Jnk (Diskussion | Beiträge) |
Jnk (Diskussion | Beiträge) |
||
(7 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
Zeile 4: | Zeile 4: | ||
|translated title=VPN on macOS | |translated title=VPN on macOS | ||
}} | }} | ||
− | VPN (Virtual Private Network) | + | |
+ | <bootstrap_alert color=warning> | ||
+ | Use Tunnelblick version 4.0.1 or newer. There is no longer any need to downgrade the OpenSSL version. Those who have set OpenSSL to version 1.1.1w as a temporary solution should create a new VPN connection for Tunnelblick with a new certificate and a new configuration file following these instructions. To do this, start at step [[VPN_unter_macOS/en#Generate_network_certificate | Generate network certificate]]. | ||
+ | </bootstrap_alert> | ||
+ | |||
+ | You need VPN (Virtual Private Network) if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN ensures secure access to the university network from external networks (dial-in via other providers, external company or university networks). | ||
<br clear=all> | <br clear=all> | ||
+ | ==Simultaneous connections== | ||
+ | <bootstrap_alert color=info> | ||
+ | <span style='font-size:30px;'>🛈</span> | ||
+ | <br> | ||
+ | Do you want to connect your laptop and your mobile phone to the VPN in addition to your PC? You can set up VPN connections on multiple devices. However, each person can only establish one connection per VPN at the same time. | ||
+ | </bootstrap_alert> | ||
+ | |||
+ | <bootstrap_accordion> | ||
+ | <bootstrap_panel heading="What does that mean?" color="info"> | ||
+ | '''Uni-VPN''' | ||
+ | * If you use the Uni-VPN, you can only establish one connection at a time. | ||
+ | * You cannot establish a connection to the Uni-VPN on another device at the same time. | ||
+ | * You must disconnect the existing connection first. | ||
+ | |||
+ | '''Group VPN''' | ||
+ | * If you use a group VPN, you cannot establish a second VPN connection to this group VPN on another device at the same time. | ||
+ | * You must disconnect the existing connection first. | ||
+ | * However, you can establish a parallel connection to the Uni VPN or another group VPN on another device. | ||
+ | </bootstrap_panel> | ||
+ | </bootstrap_accordion> | ||
== What needs to be done? - Quick guide == | == What needs to be done? - Quick guide == | ||
− | # Install Tunnelblick in the | + | # Install Tunnelblick in the latest stable version. [https://tunnelblick.net/downloads.html Tunnelblick] |
− | # | + | # Generate your '''personal network certificate''' in the [https://serviceportal.uni-paderborn.de/web/portal/willkommen service portal]. |
# '''Download the configuration file''' | # '''Download the configuration file''' | ||
− | #: <center><iframe key="infoboard" width="600" height=" | + | #: <center><iframe key="infoboard" width="600" height="330" path="vpn-config/index.php?group=uni&os=mac&redirect_gateway=1" /></center> |
− | #: '''Click on Download in the | + | #: '''Click on Download in the selection menu above!''' |
− | # '''Create a new folder''' on your desktop with the name you want your connection to have, | + | # '''Create a new folder''' on your desktop that you name with the name you want your connection to have, for example “VPN Uni”. |
− | # Put your '''personal network certificate''' and | + | # Put your '''personal network certificate''' and '''configuration file''' in the folder created earlier. |
− | # Delete the serial number in the filename from your network certificate | + | # Delete the serial number in the filename from your network certificate so that e.g. Network_Certificate_<username>_******.p12 -> Network_Certificate.p12 becomes. |
− | # Add the file extension '''.tblk''' to this folder by | + | # Add the file extension '''.tblk''' to this folder by selecting the folder, pressing '''cmd + i''' and under "Name & Suffix" e.g. from VPN Uni '''VPN Uni. tblk''' do. |
− | # | + | # Now you can double-click the file created from the folder and install the connection. |
− | # You will be asked to enter your Mac password to allow | + | # You will be asked to enter your Mac password to allow configuration. |
− | # Now click on the Tunnelblick | + | # Now click on the Tunnelblick symbol at the top of the menu bar and select your connection, which is now called the same as your folder before. Enter the import password, which you can find in the service portal under '''Network Settings'''. Select the option to save the password in the keychain. |
# Wait until the font turns green. You are now connected. | # Wait until the font turns green. You are now connected. | ||
<br clear=all> | <br clear=all> | ||
+ | |||
== Step-by-step instructions: Preparation == | == Step-by-step instructions: Preparation == | ||
Zeile 27: | Zeile 53: | ||
[[Datei:Tunnelblick Download.png|links|mini|531x531px]] | [[Datei:Tunnelblick Download.png|links|mini|531x531px]] | ||
<br> | <br> | ||
− | * Install [https://tunnelblick.net/downloads.html Tunnelblick] in the | + | * Install [https://tunnelblick.net/downloads.html Tunnelblick] in the latest stable version. |
− | * | + | * To do this, click on the link provided and then on the version marked '''"Stable"'''. |
− | * Then open your downloads and double click on the Tunnelblick download. Tunnelblick | + | * Then open your downloads and then double-click on the Tunnelblick download. Tunnelblick now installs itself. |
<br clear=all> | <br clear=all> | ||
− | === | + | === Generate network certificate === |
− | + | You need a network certificate for the VPN connection. | |
<br> | <br> | ||
− | + | Access the service portal: | |
− | + | * https://serviceportal.uni-paderborn.de | |
− | + | * Log in with your university account. | |
− | + | * Then click on '''Netzwerkeinstellungen''' under '''Benutzerverwaltung''' in the top menu. | |
<br clear=all> | <br clear=all> | ||
− | [[Datei: | + | [[Datei:Eduroam-unter-android-4.png|links|mini|ohne|350px]] |
<br> | <br> | ||
− | * | + | * Click '''"Neues Zertifikat erstellen"'''. |
− | * | + | <br clear=all> |
− | + | ||
− | + | [[Datei:Netzwerkzertifikat-container-v2.png|links|mini|ohne|350px]] | |
+ | <br> | ||
+ | * Give the certificate a unique name (Example: MacBook VPN) | ||
+ | * Select '''<span style="color:red">Version 2</span>''' as the file format! | ||
+ | * Then click on '''"Neues Zertifikat zusenden"'''. | ||
+ | <br clear=all> | ||
+ | |||
+ | [[Datei:Netzwerkzertifikat-download.png|links|mini|ohne|350px]] | ||
+ | <br> | ||
+ | * A new network certificate has been created for you. | ||
+ | * First copy the '''Import Password''' to the clipboard. | ||
+ | * Now click on '''"Download Network Certificate"'''. | ||
+ | <br clear=all> | ||
+ | You have now downloaded your personal network certificates. | ||
+ | |||
+ | ==Set up Tunnelblick == | ||
+ | Download the configuration file, select the VPN you want to connect to and click Download. | ||
+ | Normally, "'''Uni-VPN (Standard)'''" should be the right choice, but if you have problems with the connection, try "Uni-VPN-TCP" instead. | ||
+ | <center><iframe key="infoboard" width="600" height="330" path="vpn-config/index.php?group=uni&os=mac&redirect_gateway=1" /></center> | ||
+ | <br clear=all> | ||
+ | <span style="color:green"> Note:</span> You can click '''"Download"''' here and download your configuration file. This is not a screenshot ;-) | ||
+ | <br clear=all> | ||
+ | <bootstrap_accordion> | ||
+ | <bootstrap_panel heading="Direct all internet traffic through the tunnel?" color="info"> | ||
+ | *Accessing online resources may require that you route all network traffic through the tunnel. | ||
+ | * You do not need this option to simply access the network drives. | ||
+ | </bootstrap_panel> | ||
+ | </bootstrap_accordion> | ||
+ | |||
+ | [[Datei:VPN Ordner.png|links|mini|ohne|350px|create folder]] | ||
+ | <br> | ||
+ | * Create a new folder - For example, name it ''"vpn-upb"''. | ||
+ | * This is what your VPN connection will be called later. | ||
+ | * Now put the personal network certificate and configuration file in this folder. | ||
+ | * Rename your personal network certificate to <code>Network_Certificate.p12</code> | ||
+ | * '''Example:''' Change the file name <code>Network_Certificate_muster_078B30.p12</code> to <code>Network_Certificate.p12</code> | ||
+ | * The configuration file should have an icon like the screenshot and end with <code>.ovpn</code>. | ||
<br clear=all> | <br clear=all> | ||
− | < | + | <bootstrap_accordion> |
− | < | + | <bootstrap_panel heading="My configuration file looks different! - What now? -Click here-" color="info"> |
+ | * When downloading, it can happen that the .ovpn file becomes a .txt file. However, we can change the file extension again relatively easily. | ||
+ | * Click on the configuration file. Now press '''cmd''' + '''i''' on the keyboard. | ||
+ | * '''"Name & Suffix"''' may now read '''.ovpn.txt'''. | ||
+ | * Delete the '''.txt'''. | ||
+ | * Then press the '''Enter key'''. | ||
+ | * Click '''Add'''. | ||
+ | </bootstrap_panel> | ||
+ | </bootstrap_accordion> | ||
+ | |||
+ | [[Datei:VPN Suffix.png|links|mini|ohne|350px|rename folder]] | ||
+ | <br> | ||
+ | * Now rename the folder and add the file extension <code>.tblk</code> to it. | ||
+ | * You can use the context menu or right-click for this. | ||
+ | <br clear=all> | ||
+ | [[Datei:Vpn-unter-macos-12.png|links|mini|ohne|350px|add suffix]] | ||
+ | <br> | ||
+ | * You must now confirm the change. | ||
+ | * Click '''Add'''. | ||
<br clear=all> | <br clear=all> | ||
+ | [[Datei:VPN tblk.png|links|mini|ohne|150px|Install configuration]] | ||
+ | <br> | ||
+ | * You have now created a configuration for Tunnelblick - This now needs to be installed. | ||
+ | * Open this file with a double click. | ||
+ | <br clear=all> | ||
− | + | [[Datei:Vpn-unter-macos-13.png|links|mini|ohne|350px|Install configuration for this user]] | |
− | + | <br> | |
− | + | * You will be asked which user you want to install the configuration for. | |
− | + | * Select '''"Only for this user"'''. | |
<br clear=all> | <br clear=all> | ||
− | [[Datei:VPN | + | |
+ | [[Datei:VPN Konfiguration.png|links|mini|ohne|250px|enter Mac password]] | ||
<br> | <br> | ||
− | * | + | * You will be prompted to enter your Mac password to install the configuration. |
− | |||
− | |||
<br clear=all> | <br clear=all> | ||
− | [[Datei:VPN | + | [[Datei:VPN verbinden.png|links|mini|ohne|450px]] |
<br> | <br> | ||
− | * | + | * Now click on the '''tunnel vision symbol''' in the menu bar at the top. |
− | * | + | * Click '''connect''' on the desired VPN connection. |
+ | * In our example this is '''"connect vpn-upb"''' | ||
<br clear=all> | <br clear=all> | ||
− | [[Datei:VPN | + | [[Datei:VPN Passwort.png|links|mini|ohne|450px]] |
<br> | <br> | ||
− | * | + | * In the next step you will be asked to enter a password. Enter the '''import password''' mentioned above that belongs to the certificate. |
+ | * In addition, be sure to select the '''"Save to Keychain"''' option so that the password is saved (otherwise you will have to keep re-entering the import password). | ||
<br clear=all> | <br clear=all> | ||
− | [[Datei:VPN | + | [[Datei:VPN verbunden.png|links|mini|ohne|450px]] |
<br> | <br> | ||
− | * You | + | * Wait until the font turns ''green'' and you are ''connected''. |
+ | * You can quickly connect and disconnect the connection using the Tunnelblick symbol. | ||
<br clear=all> | <br clear=all> | ||
− | + | <!-- | |
+ | ==OpenSSL Problem== | ||
+ | As of version 4.0.0, Tunnelblick can no longer unpack the network certificates of the University of Paderborn. You can temporarily work around this by downgrading OpenSSL to v1. | ||
<br> | <br> | ||
− | + | If you get the following error when connecting to Tunnelblick, follow these steps: | |
+ | <br> | ||
+ | <code>Authentication failed The passphrase was not accepted</code> | ||
+ | |||
+ | [[File:Vpn-under-macos-09.png|left|mini|without|450px]] | ||
+ | <br> | ||
+ | * Click '''Cancel'''. | ||
<br clear=all> | <br clear=all> | ||
− | [[ | + | [[File:VPN-under-macos-10.png|left|mini|without|450px]] |
<br> | <br> | ||
− | * | + | * Click on the '''tunnel vision icon''' in the menu bar. |
− | * | + | * Then click on '''VPN Details'''. |
<br clear=all> | <br clear=all> | ||
− | [[ | + | [[File:VPN-under-macos-11.png|left|mini|without|450px]] |
<br> | <br> | ||
− | + | # Click '''"Configuration"''' in the top bar. | |
− | * | + | # Select your VPN configuration on the left side. |
+ | # Click on the '''Settings''' tab. | ||
+ | # Select the following setting: | ||
+ | #* OpenVPN Version: '''2.6.9 - OpenSSL v1.1.1w''' | ||
<br clear=all> | <br clear=all> | ||
− | == | + | Then click on '''Connect'''. You should now be able to connect to the VPN again. |
− | If you have | + | <br> |
+ | |||
+ | This setting must be reversed at a later date. We will inform you about it here. | ||
+ | |||
+ | <bootstrap_accordion> | ||
+ | <bootstrap_panel heading="Alternative for advanced users" color="info"> | ||
+ | As an alternative to downgrading the OpenSSL version, you can also unpack the certificate yourself. However, this can only be done via the terminal. If you have experience with it, this option is preferable. | ||
+ | Unzip the network certificate using the following commands from the terminal: | ||
+ | * <code>openssl pkcs12 -in Network_Certificate.p12 -out Network_Certificate_cert.pem -clcerts -nokeys </code> | ||
+ | * <code>openssl pkcs12 -in Network_Certificate.p12 -out Network_Certificate_key.pem -nocerts -nodes </code> | ||
+ | <br> | ||
+ | Depending on the openssl version, you may also need the <code>-legacy</code> parameter | ||
+ | <br> | ||
+ | |||
+ | Now you have to adapt the config file as follows: | ||
+ | <pre> | ||
+ | #### Operating system adjustments for macOS #################### | ||
+ | |||
+ | # | ||
+ | # pkcs12 Network_Certificate.p12 | ||
+ | # or separated: | ||
+ | cert Network_Certificate_cert.pem | ||
+ | key Network_Certificate_key.pem | ||
+ | </pre> | ||
+ | If your cert file and key file have different names, you will need to rename them accordingly. | ||
+ | |||
+ | Then put the cert file and the key file with the config file in a folder and create a .tblk file from it as described above. | ||
+ | </bootstrap_panel> | ||
+ | </bootstrap_accordion> | ||
+ | |||
+ | ==Check VPN== | ||
+ | As soon as a green status is displayed, you are connected to the Paderborn University network. You can check this by clicking on the following link: | ||
+ | * [https://go.upb.de/ip https://go.upb.de/ip] | ||
+ | |||
+ | [[File:OpenVPN connected - go_ip.png|center|400px|mini|without|Example: Successfully connected to the university network.]] | ||
+ | <br clear=all> | ||
+ | --> | ||
+ | |||
+ | ==Swap configuration file== | ||
+ | If you have been using VPN access for a while, it may be necessary at some point to update the configuration file to the latest version. Below we explain how this works. | ||
<bootstrap_accordion> | <bootstrap_accordion> | ||
<bootstrap_panel heading="Details" color="info"> | <bootstrap_panel heading="Details" color="info"> | ||
− | * Download the new | + | * Download the new configuration file. |
<br> | <br> | ||
− | [[ | + | [[File:Vpn-under-macos-01.png|left|mini|without|450px|configuration file]] |
<br> | <br> | ||
− | * | + | * Select the configuration file. |
− | * Open the context menu | + | * Open the context menu with a '''right click'''. |
<br clear=all> | <br clear=all> | ||
− | [[ | + | [[File:Vpn-under-macos-02.png|left|mini|without|450px|Open with...]] |
<br> | <br> | ||
− | * | + | *Select '''"Open with"'''.<span style="color:green"> (1)</span> |
− | * | + | * Then click on '''"Other..."'''.<span style="color:green"> (2)</span> |
<br clear=all> | <br clear=all> | ||
− | [[ | + | [[File:Vpn-under-macos-03.png|left|mini|without|450px|select program]] |
<br> | <br> | ||
− | * | + | * Select '''"TextEdit"''' from the list. <span style="color:green"> (1)</span> |
− | * | + | * Then click '''"Open"'''. <span style="color:green"> (2)</span> |
<br clear=all> | <br clear=all> | ||
− | + | [[File:Vpn-under-macos-04.png|left|mini|without|450px|copy configuration]] | |
− | [[ | ||
<br> | <br> | ||
− | * Copy the contents of the file to the clipboard. | + | * Copy the '''entire''' contents of the configuration file to the clipboard. |
− | * | + | * The quickest way to do this is to use the following key combinations: |
− | ** <code>cmd</code> + <code>A</code> ( | + | ** <code>cmd</code> + <code>A</code> (Select all) |
− | ** <code>cmd</code> + <code>C</code> ( | + | ** <code>cmd</code> + <code>C</code> (copy) |
<br clear=all> | <br clear=all> | ||
− | [[ | + | [[File:Vpn-under-macos-05.png|left|mini|without|450px|status menu]] |
<br> | <br> | ||
− | * Click on the ''' | + | * Click on the '''tunnel vision symbol''' in the menu bar at the top right. <span style="color:green"> (1)</span> |
− | * | + | * Then click on '''"VPN Details"''.<span style="color:green"> (2)</span> |
<br clear=all> | <br clear=all> | ||
− | [[ | + | [[File:Vpn-under-macos-06.png|links|mini|without|450px|configurations]] |
<br> | <br> | ||
− | * | + | * Select the ''''Configurations'''' menu. <span style="color:green"> (1)</span> |
− | * | + | * On the left side, select the configuration you want to edit. <span style="color:green"> (2)</span> |
− | * | + | * Then click on the circle with the three dots at the bottom. |
− | * Scroll down in the | + | * Scroll down a little in the menu that opens. |
− | * Click | + | * Click '''"Edit OpenVPN configuration file..."'''<span style="color:green"> (3)</span> |
+ | <br> | ||
+ | * Do you want to keep your old configuration file and create a new one instead? | ||
+ | * On the old configuration file, click '''"Duplicate configuration"'''. | ||
+ | * Then select the copy and continue with <span style="color:green"> (3)</span>. | ||
<br clear=all> | <br clear=all> | ||
− | [[ | + | [[File:Vpn-under-macos-07.png|left|mini|without|450px|Replace content and save]] |
<br> | <br> | ||
− | * | + | * Now the configuration file opens. |
− | * You can | + | * You can see how current your configuration file is by looking at '''"Date"''' and '''"Version"'''.<span style="color:green"> (1)</span> |
− | * Delete the | + | * Delete the contents of the configuration file and replace it with the contents of the clipboard. |
− | * | + | * The easiest way to do this is to use the following key combinations: |
− | ** <code>cmd</code> + <code>A</code> ( | + | ** <code>cmd</code> + <code>A</code> (Select all) |
** Delete | ** Delete | ||
− | ** <code>cmd</code> + <code>V</code> ( | + | ** <code>cmd</code> + <code>V</code> (insert) |
− | * You can | + | * You can see that you have made changes by the note '''"Edited''''. <span style="color:green"> (2)</span> |
− | * Close the | + | * Close the window by clicking on the red <span style="color:red">X</span>. <span style="color:green"> (3)</span> |
<br clear=all> | <br clear=all> | ||
− | + | You have now replaced the contents of the configuration file with the new version. | |
+ | |||
+ | The first time you connect to the modified configuration file, you will receive the following information: | ||
+ | [[File:Vpn-under-macos-08.png|left|mini|without|450px|Save configuration]] | ||
+ | <br> | ||
+ | * Click ''''Save configuration'''. | ||
+ | * From now on you can connect to the new configuration file. | ||
+ | <br> | ||
+ | * Have you made a mistake and want to undo the changes? | ||
+ | * Press '''"Return to last saved copy'''. | ||
+ | <br clear=all> | ||
</bootstrap_panel> | </bootstrap_panel> | ||
</bootstrap_accordion> | </bootstrap_accordion> | ||
− | == | + | ==Common Issues== |
− | + | ===Configuration file not readable=== | |
− | + | When downloading, the '''.ovpn file''' may be turned into a '''.txt file'''.<br> | |
− | + | Select the configuration file. Press the key combination <code>cmd</code> and <code>i</code>. If the file under '''Suffix''' ends in '''.txt''', delete this part. The name should end with '''.ovpn'''. | |
− | + | ||
− | + | === Group VPN ports are blocked - '''TLS handshake failed''' after a timeout (60 sec) === | |
− | * | + | Group VPN connections are established over specific UDP ports. Normally these port sharings are problem-free because they do not overlap with other protocols. However, if your Internet access is of a restrictive nature and only allows certain ports, a connection problem may arise. This affects some university institutions or company networks. Home networks generally do not have this. |
+ | |||
+ | '''Solution:''' | ||
+ | * change your location or network | ||
+ | * Release the required port or talk to the IT department whether this is possible | ||
+ | *: You can find the port used for your group network within the config file. | ||
+ | * If it is the '''hpc-pc2''' network, contact the PC2 for alternative SSH access | ||
+ | |||
+ | |||
+ | |||
<!-- | <!-- | ||
− | === | + | ===No internet connection outside of the university=== |
− | [[ | + | [[File:VPN-on-macOS-Mojave-Error-1.png|links|mini|250px]] |
<br> | <br> | ||
* Click on the Tunnelblick icon in the top bar | * Click on the Tunnelblick icon in the top bar | ||
− | * Click on "VPN | + | * Click on "VPN Details" to access the settings |
<br clear=all> | <br clear=all> | ||
− | [[ | + | [[File:VPN-on-macOS-Mojave-Error-3.png|links|mini|250px]] |
<br> | <br> | ||
* Click on your VPN connection on the left side | * Click on your VPN connection on the left side | ||
− | * Then select the | + | * Then select the “Settings” tab |
* Set the following settings: | * Set the following settings: | ||
− | * If | + | * If separation is expected: '''Reset primary interface''' |
* In case of unexpected disconnection: '''Reset primary interface''' | * In case of unexpected disconnection: '''Reset primary interface''' | ||
<br clear=all> | <br clear=all> | ||
− | === | + | ===Tunnel vision doesn't connect=== |
− | If your Mac no longer connects to the Internet outside the university, or can only do so with VPN | + | If your Mac no longer connects to the Internet outside of the university, or can only do so with VPN activated, this may be because Tunnelblick is causing a problem with the DNS server. |
− | [[ | + | [[File:VPN-on-macOS-Mojave-Error-1.png|links|mini|250px]] |
<br> | <br> | ||
* Click on the Tunnelblick icon in the top bar | * Click on the Tunnelblick icon in the top bar | ||
− | * Click on "VPN | + | * Click on "VPN Details" to access the settings |
<br clear=all> | <br clear=all> | ||
− | [[ | + | [[File:VPN-on-macOS-Mojave-Error-2.png|links|mini|250px]] |
<br> | <br> | ||
* Click on your VPN connection on the left side | * Click on your VPN connection on the left side | ||
− | * Then select the | + | * Then select the “Settings” tab |
− | * Uncheck | + | * Uncheck "Disable IPv6 unless..." if this is set |
<br clear=all> | <br clear=all> | ||
− | -- | + | --> |
+ | |||
+ | ==See also== | ||
+ | * [[Netzwerk]] | ||
+ | * [[VPN Problembehandlung]] |
Aktuelle Version vom 18. Dezember 2024, 09:20 Uhr
Use Tunnelblick version 4.0.1 or newer. There is no longer any need to downgrade the OpenSSL version. Those who have set OpenSSL to version 1.1.1w as a temporary solution should create a new VPN connection for Tunnelblick with a new certificate and a new configuration file following these instructions. To do this, start at step Generate network certificate.
You need VPN (Virtual Private Network) if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN ensures secure access to the university network from external networks (dial-in via other providers, external company or university networks).
Simultaneous connections[Bearbeiten | Quelltext bearbeiten]
🛈
Do you want to connect your laptop and your mobile phone to the VPN in addition to your PC? You can set up VPN connections on multiple devices. However, each person can only establish one connection per VPN at the same time.
What does that mean?
Uni-VPN
- If you use the Uni-VPN, you can only establish one connection at a time.
- You cannot establish a connection to the Uni-VPN on another device at the same time.
- You must disconnect the existing connection first.
Group VPN
- If you use a group VPN, you cannot establish a second VPN connection to this group VPN on another device at the same time.
- You must disconnect the existing connection first.
- However, you can establish a parallel connection to the Uni VPN or another group VPN on another device.
What needs to be done? - Quick guide[Bearbeiten | Quelltext bearbeiten]
- Install Tunnelblick in the latest stable version. Tunnelblick
- Generate your personal network certificate in the service portal.
- Download the configuration file
- Click on Download in the selection menu above!
- Create a new folder on your desktop that you name with the name you want your connection to have, for example “VPN Uni”.
- Put your personal network certificate and configuration file in the folder created earlier.
- Delete the serial number in the filename from your network certificate so that e.g. Network_Certificate_<username>_******.p12 -> Network_Certificate.p12 becomes.
- Add the file extension .tblk to this folder by selecting the folder, pressing cmd + i and under "Name & Suffix" e.g. from VPN Uni VPN Uni. tblk do.
- Now you can double-click the file created from the folder and install the connection.
- You will be asked to enter your Mac password to allow configuration.
- Now click on the Tunnelblick symbol at the top of the menu bar and select your connection, which is now called the same as your folder before. Enter the import password, which you can find in the service portal under Network Settings. Select the option to save the password in the keychain.
- Wait until the font turns green. You are now connected.
Step-by-step instructions: Preparation[Bearbeiten | Quelltext bearbeiten]
Install Tunnelblick[Bearbeiten | Quelltext bearbeiten]
- Install Tunnelblick in the latest stable version.
- To do this, click on the link provided and then on the version marked "Stable".
- Then open your downloads and then double-click on the Tunnelblick download. Tunnelblick now installs itself.
Generate network certificate[Bearbeiten | Quelltext bearbeiten]
You need a network certificate for the VPN connection.
Access the service portal:
- https://serviceportal.uni-paderborn.de
- Log in with your university account.
- Then click on Netzwerkeinstellungen under Benutzerverwaltung in the top menu.
- Click "Neues Zertifikat erstellen".
- Give the certificate a unique name (Example: MacBook VPN)
- Select Version 2 as the file format!
- Then click on "Neues Zertifikat zusenden".
- A new network certificate has been created for you.
- First copy the Import Password to the clipboard.
- Now click on "Download Network Certificate".
You have now downloaded your personal network certificates.
Set up Tunnelblick[Bearbeiten | Quelltext bearbeiten]
Download the configuration file, select the VPN you want to connect to and click Download. Normally, "Uni-VPN (Standard)" should be the right choice, but if you have problems with the connection, try "Uni-VPN-TCP" instead.
Note: You can click "Download" here and download your configuration file. This is not a screenshot ;-)
Direct all internet traffic through the tunnel?
- Accessing online resources may require that you route all network traffic through the tunnel.
- You do not need this option to simply access the network drives.
- Create a new folder - For example, name it "vpn-upb".
- This is what your VPN connection will be called later.
- Now put the personal network certificate and configuration file in this folder.
- Rename your personal network certificate to
Network_Certificate.p12
- Example: Change the file name
Network_Certificate_muster_078B30.p12
toNetwork_Certificate.p12
- The configuration file should have an icon like the screenshot and end with
.ovpn
.
My configuration file looks different! - What now? -Click here-
- When downloading, it can happen that the .ovpn file becomes a .txt file. However, we can change the file extension again relatively easily.
- Click on the configuration file. Now press cmd + i on the keyboard.
- "Name & Suffix" may now read .ovpn.txt.
- Delete the .txt.
- Then press the Enter key.
- Click Add.
- Now rename the folder and add the file extension
.tblk
to it. - You can use the context menu or right-click for this.
- You must now confirm the change.
- Click Add.
- You have now created a configuration for Tunnelblick - This now needs to be installed.
- Open this file with a double click.
- You will be asked which user you want to install the configuration for.
- Select "Only for this user".
- You will be prompted to enter your Mac password to install the configuration.
- Now click on the tunnel vision symbol in the menu bar at the top.
- Click connect on the desired VPN connection.
- In our example this is "connect vpn-upb"
- In the next step you will be asked to enter a password. Enter the import password mentioned above that belongs to the certificate.
- In addition, be sure to select the "Save to Keychain" option so that the password is saved (otherwise you will have to keep re-entering the import password).
- Wait until the font turns green and you are connected.
- You can quickly connect and disconnect the connection using the Tunnelblick symbol.
Swap configuration file[Bearbeiten | Quelltext bearbeiten]
If you have been using VPN access for a while, it may be necessary at some point to update the configuration file to the latest version. Below we explain how this works.
Details
- Download the new configuration file.
- Select the configuration file.
- Open the context menu with a right click.
- Select "Open with". (1)
- Then click on "Other...". (2)
- Select "TextEdit" from the list. (1)
- Then click "Open". (2)
- Copy the entire contents of the configuration file to the clipboard.
- The quickest way to do this is to use the following key combinations:
cmd
+A
(Select all)cmd
+C
(copy)
- Click on the tunnel vision symbol in the menu bar at the top right. (1)
- Then click on '"VPN Details". (2)
- Select the 'Configurations' menu. (1)
- On the left side, select the configuration you want to edit. (2)
- Then click on the circle with the three dots at the bottom.
- Scroll down a little in the menu that opens.
- Click "Edit OpenVPN configuration file..." (3)
- Do you want to keep your old configuration file and create a new one instead?
- On the old configuration file, click "Duplicate configuration".
- Then select the copy and continue with (3).
- Now the configuration file opens.
- You can see how current your configuration file is by looking at "Date" and "Version". (1)
- Delete the contents of the configuration file and replace it with the contents of the clipboard.
- The easiest way to do this is to use the following key combinations:
cmd
+A
(Select all)- Delete
cmd
+V
(insert)
- You can see that you have made changes by the note "Edited'. (2)
- Close the window by clicking on the red X. (3)
You have now replaced the contents of the configuration file with the new version.
The first time you connect to the modified configuration file, you will receive the following information:
- Click 'Save configuration.
- From now on you can connect to the new configuration file.
- Have you made a mistake and want to undo the changes?
- Press "Return to last saved copy.
Common Issues[Bearbeiten | Quelltext bearbeiten]
Configuration file not readable[Bearbeiten | Quelltext bearbeiten]
When downloading, the .ovpn file may be turned into a .txt file.
Select the configuration file. Press the key combination cmd
and i
. If the file under Suffix ends in .txt, delete this part. The name should end with .ovpn.
Group VPN ports are blocked - TLS handshake failed after a timeout (60 sec)[Bearbeiten | Quelltext bearbeiten]
Group VPN connections are established over specific UDP ports. Normally these port sharings are problem-free because they do not overlap with other protocols. However, if your Internet access is of a restrictive nature and only allows certain ports, a connection problem may arise. This affects some university institutions or company networks. Home networks generally do not have this.
Solution:
- change your location or network
- Release the required port or talk to the IT department whether this is possible
- You can find the port used for your group network within the config file.
- If it is the hpc-pc2 network, contact the PC2 for alternative SSH access