available to the current user account.
Note: Drive C: represents the drive with the Windows installation.

Alternatively, configuration files can also be stored in the program folder

C:\Program Files\OpenVPN\config

Here they are available to all users of the computer.

See also[Bearbeiten | Quelltext bearbeiten]


Bei Fragen oder Problemen wenden Sie sich bitte telefonisch oder per E-Mail an uns:

Tel. IT: +49 (5251) 60-5544 Tel. Medien: +49 (5251) 60-2821 E-Mail: zim@uni-paderborn.de

Das Notebook-Café ist die Benutzerberatung des ZIM - Sie finden uns in Raum I0.401

Wir sind zu folgenden Zeiten erreichbar:


Mo Di - Fr
Vor-Ort-Support Geschlossen Über die Feiertage geschlossen
Telefonsupport 08:30 - 13:00 Über die Feiertage geschlossen


Das ZIM:Servicecenter Medien auf H1 hat aktuell zu folgenden Zeiten geöffnet:

Mo Di - Fr
08:00 - 16:00 Über die Feiertage geschlossen


Cookies helfen uns bei der Bereitstellung des ZIM HilfeWikis. Bei der Nutzung vom ZIM HilfeWiki werden die in der Datenschutzerklärung beschriebenen Cookies gespeichert.