VPN on macOS

ZIM HilfeWiki - das Wiki
Die deutsche Version finden Sie auf der Seite VPN unter macOS

You need VPN (Virtual Private Network) if you want to use services from outside the University of Paderborn that are only accessible within the university network. VPN ensures secure access to the university network from external networks (dial-in via other providers, external company or university networks).

What needs to be done? - Quick guide[Bearbeiten | Quelltext bearbeiten]

  1. Install Tunnelblick in the latest stable version. Tunnelblick
  2. Generate your personal network certificate in the service portal.
  3. Download the configuration file
    Click on Download in the selection menu above!
  4. Create a new folder on your desktop that you name with the name you want your connection to have, for example “VPN Uni”.
  5. Put your personal network certificate and configuration file in the folder created earlier.
  6. Delete the serial number in the filename from your network certificate so that e.g. Network_Certificate_<username>_******.p12 -> Network_Certificate.p12 becomes.
  7. Add the file extension .tblk to this folder by selecting the folder, pressing cmd + i and under "Name & Suffix" e.g. from VPN Uni VPN Uni. tblk do.
  8. Now you can double-click the file created from the folder and install the connection.
  9. You will be asked to enter your Mac password to allow configuration.
  10. Now click on the Tunnelblick symbol at the top of the menu bar and select your connection, which is now called the same as your folder before. Enter the import password, which you can find in the service portal under Network Settings. Select the option to save the password in the keychain.
  11. Wait until the font turns green. You are now connected.



Step-by-step instructions: Preparation[Bearbeiten | Quelltext bearbeiten]

Install Tunnelblick[Bearbeiten | Quelltext bearbeiten]

Tunnelblick Download.png


  • Install Tunnelblick in the latest stable version.
  • To do this, click on the link provided and then on the version marked "Stable".
  • Then open your downloads and then double-click on the Tunnelblick download. Tunnelblick now installs itself.


Generate network certificate[Bearbeiten | Quelltext bearbeiten]

You need a network certificate for the VPN connection.
Access the service portal:


Eduroam-unter-android-4.png


  • Click "Neues Zertifikat erstellen".


Netzwerkzertifikat-container-v2.png


  • Give the certificate a unique name (Example: MacBook VPN)
  • Select Version 2 as the file format!
  • Then click on "Neues Zertifikaz zusenden".


Netzwerkzertifikat-download.png


  • A new network certificate has been created for you.
  • First copy the Import Password to the clipboard.
  • Now click on "Download Network Certificate".


You have now downloaded your personal network certificates.

Set up Tunnelblick[Bearbeiten | Quelltext bearbeiten]

Download the configuration file, select the VPN you want to connect to and click Download. Normally, "Uni-VPN (Standard)" should be the right choice, but if you have problems with the connection, try "Uni-VPN-TCP" instead.


Note: You can click "Download" here and download your configuration file. This is not a screenshot ;-)

  • Accessing online resources may require that you route all network traffic through the tunnel.
  • You do not need this option to simply access the network drives.
create folder


  • Create a new folder - For example, name it "vpn-upb".
  • This is what your VPN connection will be called later.
  • Now put the personal network certificate and configuration file in this folder.
  • Rename your personal network certificate to Network_Certificate.p12
  • Example: Change the file name Network_Certificate_muster_078B30.p12 to Network_Certificate.p12
  • The configuration file should have an icon like the screenshot and end with .ovpn.


  • When downloading, it can happen that the .ovpn file becomes a .txt file. However, we can change the file extension again relatively easily.
  • Click on the configuration file. Now press cmd + i on the keyboard.
  • "Name & Suffix" may now read .ovpn.txt.
  • Delete the .txt.
  • Then press the Enter key.
  • Click Add.
rename folder


  • Now rename the folder and add the file extension .tblk to it.
  • You can use the context menu or right-click for this.


add suffix


  • You must now confirm the change.
  • Click Add.


Install configuration


  • You have now created a configuration for Tunnelblick - This now needs to be installed.
  • Open this file with a double click.


Install configuration for this user


  • You will be asked which user you want to install the configuration for.
  • Select "Only for this user".



enter Mac password


  • You will be prompted to enter your Mac password to install the configuration.



  • Now click on the tunnel vision symbol in the menu bar at the top.
  • Click connect on the desired VPN connection.
  • In our example this is "connect vpn-upb"


VPN Passwort.png


  • In the next step you will be asked to enter a password. Enter the import password mentioned above that belongs to the certificate.
  • In addition, be sure to select the "Save to Keychain" option so that the password is saved (otherwise you will have to keep re-entering the import password).


VPN verbunden.png


  • Wait until the font turns green and you are connected.
  • You can quickly connect and disconnect the connection using the Tunnelblick symbol.



Swap configuration file[Bearbeiten | Quelltext bearbeiten]

If you have been using VPN access for a while, it may be necessary at some point to update the configuration file to the latest version. Below we explain how this works.

  • Download the new configuration file.


Datei:Vpn-under-macos-01.png
configuration file


  • Select the configuration file.
  • Open the context menu with a right click.




  • Select "Open with". (1)
  • Then click on "Other...". (2)




  • Select "TextEdit" from the list. (1)
  • Then click "Open". (2)


Datei:Vpn-under-macos-04.png
copy configuration


  • Copy the entire contents of the configuration file to the clipboard.
  • The quickest way to do this is to use the following key combinations:
    • cmd + A (Select all)
    • cmd + C (copy)




  • Click on the tunnel vision symbol in the menu bar at the top right. (1)
  • Then click on '"VPN Details". (2)




  • Select the 'Configurations' menu. (1)
  • On the left side, select the configuration you want to edit. (2)
  • Then click on the circle with the three dots at the bottom.
  • Scroll down a little in the menu that opens.
  • Click "Edit OpenVPN configuration file..." (3)


  • Do you want to keep your old configuration file and create a new one instead?
  • On the old configuration file, click "Duplicate configuration".
  • Then select the copy and continue with (3).


Datei:Vpn-under-macos-07.png
Replace content and save


  • Now the configuration file opens.
  • You can see how current your configuration file is by looking at "Date" and "Version". (1)
  • Delete the contents of the configuration file and replace it with the contents of the clipboard.
  • The easiest way to do this is to use the following key combinations:
    • cmd + A (Select all)
    • Delete
    • cmd + V (insert)
  • You can see that you have made changes by the note "Edited'. (2)
  • Close the window by clicking on the red X. (3)


You have now replaced the contents of the configuration file with the new version.

The first time you connect to the modified configuration file, you will receive the following information:

Datei:Vpn-under-macos-08.png
Save configuration


  • Click 'Save configuration.
  • From now on you can connect to the new configuration file.


  • Have you made a mistake and want to undo the changes?
  • Press "Return to last saved copy.



Common Issues[Bearbeiten | Quelltext bearbeiten]

Configuration file not readable[Bearbeiten | Quelltext bearbeiten]

When downloading, the .ovpn file may be turned into a .txt file.
Select the configuration file. Press the key combination cmd and i. If the file under Suffix ends in .txt, delete this part. The name should end with .ovpn.

Group VPN ports are blocked - TLS handshake failed after a timeout (60 sec)[Bearbeiten | Quelltext bearbeiten]

Group VPN connections are established over specific UDP ports. Normally these port sharings are problem-free because they do not overlap with other protocols. However, if your Internet access is of a restrictive nature and only allows certain ports, a connection problem may arise. This affects some university institutions or company networks. Home networks generally do not have this.

Solution:

  • change your location or network
  • Release the required port or talk to the IT department whether this is possible
    You can find the port used for your group network within the config file.
  • If it is the hpc-pc2 network, contact the PC2 for alternative SSH access



See also[Bearbeiten | Quelltext bearbeiten]


Bei Fragen oder Problemen wenden Sie sich bitte telefonisch oder per E-Mail an uns:

Tel. IT: +49 (5251) 60-5544 Tel. Medien: +49 (5251) 60-2821 E-Mail: zim@uni-paderborn.de

Das Notebook-Café ist die Benutzerberatung des ZIM - Sie finden uns in Raum I0.401

Wir sind zu folgenden Zeiten erreichbar:


Mo-Do Fr
Vor-Ort-Support 08:30 - 16:00 08:30 - 14:00
Telefonsupport 08:30 - 16:00 08:30 - 14:00


Das ZIM:Servicecenter Medien auf H1 hat aktuell zu folgenden Zeiten geöffnet:

Mo-Do Fr
08:00 - 16:00 08:00 - 14:30
Cookies helfen uns bei der Bereitstellung des ZIM HilfeWikis. Bei der Nutzung vom ZIM HilfeWiki werden die in der Datenschutzerklärung beschriebenen Cookies gespeichert.