VPN unter macOS/en: Unterschied zwischen den Versionen

ZIM HilfeWiki - das Wiki
 
(14 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 4: Zeile 4:
 
|translated title=VPN on macOS
 
|translated title=VPN on macOS
 
}}
 
}}
VPN (Virtual Private Network) is required if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN guarantees secure access to the University network through other networks (dial-in via other providers, external company or university networks).
+
 
 +
<bootstrap_alert color=warning>
 +
Use Tunnelblick version 4.0.1 or newer. There is no longer any need to downgrade the OpenSSL version. Those who have set OpenSSL to version 1.1.1w as a temporary solution should create a new VPN connection for Tunnelblick with a new certificate and a new configuration file following these instructions. To do this, start at step [[VPN_on_macOS#create_network_certificate | Generate network certificate]].
 +
</bootstrap_alert>
 +
 
 +
You need VPN (Virtual Private Network) if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN ensures secure access to the university network from external networks (dial-in via other providers, external company or university networks).
 
<br clear=all>
 
<br clear=all>
  
 
== What needs to be done? - Quick guide ==
 
== What needs to be done? - Quick guide ==
# Install Tunnelblick in the most recent version. https://tunnelblick.net/downloads.html Tunnelblick] (Version 3.8.0 is used in this manual).
+
# Install Tunnelblick in the latest stable version. [https://tunnelblick.net/downloads.html Tunnelblick]
# Create your '''personal network certificate''' in the [https://serviceportal.uni-paderborn.de/web/portal/willkommen service portal].
+
# Generate your '''personal network certificate''' in the [https://serviceportal.uni-paderborn.de/web/portal/willkommen service portal].
 
# '''Download the configuration file'''
 
# '''Download the configuration file'''
#: <center><iframe key="infoboard" width="600" height="320" path="vpn-config/index.php?group=uni&os=mac" /></center>
+
#: <center><iframe key="infoboard" width="600" height="330" path="vpn-config/index.php?group=uni&os=mac&redirect_gateway=1" /></center>
#: '''Click on Download in the drop-down menu above!'''
+
#: '''Click on Download in the selection menu above!'''
# '''Create a new folder''' on your desktop with the name you want your connection to have, e.g. "VPN Uni".
+
# '''Create a new folder''' on your desktop that you name with the name you want your connection to have, for example “VPN Uni”.
# Put your '''personal network certificate''' and the '''configuration file''' in the folder you just created.
+
# Put your '''personal network certificate''' and '''configuration file''' in the folder created earlier.
# Delete the serial number in the filename from your network certificate, so that Network_Certificate_<username>_******.p12 becomes Network_Certificate.p12
+
# Delete the serial number in the filename from your network certificate so that e.g. Network_Certificate_<username>_******.p12 -> Network_Certificate.p12 becomes.
# Add the file extension '''.tblk''' to this folder by selecting the folder, pressing '''cmd + I''' and change it to '''VPN Uni.tblk''' under "Name & Suffix".
+
# Add the file extension '''.tblk''' to this folder by selecting the folder, pressing '''cmd + i''' and under "Name & Suffix" e.g. from VPN Uni '''VPN Uni. tblk''' do.
# Double click the file just created to install the connection.
+
# Now you can double-click the file created from the folder and install the connection.
# You will be asked to enter your Mac password to allow the configuration.
+
# You will be asked to enter your Mac password to allow configuration.
# Now click on the Tunnelblick icon at the top of the menu bar and select your connection, which is now named the same as your folder. Enter the import password, which you can find in the service portal under '''Network Preferences'''. Select the option to save the password in your keychain.
+
# Now click on the Tunnelblick symbol at the top of the menu bar and select your connection, which is now called the same as your folder before. Enter the import password, which you can find in the service portal under '''Network Settings'''. Select the option to save the password in the keychain.
 
# Wait until the font turns green. You are now connected.  
 
# Wait until the font turns green. You are now connected.  
 
<br clear=all>
 
<br clear=all>
 +
  
 
== Step-by-step instructions: Preparation ==
 
== Step-by-step instructions: Preparation ==
Zeile 27: Zeile 33:
 
[[Datei:Tunnelblick Download.png|links|mini|531x531px]]
 
[[Datei:Tunnelblick Download.png|links|mini|531x531px]]
 
<br>
 
<br>
* Install [https://tunnelblick.net/downloads.html Tunnelblick] in the most recent version. (Version 3.8.0 is used in this manual). 
+
* Install [https://tunnelblick.net/downloads.html Tunnelblick] in the latest stable version.
* Click on the link provided and then on the version marked '''"Stable"'''.  
+
* To do this, click on the link provided and then on the version marked '''"Stable"'''.  
* Then open your downloads and double click on the Tunnelblick download. Tunnelblick will now install itself automatically.
+
* Then open your downloads and then double-click on the Tunnelblick download. Tunnelblick now installs itself.
 +
<br clear=all>
 +
 
 +
=== Generate network certificate ===
 +
You need a network certificate for the VPN connection.
 +
<br>
 +
Access the service portal:
 +
* https://serviceportal.uni-paderborn.de
 +
* Log in with your university account.
 +
* Then click on '''Netzwerkeinstellungen''' under '''Benutzerverwaltung''' in the top menu.
 +
<br clear=all>
 +
 
 +
[[Datei:Eduroam-unter-android-4.png|links|mini|ohne|350px]]
 +
<br>
 +
* Click '''"Neues Zertifikat erstellen"'''.
 +
<br clear=all>
 +
 
 +
[[Datei:Netzwerkzertifikat-container-v2.png|links|mini|ohne|350px]]
 +
<br>
 +
* Give the certificate a unique name (Example: MacBook VPN)
 +
* Select '''<span style="color:red">Version 2</span>''' as the file format!
 +
* Then click on '''"Neues Zertifikat zusenden"'''.
 +
<br clear=all>
 +
 
 +
[[Datei:Netzwerkzertifikat-download.png|links|mini|ohne|350px]]
 +
<br>
 +
* A new network certificate has been created for you.
 +
* First copy the '''Import Password''' to the clipboard.
 +
* Now click on '''"Download Network Certificate"'''.
 +
<br clear=all>
 +
You have now downloaded your personal network certificates.
 +
 
 +
==Set up Tunnelblick ==
 +
Download the configuration file, select the VPN you want to connect to and click Download.
 +
Normally, "'''Uni-VPN (Standard)'''" should be the right choice, but if you have problems with the connection, try "Uni-VPN-TCP" instead.
 +
<center><iframe key="infoboard" width="600" height="330" path="vpn-config/index.php?group=uni&os=mac&redirect_gateway=1" /></center>
 +
<br clear=all>
 +
<span style="color:green"> Note:</span> You can click '''"Download"''' here and download your configuration file. This is not a screenshot ;-)
 +
<br clear=all>
 +
 
 +
<bootstrap_accordion>
 +
<bootstrap_panel heading="Direct all internet traffic through the tunnel?" color="info">
 +
*Accessing online resources may require that you route all network traffic through the tunnel.
 +
* You do not need this option to simply access the network drives.
 +
</bootstrap_panel>
 +
</bootstrap_accordion>
 +
 
 +
[[Datei:VPN Ordner.png|links|mini|ohne|350px|create folder]]
 +
<br>
 +
* Create a new folder - For example, name it ''"vpn-upb"''.
 +
* This is what your VPN connection will be called later.
 +
* Now put the personal network certificate and configuration file in this folder.
 +
* Rename your personal network certificate to <code>Network_Certificate.p12</code>
 +
* '''Example:''' Change the file name <code>Network_Certificate_muster_078B30.p12</code> to <code>Network_Certificate.p12</code>
 +
* The configuration file should have an icon like the screenshot and end with <code>.ovpn</code>.
 +
<br clear=all>
 +
 
 +
<bootstrap_accordion>
 +
<bootstrap_panel heading="My configuration file looks different! - What now? -Click here-" color="info">
 +
* When downloading, it can happen that the .ovpn file becomes a .txt file. However, we can change the file extension again relatively easily.
 +
* Click on the configuration file. Now press '''cmd''' + '''i''' on the keyboard.
 +
* '''"Name & Suffix"''' may now read '''.ovpn.txt'''.
 +
* Delete the '''.txt'''.
 +
* Then press the '''Enter key'''.
 +
* Click '''Add'''.
 +
</bootstrap_panel>
 +
</bootstrap_accordion>
 +
 
 +
[[Datei:VPN Suffix.png|links|mini|ohne|350px|rename folder]]
 +
<br>
 +
* Now rename the folder and add the file extension <code>.tblk</code> to it.
 +
* You can use the context menu or right-click for this.
 +
<br clear=all>
 +
 
 +
[[Datei:Vpn-unter-macos-12.png|links|mini|ohne|350px|add suffix]]
 +
<br>
 +
* You must now confirm the change.
 +
* Click '''Add'''.
 +
<br clear=all>
 +
 
 +
[[Datei:VPN tblk.png|links|mini|ohne|150px|Install configuration]]
 +
<br>
 +
* You have now created a configuration for Tunnelblick - This now needs to be installed.
 +
* Open this file with a double click.
 +
<br clear=all>
 +
 
 +
[[Datei:Vpn-unter-macos-13.png|links|mini|ohne|350px|Install configuration for this user]]
 +
<br>
 +
* You will be asked which user you want to install the configuration for.
 +
* Select '''"Only for this user"'''.
 +
<br clear=all>
 +
 
 +
 
 +
[[Datei:VPN Konfiguration.png|links|mini|ohne|250px|enter Mac password]]
 +
<br>
 +
* You will be prompted to enter your Mac password to install the configuration.
 +
<br clear=all>
 +
 
 +
[[Datei:VPN verbinden.png|links|mini|ohne|450px]]
 +
<br>
 +
* Now click on the '''tunnel vision symbol''' in the menu bar at the top.
 +
* Click '''connect''' on the desired VPN connection.
 +
* In our example this is '''"connect vpn-upb"'''
 +
<br clear=all>
 +
 
 +
[[Datei:VPN Passwort.png|links|mini|ohne|450px]]
 +
<br>
 +
* In the next step you will be asked to enter a password. Enter the '''import password''' mentioned above that belongs to the certificate.
 +
* In addition, be sure to select the '''"Save to Keychain"''' option so that the password is saved (otherwise you will have to keep re-entering the import password).
 
<br clear=all>
 
<br clear=all>
  
=== Create network certificate ===
+
[[Datei:VPN verbunden.png|links|mini|ohne|450px]]
[[Datei:VPN Serviceportal.png|links|mini|403x403px]]
+
<br>
 +
* Wait until the font turns ''green'' and you are ''connected''.
 +
* You can quickly connect and disconnect the connection using the Tunnelblick symbol.
 +
<br clear=all>
 +
 
 +
<!--
 +
==OpenSSL Problem==
 +
As of version 4.0.0, Tunnelblick can no longer unpack the network certificates of the University of Paderborn. You can temporarily work around this by downgrading OpenSSL to v1.
 +
<br>
 +
If you get the following error when connecting to Tunnelblick, follow these steps:
 +
<br>
 +
<code>Authentication failed The passphrase was not accepted</code>
 +
 
 +
[[File:Vpn-under-macos-09.png|left|mini|without|450px]]
 
<br>
 
<br>
# Create your personal network certificate in the [https://serviceportal.uni-paderborn.de/web/portal/willkommen service portal].
+
* Click '''Cancel'''.
#* You can also use existing certificates for the VPN connection, if they are still valid.
 
# Log in to the service portal to access the certificate. Open "User management" in the upper drop down menu, then click on '''Network settings'''.
 
# Create a new certificate!
 
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN unter macOS - 02.png|links|mini|400px]]
+
[[File:VPN-under-macos-10.png|left|mini|without|450px]]
 
<br>
 
<br>
* With a click on '''"Create new certificate"''' you create a new network certificate
+
* Click on the '''tunnel vision icon''' in the menu bar.
* Click on '''Download network certificate''' and save the certificate on your computer!
+
* Then click on '''VPN Details'''.
* You will also find the associated password on the newly appearing window under '''Import Password'''. It can also be viewed any time by clicking '''"Edit > Certificate information"'''.
+
<br clear=all>
* For network certificate see below
 
  
 +
[[File:VPN-under-macos-11.png|left|mini|without|450px]]
 +
<br>
 +
# Click '''"Configuration"''' in the top bar.
 +
# Select your VPN configuration on the left side.
 +
# Click on the '''Settings''' tab.
 +
# Select the following setting:
 +
#* OpenVPN Version: '''2.6.9 - OpenSSL v1.1.1w'''
 
<br clear=all>
 
<br clear=all>
  
<div class="tleft" style="clear:none">[[Datei:VPN unter macOS - 03.png|links|mini|x600px]]</div>
+
Then click on '''Connect'''. You should now be able to connect to the VPN again.
<div class="tleft" style="clear:none">[[Datei:VPN unter macOS - 04.png|links|mini|x400px]]</div>
+
<br>
 +
 
 +
This setting must be reversed at a later date. We will inform you about it here.
 +
 
 +
<bootstrap_accordion>
 +
<bootstrap_panel heading="Alternative for advanced users" color="info">
 +
As an alternative to downgrading the OpenSSL version, you can also unpack the certificate yourself. However, this can only be done via the terminal. If you have experience with it, this option is preferable.
 +
Unzip the network certificate using the following commands from the terminal:
 +
* <code>openssl pkcs12 -in Network_Certificate.p12 -out Network_Certificate_cert.pem -clcerts -nokeys </code>
 +
* <code>openssl pkcs12 -in Network_Certificate.p12 -out Network_Certificate_key.pem -nocerts -nodes </code>
 +
<br>
 +
Depending on the openssl version, you may also need the <code>-legacy</code> parameter
 +
<br>
 +
 
 +
Now you have to adapt the config file as follows:
 +
<pre>
 +
#### Operating system adjustments for macOS ####################
 +
 
 +
#
 +
# pkcs12 Network_Certificate.p12
 +
# or separated:
 +
cert Network_Certificate_cert.pem
 +
key Network_Certificate_key.pem
 +
</pre>
 +
If your cert file and key file have different names, you will need to rename them accordingly.
 +
 
 +
Then put the cert file and the key file with the config file in a folder and create a .tblk file from it as described above.
 +
</bootstrap_panel>
 +
</bootstrap_accordion>
 +
 
 +
==Check VPN==
 +
As soon as a green status is displayed, you are connected to the Paderborn University network. You can check this by clicking on the following link:
 +
* [https://go.upb.de/ip https://go.upb.de/ip]
 +
 
 +
[[File:OpenVPN connected - go_ip.png|center|400px|mini|without|Example: Successfully connected to the university network.]]
  
 
<br clear=all>
 
<br clear=all>
 +
-->
  
 +
==Swap configuration file==
 +
If you have been using VPN access for a while, it may be necessary at some point to update the configuration file to the latest version. Below we explain how this works.
 +
<bootstrap_accordion>
 +
<bootstrap_panel heading="Details" color="info">
 +
* Download the new configuration file.
 +
<br>
  
== Set up Tunnelblick ==
+
[[File:Vpn-under-macos-01.png|left|mini|without|450px|configuration file]]
Download the configuration file, select the VPN you want to connect to and click '''on Download'''.
+
<br>
Usually '''"Uni-VPN (standard)"''' should work, but if you have problems with the connection, try  "Uni-VPN-TCP".
+
* Select the configuration file.
<center><iframe key="infoboard" width="600" height="320" path="vpn-config/index.php?group=uni&os=mac" /></center>
+
* Open the context menu with a '''right click'''.
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN Ordner.png|links|mini|525x525px]]
+
 
 +
[[File:Vpn-under-macos-02.png|left|mini|without|450px|Open with...]]
 
<br>
 
<br>
* Then create a new folder on your desktop with the name you want your connection to have, e.g. "VPN Uni".
+
*Select '''"Open with"'''.<span style="color:green"> (1)</span>
* Now place the personal network certificate and the configuration file in the created folder.
+
* Then click on '''"Other..."'''.<span style="color:green"> (2)</span>
* Rename your personal network certificate, for example  '''Network_Certificate_<username>_******.p12''' becomes '''Network_Certificate.p12'''
 
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN Suffix.png|links|mini|603x603px]]
+
 
 +
[[File:Vpn-under-macos-03.png|left|mini|without|450px|select program]]
 
<br>
 
<br>
* Add the file extension '''.tblk''' to the folder by selecting the folder, pressing '''cmd + I''', under "Name & Suffix" change "VPN Uni" to '''"VPN Uni.tblk"'''. Then click on Enter/Return and confirm the entry with '''Add'''.
+
* Select '''"TextEdit"''' from the list.  <span style="color:green"> (1)</span>
 +
* Then click '''"Open"'''. <span style="color:green"> (2)</span>
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN tblk.png|links|mini|127x127px]]
+
[[File:Vpn-under-macos-04.png|left|mini|without|450px|copy configuration]]
 
<br>
 
<br>
* Double-click the file just created from the folder to install the connection.
+
* Copy the '''entire''' contents of the configuration file to the clipboard.
 +
* The quickest way to do this is to use the following key combinations:
 +
** <code>cmd</code> + <code>A</code> (Select all)
 +
** <code>cmd</code> + <code>C</code> (copy)
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN Konfiguration.png|links|mini|436x436px]]
+
 
 +
[[File:Vpn-under-macos-05.png|left|mini|without|450px|status menu]]
 
<br>
 
<br>
* You will be asked to enter your Mac password to allow configuration.
+
* Click on the '''tunnel vision symbol''' in the menu bar at the top right. <span style="color:green"> (1)</span>
 +
* Then click on '''"VPN Details"''.<span style="color:green"> (2)</span>
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN verbinden.png|links|mini|ohne|300px]]
+
 
 +
[[File:Vpn-under-macos-06.png|links|mini|without|450px|configurations]]
 +
<br>
 +
* Select the ''''Configurations'''' menu. <span style="color:green"> (1)</span>
 +
* On the left side, select the configuration you want to edit. <span style="color:green"> (2)</span>
 +
* Then click on the circle with the three dots at the bottom.
 +
* Scroll down a little in the menu that opens.
 +
* Click '''"Edit OpenVPN configuration file..."'''<span style="color:green"> (3)</span>
 
<br>
 
<br>
* Now click on the '''Tunnelblick icon''' at the top of the menu bar and select '''Your connection''', which now has the same name as your folder, for example '''"VPN Uni"'''.
+
* Do you want to keep your old configuration file and create a new one instead?
 +
* On the old configuration file, click '''"Duplicate configuration"'''.
 +
* Then select the copy and continue with <span style="color:green"> (3)</span>.
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN Passwort.png|links|mini|439x439px]]
+
[[File:Vpn-under-macos-07.png|left|mini|without|450px|Replace content and save]]
 
<br>
 
<br>
* In the next step you will be asked to enter a password. Enter the '''Import password''' already mentioned above, which belongs to the certificate.
+
* Now the configuration file opens.
* In addition you should definitely select the option '''"Save in keychain"''' to save the password (otherwise you will have to enter the import password again and again).
+
* You can see how current your configuration file is by looking at '''"Date"''' and '''"Version"'''.<span style="color:green"> (1)</span>
 +
* Delete the contents of the configuration file and replace it with the contents of the clipboard.
 +
* The easiest way to do this is to use the following key combinations:
 +
** <code>cmd</code> + <code>A</code> (Select all)
 +
** Delete
 +
** <code>cmd</code> + <code>V</code> (insert)
 +
* You can see that you have made changes by the note '''"Edited''''. <span style="color:green"> (2)</span>
 +
* Close the window by clicking on the red <span style="color:red">X</span>. <span style="color:green"> (3)</span>
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN verbunden.png|links|mini|ohne|300px]]
+
You have now replaced the contents of the configuration file with the new version.
 +
 
 +
The first time you connect to the modified configuration file, you will receive the following information:
 +
[[File:Vpn-under-macos-08.png|left|mini|without|450px|Save configuration]]
 
<br>
 
<br>
* Wait until the font turns '''green''' and you are '''connected'''.
+
* Click ''''Save configuration'''.
* You can quickly connect and disconnect using the tunnelblick icon.
+
* From now on you can connect to the new configuration file.
 +
<br>
 +
* Have you made a mistake and want to undo the changes?
 +
* Press '''"Return to last saved copy'''.
 
<br clear=all>
 
<br clear=all>
  
== Known issues==
+
</bootstrap_panel>
=== Tunnelblick does not connect ===
+
</bootstrap_accordion>
[[Datei:VPN-unter-macOS-Mojave-Fehler-1.png|links|mini|250px]]
+
 
 +
==Common Issues==
 +
===Configuration file not readable===
 +
When downloading, the '''.ovpn file''' may be turned into a '''.txt file'''.<br>
 +
Select the configuration file. Press the key combination <code>cmd</code> and <code>i</code>. If the file under '''Suffix''' ends in '''.txt''', delete this part. The name should end with '''.ovpn'''.
 +
 
 +
=== Group VPN ports are blocked - '''TLS handshake failed''' after a timeout (60 sec) ===
 +
Group VPN connections are established over specific UDP ports. Normally these port sharings are problem-free because they do not overlap with other protocols. However, if your Internet access is of a restrictive nature and only allows certain ports, a connection problem may arise. This affects some university institutions or company networks. Home networks generally do not have this.
 +
 
 +
'''Solution:'''
 +
* change your location or network
 +
* Release the required port or talk to the IT department whether this is possible
 +
*: You can find the port used for your group network within the config file.
 +
* If it is the '''hpc-pc2''' network, contact the PC2 for alternative SSH access
 +
 
 +
 
 +
 
 +
 
 +
<!--
 +
===No internet connection outside of the university===
 +
[[File:VPN-on-macOS-Mojave-Error-1.png|links|mini|250px]]
 
<br>
 
<br>
 
* Click on the Tunnelblick icon in the top bar
 
* Click on the Tunnelblick icon in the top bar
* Click on "VPN details" to open the settings menu
+
* Click on "VPN Details" to access the settings
 
<br clear=all>
 
<br clear=all>
[[Datei:VPN-unter-macOS-Mojave-Fehler-3.png|links|mini|250px]]
+
[[File:VPN-on-macOS-Mojave-Error-3.png|links|mini|250px]]
 
<br>
 
<br>
 
* Click on your VPN connection on the left side
 
* Click on your VPN connection on the left side
* Then select the "Settings" tab
+
* Then select the “Settings” tab
 
* Set the following settings:
 
* Set the following settings:
* If disconnection is expected: '''Reset primary interface'''
+
* If separation is expected: '''Reset primary interface'''
 
* In case of unexpected disconnection: '''Reset primary interface'''
 
* In case of unexpected disconnection: '''Reset primary interface'''
 
<br clear=all>
 
<br clear=all>
  
===No internet connection outside the university===
+
===Tunnel vision doesn't connect===
If your Mac no longer connects to the Internet outside the university, or can only do so with VPN enabled, this may be because tunnel vision is causing a problem with the DNS server.
+
If your Mac no longer connects to the Internet outside of the university, or can only do so with VPN activated, this may be because Tunnelblick is causing a problem with the DNS server.
[[Datei:VPN-unter-macOS-Mojave-Fehler-1.png|links|mini|250px]]
+
[[File:VPN-on-macOS-Mojave-Error-1.png|links|mini|250px]]
 
<br>
 
<br>
 
* Click on the Tunnelblick icon in the top bar
 
* Click on the Tunnelblick icon in the top bar
* Click on "VPN details" to open the settings menu
+
* Click on "VPN Details" to access the settings
 
<br clear=all>
 
<br clear=all>
[[Datei:VPN-unter-macOS-Mojave-Fehler-2.png|links|mini|250px]]
+
[[File:VPN-on-macOS-Mojave-Error-2.png|links|mini|250px]]
 
<br>
 
<br>
 
* Click on your VPN connection on the left side
 
* Click on your VPN connection on the left side
* Then select the "Settings" tab
+
* Then select the “Settings” tab
* Uncheck the box "Disable IPv6, except..." if it is set
+
* Uncheck "Disable IPv6 unless..." if this is set
 
<br clear=all>
 
<br clear=all>
 +
-->
 +
 +
==See also==
 +
* [[Netzwerk]]
 +
* [[VPN Problembehandlung]]

Aktuelle Version vom 7. Juli 2024, 11:56 Uhr

Die deutsche Version finden Sie auf der Seite VPN unter macOS

You need VPN (Virtual Private Network) if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN ensures secure access to the university network from external networks (dial-in via other providers, external company or university networks).

What needs to be done? - Quick guide[Bearbeiten | Quelltext bearbeiten]

  1. Install Tunnelblick in the latest stable version. Tunnelblick
  2. Generate your personal network certificate in the service portal.
  3. Download the configuration file
    Click on Download in the selection menu above!
  4. Create a new folder on your desktop that you name with the name you want your connection to have, for example “VPN Uni”.
  5. Put your personal network certificate and configuration file in the folder created earlier.
  6. Delete the serial number in the filename from your network certificate so that e.g. Network_Certificate_<username>_******.p12 -> Network_Certificate.p12 becomes.
  7. Add the file extension .tblk to this folder by selecting the folder, pressing cmd + i and under "Name & Suffix" e.g. from VPN Uni VPN Uni. tblk do.
  8. Now you can double-click the file created from the folder and install the connection.
  9. You will be asked to enter your Mac password to allow configuration.
  10. Now click on the Tunnelblick symbol at the top of the menu bar and select your connection, which is now called the same as your folder before. Enter the import password, which you can find in the service portal under Network Settings. Select the option to save the password in the keychain.
  11. Wait until the font turns green. You are now connected.



Step-by-step instructions: Preparation[Bearbeiten | Quelltext bearbeiten]

Install Tunnelblick[Bearbeiten | Quelltext bearbeiten]

Tunnelblick Download.png


  • Install Tunnelblick in the latest stable version.
  • To do this, click on the link provided and then on the version marked "Stable".
  • Then open your downloads and then double-click on the Tunnelblick download. Tunnelblick now installs itself.


Generate network certificate[Bearbeiten | Quelltext bearbeiten]

You need a network certificate for the VPN connection.
Access the service portal:


Eduroam-unter-android-4.png


  • Click "Neues Zertifikat erstellen".


Netzwerkzertifikat-container-v2.png


  • Give the certificate a unique name (Example: MacBook VPN)
  • Select Version 2 as the file format!
  • Then click on "Neues Zertifikat zusenden".


Netzwerkzertifikat-download.png


  • A new network certificate has been created for you.
  • First copy the Import Password to the clipboard.
  • Now click on "Download Network Certificate".


You have now downloaded your personal network certificates.

Set up Tunnelblick[Bearbeiten | Quelltext bearbeiten]

Download the configuration file, select the VPN you want to connect to and click Download. Normally, "Uni-VPN (Standard)" should be the right choice, but if you have problems with the connection, try "Uni-VPN-TCP" instead.


Note: You can click "Download" here and download your configuration file. This is not a screenshot ;-)

  • Accessing online resources may require that you route all network traffic through the tunnel.
  • You do not need this option to simply access the network drives.
create folder


  • Create a new folder - For example, name it "vpn-upb".
  • This is what your VPN connection will be called later.
  • Now put the personal network certificate and configuration file in this folder.
  • Rename your personal network certificate to Network_Certificate.p12
  • Example: Change the file name Network_Certificate_muster_078B30.p12 to Network_Certificate.p12
  • The configuration file should have an icon like the screenshot and end with .ovpn.


  • When downloading, it can happen that the .ovpn file becomes a .txt file. However, we can change the file extension again relatively easily.
  • Click on the configuration file. Now press cmd + i on the keyboard.
  • "Name & Suffix" may now read .ovpn.txt.
  • Delete the .txt.
  • Then press the Enter key.
  • Click Add.
rename folder


  • Now rename the folder and add the file extension .tblk to it.
  • You can use the context menu or right-click for this.


add suffix


  • You must now confirm the change.
  • Click Add.


Install configuration


  • You have now created a configuration for Tunnelblick - This now needs to be installed.
  • Open this file with a double click.


Install configuration for this user


  • You will be asked which user you want to install the configuration for.
  • Select "Only for this user".



enter Mac password


  • You will be prompted to enter your Mac password to install the configuration.


VPN verbinden.png


  • Now click on the tunnel vision symbol in the menu bar at the top.
  • Click connect on the desired VPN connection.
  • In our example this is "connect vpn-upb"


VPN Passwort.png


  • In the next step you will be asked to enter a password. Enter the import password mentioned above that belongs to the certificate.
  • In addition, be sure to select the "Save to Keychain" option so that the password is saved (otherwise you will have to keep re-entering the import password).


VPN verbunden.png


  • Wait until the font turns green and you are connected.
  • You can quickly connect and disconnect the connection using the Tunnelblick symbol.



Swap configuration file[Bearbeiten | Quelltext bearbeiten]

If you have been using VPN access for a while, it may be necessary at some point to update the configuration file to the latest version. Below we explain how this works.

  • Download the new configuration file.


Datei:Vpn-under-macos-01.png
configuration file


  • Select the configuration file.
  • Open the context menu with a right click.




  • Select "Open with". (1)
  • Then click on "Other...". (2)




  • Select "TextEdit" from the list. (1)
  • Then click "Open". (2)


Datei:Vpn-under-macos-04.png
copy configuration


  • Copy the entire contents of the configuration file to the clipboard.
  • The quickest way to do this is to use the following key combinations:
    • cmd + A (Select all)
    • cmd + C (copy)




  • Click on the tunnel vision symbol in the menu bar at the top right. (1)
  • Then click on '"VPN Details". (2)




  • Select the 'Configurations' menu. (1)
  • On the left side, select the configuration you want to edit. (2)
  • Then click on the circle with the three dots at the bottom.
  • Scroll down a little in the menu that opens.
  • Click "Edit OpenVPN configuration file..." (3)


  • Do you want to keep your old configuration file and create a new one instead?
  • On the old configuration file, click "Duplicate configuration".
  • Then select the copy and continue with (3).


Datei:Vpn-under-macos-07.png
Replace content and save


  • Now the configuration file opens.
  • You can see how current your configuration file is by looking at "Date" and "Version". (1)
  • Delete the contents of the configuration file and replace it with the contents of the clipboard.
  • The easiest way to do this is to use the following key combinations:
    • cmd + A (Select all)
    • Delete
    • cmd + V (insert)
  • You can see that you have made changes by the note "Edited'. (2)
  • Close the window by clicking on the red X. (3)


You have now replaced the contents of the configuration file with the new version.

The first time you connect to the modified configuration file, you will receive the following information:

Datei:Vpn-under-macos-08.png
Save configuration


  • Click 'Save configuration.
  • From now on you can connect to the new configuration file.


  • Have you made a mistake and want to undo the changes?
  • Press "Return to last saved copy.



Common Issues[Bearbeiten | Quelltext bearbeiten]

Configuration file not readable[Bearbeiten | Quelltext bearbeiten]

When downloading, the .ovpn file may be turned into a .txt file.
Select the configuration file. Press the key combination cmd and i. If the file under Suffix ends in .txt, delete this part. The name should end with .ovpn.

Group VPN ports are blocked - TLS handshake failed after a timeout (60 sec)[Bearbeiten | Quelltext bearbeiten]

Group VPN connections are established over specific UDP ports. Normally these port sharings are problem-free because they do not overlap with other protocols. However, if your Internet access is of a restrictive nature and only allows certain ports, a connection problem may arise. This affects some university institutions or company networks. Home networks generally do not have this.

Solution:

  • change your location or network
  • Release the required port or talk to the IT department whether this is possible
    You can find the port used for your group network within the config file.
  • If it is the hpc-pc2 network, contact the PC2 for alternative SSH access



See also[Bearbeiten | Quelltext bearbeiten]


Bei Fragen oder Problemen wenden Sie sich bitte telefonisch oder per E-Mail an uns:

Tel. IT: +49 (5251) 60-5544 Tel. Medien: +49 (5251) 60-2821 E-Mail: zim@uni-paderborn.de

Das Notebook-Café ist die Benutzerberatung des ZIM - Sie finden uns in Raum I0.401

Wir sind zu folgenden Zeiten erreichbar:


Mo-Do Fr
Vor-Ort-Support 08:30 - 16:00 08:30 - 14:00
Telefonsupport 08:30 - 16:00 08:30 - 14:00


Das ZIM:Servicecenter Medien auf H1 hat aktuell zu folgenden Zeiten geöffnet:

Mo-Do Fr
08:00 - 16:00 08:00 - 14:30
Cookies helfen uns bei der Bereitstellung des ZIM HilfeWikis. Bei der Nutzung vom ZIM HilfeWiki werden die in der Datenschutzerklärung beschriebenen Cookies gespeichert.