VPN unter macOS/en: Unterschied zwischen den Versionen

ZIM HilfeWiki - das Wiki
 
(9 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 4: Zeile 4:
 
|translated title=VPN on macOS
 
|translated title=VPN on macOS
 
}}
 
}}
VPN (Virtual Private Network) is required if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN guarantees secure access to the University network through other networks (dial-in via other providers, external company or university networks).
+
 
 +
<bootstrap_alert color=warning>
 +
Use Tunnelblick version 4.0.1 or newer. There is no longer any need to downgrade the OpenSSL version. Those who have set OpenSSL to version 1.1.1w as a temporary solution should create a new VPN connection for Tunnelblick with a new certificate and a new configuration file following these instructions. To do this, start at step [[VPN_on_macOS#create_network_certificate | Generate network certificate]].
 +
</bootstrap_alert>
 +
 
 +
You need VPN (Virtual Private Network) if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN ensures secure access to the university network from external networks (dial-in via other providers, external company or university networks).
 
<br clear=all>
 
<br clear=all>
  
 
== What needs to be done? - Quick guide ==
 
== What needs to be done? - Quick guide ==
# Install Tunnelblick in the most recent version. https://tunnelblick.net/downloads.html Tunnelblick] (Version 3.8.0 is used in this manual).
+
# Install Tunnelblick in the latest stable version. [https://tunnelblick.net/downloads.html Tunnelblick]
# Create your '''personal network certificate''' in the [https://serviceportal.uni-paderborn.de/web/portal/willkommen service portal].
+
# Generate your '''personal network certificate''' in the [https://serviceportal.uni-paderborn.de/web/portal/willkommen service portal].
 
# '''Download the configuration file'''
 
# '''Download the configuration file'''
#: <center><iframe key="infoboard" width="600" height="320" path="vpn-config/index.php?group=uni&os=mac" /></center>
+
#: <center><iframe key="infoboard" width="600" height="330" path="vpn-config/index.php?group=uni&os=mac&redirect_gateway=1" /></center>
#: '''Click on Download in the drop-down menu above!'''
+
#: '''Click on Download in the selection menu above!'''
# '''Create a new folder''' on your desktop with the name you want your connection to have, e.g. "VPN Uni".
+
# '''Create a new folder''' on your desktop that you name with the name you want your connection to have, for example “VPN Uni”.
# Put your '''personal network certificate''' and the '''configuration file''' in the folder you just created.
+
# Put your '''personal network certificate''' and '''configuration file''' in the folder created earlier.
# Delete the serial number in the filename from your network certificate, so that Network_Certificate_<username>_******.p12 becomes Network_Certificate.p12
+
# Delete the serial number in the filename from your network certificate so that e.g. Network_Certificate_<username>_******.p12 -> Network_Certificate.p12 becomes.
# Add the file extension '''.tblk''' to this folder by selecting the folder, pressing '''cmd + I''' and change it to '''VPN Uni.tblk''' under "Name & Suffix".
+
# Add the file extension '''.tblk''' to this folder by selecting the folder, pressing '''cmd + i''' and under "Name & Suffix" e.g. from VPN Uni '''VPN Uni. tblk''' do.
# Double click the file just created to install the connection.
+
# Now you can double-click the file created from the folder and install the connection.
# You will be asked to enter your Mac password to allow the configuration.
+
# You will be asked to enter your Mac password to allow configuration.
# Now click on the Tunnelblick icon at the top of the menu bar and select your connection, which is now named the same as your folder. Enter the import password, which you can find in the service portal under '''Network Preferences'''. Select the option to save the password in your keychain.
+
# Now click on the Tunnelblick symbol at the top of the menu bar and select your connection, which is now called the same as your folder before. Enter the import password, which you can find in the service portal under '''Network Settings'''. Select the option to save the password in the keychain.
 
# Wait until the font turns green. You are now connected.  
 
# Wait until the font turns green. You are now connected.  
 
<br clear=all>
 
<br clear=all>
 +
  
 
== Step-by-step instructions: Preparation ==
 
== Step-by-step instructions: Preparation ==
Zeile 27: Zeile 33:
 
[[Datei:Tunnelblick Download.png|links|mini|531x531px]]
 
[[Datei:Tunnelblick Download.png|links|mini|531x531px]]
 
<br>
 
<br>
* Install [https://tunnelblick.net/downloads.html Tunnelblick] in the most recent version. (Version 3.8.0 is used in this manual). 
+
* Install [https://tunnelblick.net/downloads.html Tunnelblick] in the latest stable version.
* Click on the link provided and then on the version marked '''"Stable"'''.  
+
* To do this, click on the link provided and then on the version marked '''"Stable"'''.  
* Then open your downloads and double click on the Tunnelblick download. Tunnelblick will now install itself automatically.
+
* Then open your downloads and then double-click on the Tunnelblick download. Tunnelblick now installs itself.
 
<br clear=all>
 
<br clear=all>
  
=== Create network certificate ===
+
=== Generate network certificate ===
[[Datei:VPN Serviceportal.png|links|mini|403x403px]]
+
You need a network certificate for the VPN connection.
 
<br>
 
<br>
# Create your personal network certificate in the [https://serviceportal.uni-paderborn.de/web/portal/willkommen service portal].
+
Access the service portal:
#* You can also use existing certificates for the VPN connection, if they are still valid.
+
* https://serviceportal.uni-paderborn.de
# Log in to the service portal to access the certificate. Open "User management" in the upper drop down menu, then click on '''Network settings'''.
+
* Log in with your university account.
# Create a new certificate!
+
* Then click on '''Netzwerkeinstellungen''' under '''Benutzerverwaltung''' in the top menu.
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN unter macOS - 02.png|links|mini|400px]]
+
[[Datei:Eduroam-unter-android-4.png|links|mini|ohne|350px]]
 
<br>
 
<br>
* With a click on '''"Create new certificate"''' you create a new network certificate
+
* Click '''"Neues Zertifikat erstellen"'''.
* Click on '''Download network certificate''' and save the certificate on your computer!
+
<br clear=all>
* You will also find the associated password on the newly appearing window under '''Import Password'''. It can also be viewed any time by clicking '''"Edit > Certificate information"'''.
 
* For network certificate see below
 
  
 +
[[Datei:Netzwerkzertifikat-container-v2.png|links|mini|ohne|350px]]
 +
<br>
 +
* Give the certificate a unique name (Example: MacBook VPN)
 +
* Select '''<span style="color:red">Version 2</span>''' as the file format!
 +
* Then click on '''"Neues Zertifikat zusenden"'''.
 
<br clear=all>
 
<br clear=all>
  
<div class="tleft" style="clear:none">[[Datei:VPN unter macOS - 03.png|links|mini|x600px]]</div>
+
[[Datei:Netzwerkzertifikat-download.png|links|mini|ohne|350px]]
<div class="tleft" style="clear:none">[[Datei:VPN unter macOS - 04.png|links|mini|x400px]]</div>
+
<br>
 +
* A new network certificate has been created for you.
 +
* First copy the '''Import Password''' to the clipboard.
 +
* Now click on '''"Download Network Certificate"'''.
 +
<br clear=all>
 +
You have now downloaded your personal network certificates.
  
 +
==Set up Tunnelblick ==
 +
Download the configuration file, select the VPN you want to connect to and click Download.
 +
Normally, "'''Uni-VPN (Standard)'''" should be the right choice, but if you have problems with the connection, try "Uni-VPN-TCP" instead.
 +
<center><iframe key="infoboard" width="600" height="330" path="vpn-config/index.php?group=uni&os=mac&redirect_gateway=1" /></center>
 +
<br clear=all>
 +
<span style="color:green"> Note:</span> You can click '''"Download"''' here and download your configuration file. This is not a screenshot ;-)
 
<br clear=all>
 
<br clear=all>
  
 +
<bootstrap_accordion>
 +
<bootstrap_panel heading="Direct all internet traffic through the tunnel?" color="info">
 +
*Accessing online resources may require that you route all network traffic through the tunnel.
 +
* You do not need this option to simply access the network drives.
 +
</bootstrap_panel>
 +
</bootstrap_accordion>
  
== Set up Tunnelblick ==
+
[[Datei:VPN Ordner.png|links|mini|ohne|350px|create folder]]
Download the configuration file, select the VPN you want to connect to and click '''on Download'''.
+
<br>
Usually '''"Uni-VPN (standard)"''' should work, but if you have problems with the connection, try  "Uni-VPN-TCP".
+
* Create a new folder - For example, name it ''"vpn-upb"''.
<center><iframe key="infoboard" width="600" height="320" path="vpn-config/index.php?group=uni&os=mac" /></center>
+
* This is what your VPN connection will be called later.
 +
* Now put the personal network certificate and configuration file in this folder.
 +
* Rename your personal network certificate to <code>Network_Certificate.p12</code>
 +
* '''Example:''' Change the file name <code>Network_Certificate_muster_078B30.p12</code> to <code>Network_Certificate.p12</code>
 +
* The configuration file should have an icon like the screenshot and end with <code>.ovpn</code>.
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN Ordner.png|links|mini|525x525px]]
+
<bootstrap_accordion>
 +
<bootstrap_panel heading="My configuration file looks different! - What now? -Click here-" color="info">
 +
* When downloading, it can happen that the .ovpn file becomes a .txt file. However, we can change the file extension again relatively easily.
 +
* Click on the configuration file. Now press '''cmd''' + '''i''' on the keyboard.
 +
* '''"Name & Suffix"''' may now read '''.ovpn.txt'''.
 +
* Delete the '''.txt'''.
 +
* Then press the '''Enter key'''.
 +
* Click '''Add'''.
 +
</bootstrap_panel>
 +
</bootstrap_accordion>
 +
 
 +
[[Datei:VPN Suffix.png|links|mini|ohne|350px|rename folder]]
 
<br>
 
<br>
* Then create a new folder on your desktop with the name you want your connection to have, e.g. "VPN Uni".
+
* Now rename the folder and add the file extension <code>.tblk</code> to it.
* Now place the personal network certificate and the configuration file in the created folder.
+
* You can use the context menu or right-click for this.
* Rename your personal network certificate, for example  '''Network_Certificate_<username>_******.p12''' becomes '''Network_Certificate.p12'''
 
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN Suffix.png|links|mini|603x603px]]
+
[[Datei:Vpn-unter-macos-12.png|links|mini|ohne|350px|add suffix]]
 
<br>
 
<br>
* Add the file extension '''.tblk''' to the folder by selecting the folder, pressing '''cmd + I''', under "Name & Suffix" change "VPN Uni" to '''"VPN Uni.tblk"'''. Then click on Enter/Return and confirm the entry with '''Add'''.
+
* You must now confirm the change.
 +
* Click '''Add'''.
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN tblk.png|links|mini|127x127px]]
+
[[Datei:VPN tblk.png|links|mini|ohne|150px|Install configuration]]
 
<br>
 
<br>
* Double-click the file just created from the folder to install the connection.
+
* You have now created a configuration for Tunnelblick - This now needs to be installed.
 +
* Open this file with a double click.
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN Konfiguration.png|links|mini|436x436px]]
+
[[Datei:Vpn-unter-macos-13.png|links|mini|ohne|350px|Install configuration for this user]]
 
<br>
 
<br>
* You will be asked to enter your Mac password to allow configuration.
+
* You will be asked which user you want to install the configuration for.
 +
* Select '''"Only for this user"'''.
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN verbinden.png|links|mini|ohne|300px]]
+
 
 +
[[Datei:VPN Konfiguration.png|links|mini|ohne|250px|enter Mac password]]
 +
<br>
 +
* You will be prompted to enter your Mac password to install the configuration.
 +
<br clear=all>
 +
 
 +
[[Datei:VPN verbinden.png|links|mini|ohne|450px]]
 +
<br>
 +
* Now click on the '''tunnel vision symbol''' in the menu bar at the top.
 +
* Click '''connect''' on the desired VPN connection.
 +
* In our example this is '''"connect vpn-upb"'''
 +
<br clear=all>
 +
 
 +
[[Datei:VPN Passwort.png|links|mini|ohne|450px]]
 +
<br>
 +
* In the next step you will be asked to enter a password. Enter the '''import password''' mentioned above that belongs to the certificate.
 +
* In addition, be sure to select the '''"Save to Keychain"''' option so that the password is saved (otherwise you will have to keep re-entering the import password).
 +
<br clear=all>
 +
 
 +
[[Datei:VPN verbunden.png|links|mini|ohne|450px]]
 +
<br>
 +
* Wait until the font turns ''green'' and you are ''connected''.
 +
* You can quickly connect and disconnect the connection using the Tunnelblick symbol.
 +
<br clear=all>
 +
 
 +
<!--
 +
==OpenSSL Problem==
 +
As of version 4.0.0, Tunnelblick can no longer unpack the network certificates of the University of Paderborn. You can temporarily work around this by downgrading OpenSSL to v1.
 +
<br>
 +
If you get the following error when connecting to Tunnelblick, follow these steps:
 +
<br>
 +
<code>Authentication failed The passphrase was not accepted</code>
 +
 
 +
[[File:Vpn-under-macos-09.png|left|mini|without|450px]]
 
<br>
 
<br>
* Now click on the '''Tunnelblick icon''' at the top of the menu bar and select '''Your connection''', which now has the same name as your folder, for example '''"VPN Uni"'''.
+
* Click '''Cancel'''.
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN Passwort.png|links|mini|439x439px]]
+
[[File:VPN-under-macos-10.png|left|mini|without|450px]]
 
<br>
 
<br>
* In the next step you will be asked to enter a password. Enter the '''Import password''' already mentioned above, which belongs to the certificate.  
+
* Click on the '''tunnel vision icon''' in the menu bar.
* In addition you should definitely select the option '''"Save in keychain"''' to save the password (otherwise you will have to enter the import password again and again).
+
* Then click on '''VPN Details'''.
 
<br clear=all>
 
<br clear=all>
  
[[Datei:VPN verbunden.png|links|mini|ohne|300px]]
+
[[File:VPN-under-macos-11.png|left|mini|without|450px]]
 
<br>
 
<br>
* Wait until the font turns '''green''' and you are '''connected'''.
+
# Click '''"Configuration"''' in the top bar.
* You can quickly connect and disconnect using the tunnelblick icon.
+
# Select your VPN configuration on the left side.
 +
# Click on the '''Settings''' tab.
 +
# Select the following setting:
 +
#* OpenVPN Version: '''2.6.9 - OpenSSL v1.1.1w'''
 
<br clear=all>
 
<br clear=all>
  
==Change Config==
+
Then click on '''Connect'''. You should now be able to connect to the VPN again.
If you have been using VPN access for some time, it may be necessary at some point to update the configuration file to the latest version. In the following we explain how this works.
+
<br>
 +
 
 +
This setting must be reversed at a later date. We will inform you about it here.
  
 +
<bootstrap_accordion>
 +
<bootstrap_panel heading="Alternative for advanced users" color="info">
 +
As an alternative to downgrading the OpenSSL version, you can also unpack the certificate yourself. However, this can only be done via the terminal. If you have experience with it, this option is preferable.
 +
Unzip the network certificate using the following commands from the terminal:
 +
* <code>openssl pkcs12 -in Network_Certificate.p12 -out Network_Certificate_cert.pem -clcerts -nokeys </code>
 +
* <code>openssl pkcs12 -in Network_Certificate.p12 -out Network_Certificate_key.pem -nocerts -nodes </code>
 +
<br>
 +
Depending on the openssl version, you may also need the <code>-legacy</code> parameter
 +
<br>
 +
 +
Now you have to adapt the config file as follows:
 +
<pre>
 +
#### Operating system adjustments for macOS ####################
 +
 +
#
 +
# pkcs12 Network_Certificate.p12
 +
# or separated:
 +
cert Network_Certificate_cert.pem
 +
key Network_Certificate_key.pem
 +
</pre>
 +
If your cert file and key file have different names, you will need to rename them accordingly.
 +
 +
Then put the cert file and the key file with the config file in a folder and create a .tblk file from it as described above.
 +
</bootstrap_panel>
 +
</bootstrap_accordion>
 +
 +
==Check VPN==
 +
As soon as a green status is displayed, you are connected to the Paderborn University network. You can check this by clicking on the following link:
 +
* [https://go.upb.de/ip https://go.upb.de/ip]
 +
 +
[[File:OpenVPN connected - go_ip.png|center|400px|mini|without|Example: Successfully connected to the university network.]]
 +
 +
<br clear=all>
 +
-->
 +
 +
==Swap configuration file==
 +
If you have been using VPN access for a while, it may be necessary at some point to update the configuration file to the latest version. Below we explain how this works.
 
<bootstrap_accordion>
 
<bootstrap_accordion>
 
<bootstrap_panel heading="Details" color="info">
 
<bootstrap_panel heading="Details" color="info">
* Download the new config file.
+
* Download the new configuration file.
 
<br>
 
<br>
  
[[Datei:Vpn-unter-macos-01.png|links|mini|ohne|450px|Config file]]
+
[[File:Vpn-under-macos-01.png|left|mini|without|450px|configuration file]]
 
<br>
 
<br>
* Select the new config file.
+
* Select the configuration file.
* Open the context menu via right click.
+
* Open the context menu with a '''right click'''.
 
<br clear=all>
 
<br clear=all>
  
  
[[Datei:Vpn-unter-macos-02.png|links|mini|ohne|450px|Open with...]]
+
[[File:Vpn-under-macos-02.png|left|mini|without|450px|Open with...]]
 
<br>
 
<br>
* Choose '''"Open with"'''.<span style="color:green"> (1)</span>
+
*Select '''"Open with"'''.<span style="color:green"> (1)</span>
* Click on '''"Other..."'''.<span style="color:green"> (2)</span>
+
* Then click on '''"Other..."'''.<span style="color:green"> (2)</span>
 
<br clear=all>
 
<br clear=all>
  
  
[[Datei:Vpn-unter-macos-03.png|links|mini|ohne|450px|Choose program]]
+
[[File:Vpn-under-macos-03.png|left|mini|without|450px|select program]]
 
<br>
 
<br>
* Choose '''"TextEdit"''' from the app list.  <span style="color:green"> (1)</span>
+
* Select '''"TextEdit"''' from the list.  <span style="color:green"> (1)</span>
* Click on '''"Open"'''. <span style="color:green"> (2)</span>
+
* Then click '''"Open"'''. <span style="color:green"> (2)</span>
 
<br clear=all>
 
<br clear=all>
  
 
+
[[File:Vpn-under-macos-04.png|left|mini|without|450px|copy configuration]]
[[Datei:Vpn-unter-macos-04.png|links|mini|ohne|450px|Copy config file]]
 
 
<br>
 
<br>
* Copy the contents of the file to the clipboard.
+
* Copy the '''entire''' contents of the configuration file to the clipboard.
* You can use the following shortcuts:
+
* The quickest way to do this is to use the following key combinations:
** <code>cmd</code> + <code>A</code> (Mark all)
+
** <code>cmd</code> + <code>A</code> (Select all)
** <code>cmd</code> + <code>C</code> (Copy)
+
** <code>cmd</code> + <code>C</code> (copy)
 
<br clear=all>
 
<br clear=all>
  
  
[[Datei:Vpn-unter-macos-05.png|links|mini|ohne|450px|Menu]]
+
[[File:Vpn-under-macos-05.png|left|mini|without|450px|status menu]]
 
<br>
 
<br>
* Click on the '''Tunnelblick-Icon''' in the menu bar at the top. <span style="color:green"> (1)</span>
+
* Click on the '''tunnel vision symbol''' in the menu bar at the top right. <span style="color:green"> (1)</span>
* Click on '''"VPN-Details"'''.<span style="color:green"> (2)</span>
+
* Then click on '''"VPN Details"''.<span style="color:green"> (2)</span>
 
<br clear=all>
 
<br clear=all>
  
  
[[Datei:Vpn-unter-macos-06.png|links|mini|ohne|450px|Configurations]]
+
[[File:Vpn-under-macos-06.png|links|mini|without|450px|configurations]]
 +
<br>
 +
* Select the ''''Configurations'''' menu. <span style="color:green"> (1)</span>
 +
* On the left side, select the configuration you want to edit. <span style="color:green"> (2)</span>
 +
* Then click on the circle with the three dots at the bottom.
 +
* Scroll down a little in the menu that opens.
 +
* Click '''"Edit OpenVPN configuration file..."'''<span style="color:green"> (3)</span>
 
<br>
 
<br>
* Choose '''"Configurations'''". <span style="color:green"> (1)</span>
+
* Do you want to keep your old configuration file and create a new one instead?
* Select the configuration, that you want to update. <span style="color:green"> (2)</span>
+
* On the old configuration file, click '''"Duplicate configuration"'''.
* Click on the circle with the three dots at the bottom of the window.
+
* Then select the copy and continue with <span style="color:green"> (3)</span>.
* Scroll down in the upcomming window.
 
* Click on '''"Change OpenVPN-Config-File..."'''<span style="color:green"> (3)</span>
 
 
<br clear=all>
 
<br clear=all>
  
[[Datei:Vpn-unter-macos-07.png|links|mini|ohne|450px|Replace and save content]]
+
[[File:Vpn-under-macos-07.png|left|mini|without|450px|Replace content and save]]
 
<br>
 
<br>
* The config file opens.
+
* Now the configuration file opens.
* You can recognize your config file by checking  '''"date"''' and '''"version"'''.<span style="color:green"> (1)</span>
+
* You can see how current your configuration file is by looking at '''"Date"''' and '''"Version"'''.<span style="color:green"> (1)</span>
* Delete the content from the file and insert the content from the clipboard.
+
* Delete the contents of the configuration file and replace it with the contents of the clipboard.
* You can use the following shortcuts
+
* The easiest way to do this is to use the following key combinations:
** <code>cmd</code> + <code>A</code> (Mark all)
+
** <code>cmd</code> + <code>A</code> (Select all)
 
** Delete
 
** Delete
** <code>cmd</code> + <code>V</code> (Insert)
+
** <code>cmd</code> + <code>V</code> (insert)
* You can tell that the file has been modified by the '''"edited"''' indicator <span style="color:green"> (2)</span>
+
* You can see that you have made changes by the note '''"Edited''''. <span style="color:green"> (2)</span>
* Close the application by clicking on the red <span style="color:red"> X</span>. <span style="color:green"> (3)</span>
+
* Close the window by clicking on the red <span style="color:red">X</span>. <span style="color:green"> (3)</span>
 
<br clear=all>
 
<br clear=all>
  
Congratulation. You changed your config file successfully.
+
You have now replaced the contents of the configuration file with the new version.
 +
 
 +
The first time you connect to the modified configuration file, you will receive the following information:
 +
[[File:Vpn-under-macos-08.png|left|mini|without|450px|Save configuration]]
 +
<br>
 +
* Click ''''Save configuration'''.
 +
* From now on you can connect to the new configuration file.
 +
<br>
 +
* Have you made a mistake and want to undo the changes?
 +
* Press '''"Return to last saved copy'''.
 +
<br clear=all>
  
 
</bootstrap_panel>
 
</bootstrap_panel>
 
</bootstrap_accordion>
 
</bootstrap_accordion>
  
== Known issues==
+
==Common Issues==
It's possible that while downolading the .ovpn conifiguration file is changed to a .txt file. If this is the cas: <br>
+
===Configuration file not readable===
* Select the configuration file.
+
When downloading, the '''.ovpn file''' may be turned into a '''.txt file'''.<br>
* Click '''cmd''' + '''i'''.
+
Select the configuration file. Press the key combination <code>cmd</code> and <code>i</code>. If the file under '''Suffix''' ends in '''.txt''', delete this part. The name should end with '''.ovpn'''.
* Check the ending in the section '''Suffix'''.
+
 
* If necessary delete the '''.txt''' part.
+
=== Group VPN ports are blocked - '''TLS handshake failed''' after a timeout (60 sec) ===
* The name should end as '''.opvn'''
+
Group VPN connections are established over specific UDP ports. Normally these port sharings are problem-free because they do not overlap with other protocols. However, if your Internet access is of a restrictive nature and only allows certain ports, a connection problem may arise. This affects some university institutions or company networks. Home networks generally do not have this.
 +
 
 +
'''Solution:'''
 +
* change your location or network
 +
* Release the required port or talk to the IT department whether this is possible
 +
*: You can find the port used for your group network within the config file.
 +
* If it is the '''hpc-pc2''' network, contact the PC2 for alternative SSH access
 +
 
 +
 
 +
 
  
 
<!--
 
<!--
=== Tunnelblick does not connect ===
+
===No internet connection outside of the university===
[[Datei:VPN-unter-macOS-Mojave-Fehler-1.png|links|mini|250px]]
+
[[File:VPN-on-macOS-Mojave-Error-1.png|links|mini|250px]]
 
<br>
 
<br>
 
* Click on the Tunnelblick icon in the top bar
 
* Click on the Tunnelblick icon in the top bar
* Click on "VPN details" to open the settings menu
+
* Click on "VPN Details" to access the settings
 
<br clear=all>
 
<br clear=all>
[[Datei:VPN-unter-macOS-Mojave-Fehler-3.png|links|mini|250px]]
+
[[File:VPN-on-macOS-Mojave-Error-3.png|links|mini|250px]]
 
<br>
 
<br>
 
* Click on your VPN connection on the left side
 
* Click on your VPN connection on the left side
* Then select the "Settings" tab
+
* Then select the “Settings” tab
 
* Set the following settings:
 
* Set the following settings:
* If disconnection is expected: '''Reset primary interface'''
+
* If separation is expected: '''Reset primary interface'''
 
* In case of unexpected disconnection: '''Reset primary interface'''
 
* In case of unexpected disconnection: '''Reset primary interface'''
 
<br clear=all>
 
<br clear=all>
  
===No internet connection outside the university===
+
===Tunnel vision doesn't connect===
If your Mac no longer connects to the Internet outside the university, or can only do so with VPN enabled, this may be because tunnel vision is causing a problem with the DNS server.
+
If your Mac no longer connects to the Internet outside of the university, or can only do so with VPN activated, this may be because Tunnelblick is causing a problem with the DNS server.
[[Datei:VPN-unter-macOS-Mojave-Fehler-1.png|links|mini|250px]]
+
[[File:VPN-on-macOS-Mojave-Error-1.png|links|mini|250px]]
 
<br>
 
<br>
 
* Click on the Tunnelblick icon in the top bar
 
* Click on the Tunnelblick icon in the top bar
* Click on "VPN details" to open the settings menu
+
* Click on "VPN Details" to access the settings
 
<br clear=all>
 
<br clear=all>
[[Datei:VPN-unter-macOS-Mojave-Fehler-2.png|links|mini|250px]]
+
[[File:VPN-on-macOS-Mojave-Error-2.png|links|mini|250px]]
 
<br>
 
<br>
 
* Click on your VPN connection on the left side
 
* Click on your VPN connection on the left side
* Then select the "Settings" tab
+
* Then select the “Settings” tab
* Uncheck the box "Disable IPv6, except..." if it is set
+
* Uncheck "Disable IPv6 unless..." if this is set
 
<br clear=all>
 
<br clear=all>
--!>
+
-->
 +
 
 +
==See also==
 +
* [[Netzwerk]]
 +
* [[VPN Problembehandlung]]

Aktuelle Version vom 7. Juli 2024, 11:56 Uhr

Die deutsche Version finden Sie auf der Seite VPN unter macOS

You need VPN (Virtual Private Network) if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN ensures secure access to the university network from external networks (dial-in via other providers, external company or university networks).

What needs to be done? - Quick guide[Bearbeiten | Quelltext bearbeiten]

  1. Install Tunnelblick in the latest stable version. Tunnelblick
  2. Generate your personal network certificate in the service portal.
  3. Download the configuration file
    Click on Download in the selection menu above!
  4. Create a new folder on your desktop that you name with the name you want your connection to have, for example “VPN Uni”.
  5. Put your personal network certificate and configuration file in the folder created earlier.
  6. Delete the serial number in the filename from your network certificate so that e.g. Network_Certificate_<username>_******.p12 -> Network_Certificate.p12 becomes.
  7. Add the file extension .tblk to this folder by selecting the folder, pressing cmd + i and under "Name & Suffix" e.g. from VPN Uni VPN Uni. tblk do.
  8. Now you can double-click the file created from the folder and install the connection.
  9. You will be asked to enter your Mac password to allow configuration.
  10. Now click on the Tunnelblick symbol at the top of the menu bar and select your connection, which is now called the same as your folder before. Enter the import password, which you can find in the service portal under Network Settings. Select the option to save the password in the keychain.
  11. Wait until the font turns green. You are now connected.



Step-by-step instructions: Preparation[Bearbeiten | Quelltext bearbeiten]

Install Tunnelblick[Bearbeiten | Quelltext bearbeiten]

Tunnelblick Download.png


  • Install Tunnelblick in the latest stable version.
  • To do this, click on the link provided and then on the version marked "Stable".
  • Then open your downloads and then double-click on the Tunnelblick download. Tunnelblick now installs itself.


Generate network certificate[Bearbeiten | Quelltext bearbeiten]

You need a network certificate for the VPN connection.
Access the service portal:


Eduroam-unter-android-4.png


  • Click "Neues Zertifikat erstellen".


Netzwerkzertifikat-container-v2.png


  • Give the certificate a unique name (Example: MacBook VPN)
  • Select Version 2 as the file format!
  • Then click on "Neues Zertifikat zusenden".


Netzwerkzertifikat-download.png


  • A new network certificate has been created for you.
  • First copy the Import Password to the clipboard.
  • Now click on "Download Network Certificate".


You have now downloaded your personal network certificates.

Set up Tunnelblick[Bearbeiten | Quelltext bearbeiten]

Download the configuration file, select the VPN you want to connect to and click Download. Normally, "Uni-VPN (Standard)" should be the right choice, but if you have problems with the connection, try "Uni-VPN-TCP" instead.


Note: You can click "Download" here and download your configuration file. This is not a screenshot ;-)

  • Accessing online resources may require that you route all network traffic through the tunnel.
  • You do not need this option to simply access the network drives.
create folder


  • Create a new folder - For example, name it "vpn-upb".
  • This is what your VPN connection will be called later.
  • Now put the personal network certificate and configuration file in this folder.
  • Rename your personal network certificate to Network_Certificate.p12
  • Example: Change the file name Network_Certificate_muster_078B30.p12 to Network_Certificate.p12
  • The configuration file should have an icon like the screenshot and end with .ovpn.


  • When downloading, it can happen that the .ovpn file becomes a .txt file. However, we can change the file extension again relatively easily.
  • Click on the configuration file. Now press cmd + i on the keyboard.
  • "Name & Suffix" may now read .ovpn.txt.
  • Delete the .txt.
  • Then press the Enter key.
  • Click Add.
rename folder


  • Now rename the folder and add the file extension .tblk to it.
  • You can use the context menu or right-click for this.


add suffix


  • You must now confirm the change.
  • Click Add.


Install configuration


  • You have now created a configuration for Tunnelblick - This now needs to be installed.
  • Open this file with a double click.


Install configuration for this user


  • You will be asked which user you want to install the configuration for.
  • Select "Only for this user".



enter Mac password


  • You will be prompted to enter your Mac password to install the configuration.


VPN verbinden.png


  • Now click on the tunnel vision symbol in the menu bar at the top.
  • Click connect on the desired VPN connection.
  • In our example this is "connect vpn-upb"


VPN Passwort.png


  • In the next step you will be asked to enter a password. Enter the import password mentioned above that belongs to the certificate.
  • In addition, be sure to select the "Save to Keychain" option so that the password is saved (otherwise you will have to keep re-entering the import password).


VPN verbunden.png


  • Wait until the font turns green and you are connected.
  • You can quickly connect and disconnect the connection using the Tunnelblick symbol.



Swap configuration file[Bearbeiten | Quelltext bearbeiten]

If you have been using VPN access for a while, it may be necessary at some point to update the configuration file to the latest version. Below we explain how this works.

  • Download the new configuration file.


Datei:Vpn-under-macos-01.png
configuration file


  • Select the configuration file.
  • Open the context menu with a right click.




  • Select "Open with". (1)
  • Then click on "Other...". (2)




  • Select "TextEdit" from the list. (1)
  • Then click "Open". (2)


Datei:Vpn-under-macos-04.png
copy configuration


  • Copy the entire contents of the configuration file to the clipboard.
  • The quickest way to do this is to use the following key combinations:
    • cmd + A (Select all)
    • cmd + C (copy)




  • Click on the tunnel vision symbol in the menu bar at the top right. (1)
  • Then click on '"VPN Details". (2)




  • Select the 'Configurations' menu. (1)
  • On the left side, select the configuration you want to edit. (2)
  • Then click on the circle with the three dots at the bottom.
  • Scroll down a little in the menu that opens.
  • Click "Edit OpenVPN configuration file..." (3)


  • Do you want to keep your old configuration file and create a new one instead?
  • On the old configuration file, click "Duplicate configuration".
  • Then select the copy and continue with (3).


Datei:Vpn-under-macos-07.png
Replace content and save


  • Now the configuration file opens.
  • You can see how current your configuration file is by looking at "Date" and "Version". (1)
  • Delete the contents of the configuration file and replace it with the contents of the clipboard.
  • The easiest way to do this is to use the following key combinations:
    • cmd + A (Select all)
    • Delete
    • cmd + V (insert)
  • You can see that you have made changes by the note "Edited'. (2)
  • Close the window by clicking on the red X. (3)


You have now replaced the contents of the configuration file with the new version.

The first time you connect to the modified configuration file, you will receive the following information:

Datei:Vpn-under-macos-08.png
Save configuration


  • Click 'Save configuration.
  • From now on you can connect to the new configuration file.


  • Have you made a mistake and want to undo the changes?
  • Press "Return to last saved copy.



Common Issues[Bearbeiten | Quelltext bearbeiten]

Configuration file not readable[Bearbeiten | Quelltext bearbeiten]

When downloading, the .ovpn file may be turned into a .txt file.
Select the configuration file. Press the key combination cmd and i. If the file under Suffix ends in .txt, delete this part. The name should end with .ovpn.

Group VPN ports are blocked - TLS handshake failed after a timeout (60 sec)[Bearbeiten | Quelltext bearbeiten]

Group VPN connections are established over specific UDP ports. Normally these port sharings are problem-free because they do not overlap with other protocols. However, if your Internet access is of a restrictive nature and only allows certain ports, a connection problem may arise. This affects some university institutions or company networks. Home networks generally do not have this.

Solution:

  • change your location or network
  • Release the required port or talk to the IT department whether this is possible
    You can find the port used for your group network within the config file.
  • If it is the hpc-pc2 network, contact the PC2 for alternative SSH access



See also[Bearbeiten | Quelltext bearbeiten]


Bei Fragen oder Problemen wenden Sie sich bitte telefonisch oder per E-Mail an uns:

Tel. IT: +49 (5251) 60-5544 Tel. Medien: +49 (5251) 60-2821 E-Mail: zim@uni-paderborn.de

Das Notebook-Café ist die Benutzerberatung des ZIM - Sie finden uns in Raum I0.401

Wir sind zu folgenden Zeiten erreichbar:


Mo-Do Fr
Vor-Ort-Support 08:30 - 16:00 08:30 - 14:00
Telefonsupport 08:30 - 16:00 08:30 - 14:00


Das ZIM:Servicecenter Medien auf H1 hat aktuell zu folgenden Zeiten geöffnet:

Mo-Do Fr
08:00 - 16:00 08:00 - 14:30
Cookies helfen uns bei der Bereitstellung des ZIM HilfeWikis. Bei der Nutzung vom ZIM HilfeWiki werden die in der Datenschutzerklärung beschriebenen Cookies gespeichert.