VPN stands for Virtual Private Network und enables for a secure connection via insecure networks.
- Free and open-source software portal OpenConnect is an open-source software application for connecting to virtual private networks (VPN), which implement secure point-to-point connections. It was originally written as an open-source replacement for Cisco 's proprietary AnyConnect SSL VPN client, which is supported by several Cisco routers.
- Thanks for the great client! The AnyConnect server I'm using requires 2FA with Okta. When I'm specifying the TOTP secret key, openconnect doesn't use it in the 2FA form (private data is redacted): $ pass vpn head -n1 openconnect -v -u u -authenticate -passwd-on-stdin -token-mode=totp -token-secret='base32:$( pass totp )' -dump-http-traffic vpn.example.com 2&1 tee log POST https.
- An openconnect VPN server, which implements an improved version of the Cisco AnyConnect protocol, has also been written. OpenConnect is released under the GNU Lesser Public License, version 2.1. Development of OpenConnect was started after a trial of the Cisco AnyConnect client under Linux found it to have many deficiencies.
- OpenConnect-gui is the graphical client of OpenConnect for the Microsoft Windows system (or any other system Qt and OpenConnect run at). OpenConnect is a VPN client, that utilizes. With the CISCO AnyConnect SSL VPN protocol.
OpenConnect is an open-source software application for connecting to virtual private networks (VPN), which implement secure point-to-point connections. It was originally written as an open-source replacement for Cisco's proprietary AnyConnect SSL VPN client, which is supported by several Cisco routers.
The VPN Service in Detail
Insecure networks - e.g. the Internet - in principle allow unauthorized tapping and falsification of communication relationships. To prevent this, VPNs use special protocols that encrypt the data. At Chemnitz University of Technology, the Transport Layer Security Protocol (TLS) and the IPsec standard (IP Security) are used for this purpose. In principle, a tunnel is established between your computer (at home or on the road) and the VPN server at Chemnitz University of Technology, through which any IP data is sent in encrypted form.
Ubuntu Openconnect Anyconnect
Whom is this service intended for?
- Users, who want to access to the TU Chemnitz campus network securely way with their own computers via external internet providers
- Users who want to access the campus network of Chemnitz University of Technology securely from a connection at another university or any other internet access (e.g. on business trips, congresses etc.)
- Users who want to access the campus network of Chemnitz University of Technology securely from their computer via data outlets in public rooms of Chemnitz University of Technology.
When the connection is established, an authentication with your URZ user ID and password is performed. If a VPN tunnel is successfully established, the computer receives an IP address from the address range of Chemnitz University of Technology. This also allows access to services that require a sender address from the address range of the university.
Preconditions
- a valid user login
- a computer with a with functioning Internet/network connection or WLAN connection functioning in the WLAN radio network
A so-called VPN client must be installed on your computer. If no VPN client can/may be installed on your computer, a purely browser-based access to web-based services of Chemnitz University of Technology is possible via web browser (WebVPN).
The TLS-based Anyconnect client from Cisco is recommended. Campus licenses are available free of charge to all students and employees of the university.
Under Linux, the freely available IPsec-based VPN client VPNC or thefreely available TLS-based VPN client Openconnect can be used.
Mac OS version 10.6 and higher has its own native IPsec-based VPN client on board. The included native IPsec-based VPN client can also be used on iOS devices (iPhone, iPad, iPod touch) and Android devices.
VPN via Client
Here you find instructions for setting up VPN on the different plattforms.
- Windows 10
- Linux
- Mac OS
- iPhone/iPad
- Android
Windows 7 / Windows 8 / Windows 10
Cisco Anyconnect Secure Mobility Client (Windows)
Two installation versions for the Cisco Anyconnect Secure Mobility Client are offered.
Classical Installation using the donwloaded Installation Package
Administration rights are necessary for installation.
- Download the current version of the installation package (.msi)
- Start the downloaded .msi-file.
- Confirm the security warning „Execute“.
- Confirm the welcome window with „Next“.
- Accept the license conditions. Click 'Next'.
- Start installation with 'Install'.
- Installation is executed.
- Close with 'Finish' after successful installation.
- As normal user, start the client from the start menu.
- Instructions for first configuration and usage can be found under Using Anyconnect
Installation using the Web Browser
For the installation, administration or root rights are necessary. Furthermore, Java or ActiveX have to be available on your computer.
- Enter the following address into your browser: https://vpngate.hrz.tu-chemnitz.de/
- Authenticate with your TUC user login and password ob the login page.
- After successful authentication, the following page is shown:
- Choose AnyConnect on the left menu:
- Click Start AnyConnect
- An automatic system recognition, the of Cisco Anyconnect Secure Mobility Client on your system and a VPN connection are done by the VPN server.
- Installation is finished. The future establishment and termination of VPN connections can be controlled directly via the interface of the Cisco Anyconnect Secure Mobility Client. If the automatic installation fails, you also have the possibility to do the classical installation. The download of the needed installation package is offered in your browser then.
Linux
Cisco Anyconnect Secure Mobility Client (Linux)
For installation you need to be root.
- Download the current installation package
- Unzip the archive.
- Change into the directory vpn. Start the script vpn_install.sh.
- Copy the 'Wurzelzertifikat T-Telesec Global Root Class 2' T-TeleSec_GlobalRoot_Class_2.pem into the ca-directory.
- Start the client on the command line: or or in your graphical user interface as a normal user:
- Notes for the first configuration and for usage you find under Using Anyconnect
Free TLS Client for Linux – Openconnect
For Linux, the free TLS client Openconnect is offered for connections to the Cisco VPN server.
In the current system versions of Suse, Fedora, or Debian Openconnect is offered as a standard package, but also the installation from the origin sources is possible.
With new Linux systems (e.g. Fedora from version 11), VPN access can be configured via Network Manager.
Mac OS
Cisco Anyconnect Secure Mobility Client (ab Mac OS 10.8)
- Download the current installation package onto your computer: anyconnect-macos-4.8.01090-predeploy-k9.dmg
- Start the installation by double-clicking the VPN icon.
- Follow the installation instructions.
- You'll find information and helpful notes under Using Anyconnect
iPhone/iPad
Cisco Anyconnect Secure Mobility Client
In iTunes Store, a version of Anyconnect for iPhone/iPad from iOS Version 6.0 is available. Search there for Cisco AnyConnect and install this program. Start the program and choose Add a new VPN connection. Use vpngate.hrz.tu-chemnitz.de as server address.
Android
Openconnect Anyconnect Profile
Cisco Anyconnect Secure Mobility Client
In the Google PlayStore a free version of Anyconnect for Android from Version 4.x is available. Search there for Cisco AnyConnect ICS+ and install the program. Start the program and choose Add a new VPN connection. Configure:
Openconnect Vpn Client Windows
- Description: TUC (optional)
- Server address: vpngate.hrz.tu-chemnitz.de
- Done
Openconnect Anyconnect App
Now, choose the configured VPN connection and start it.After username and password were entered the VPN connection will be enabled.Use instructions for Cisco Anyconnect Secure Mobility Client
Using the example of the Cisco Anyconnect Secure Mobility Client under Windows the initial configuration and using instructions are explained.These also apply to the clienty of other operating systems.
- At the initial start of the client, enter the address vpngate.hrz.tu-chemnitz.de in the anyconnect start window and click on “Connect”.
- Enter your user name into the field „Username:“. The related password has to be entered into the field „Password:“. Start the connection by clicking on „OK“.
- After the successful connection setup the Cisco AnyConnect window will be minimised and hides behind the Anyconnect symbol in the task bar.
- You will gain access to statistical and connection based information by clicking on „Advanced …” in the Anyconnect start window.
- The connection will be closed by „Disconnect“ in the Anyconnect start window.
Openconnect Anyconnect Free
WebVPN
WebVPN is a browser-based solution for secure access to the campus network of the TU Chemnitz.Some web-based services at the TU Chemnitz, e.g. library research, are only accessible for computers,which are located in the IP address range of the TU Chemnitz. With the help of WebVPN, these offers can also be used withoutinstallation of a VPN client outside the TU Chemnitz. WebVPN offers an encrypted andauthenticated connection via SSL/TLS.
Openconnect Anyconnect Download
Precondition for use: Cookies and JavaScript have to be allowed in the browser.
Procedure:
- Enter the following address in your browser: https://vpngate.hrz.tu-chemnitz.de/
- Authenticate on the login page using your username and password:
- After a successful authentication the following page is presented:
- After entering an URL directly into the field address the given website will be opened via WebVPN.
- Under web spplications you get a list of predefined bookmarks:
- Under Any Connect the VPN Client Cisco AnyConnect is offered (which is not necessary for WebVPN).
- The control of a WebVPN session is done by an additional menu bar, which appears in the upper right corner of the brwoser window after calling the URL or bookmark:
Security note: When Using WebVPN no end-to-end-security is guaranteed.That means, when calling TLS-secured websites the corresponding certificates are accepted by the WebVPN gateways automatically!