VPN

From HSMWiki
Jump to: navigation, search

Requirements to establish a VPN connection to the HSMW network

  • You must've agreed to the network user guideline
  • Your password shouldn't be expired

You can check both here Settings

VPN on Windows 7

Vpn anleitung win7 step1.jpg

  • Open the Control Panel and click on "Network and Internet" and then on "Network and Sharing Center"
  • Follow these Steps:
    • Click on "Set up a new Connection or Network"
    • Click on "Connect to a Workplace"
    • Select "Use my Internet connection(VPN)"

Now you will be asked to create a new VPN connection.

  • Internet address: vpn4.hs-mittweida.de
  • Check the box "Don't connect now; just set it up..."
  • Username: username@hs-mittweida.de
  • Click on "Create"
  • Close the window. (Don't establish the connection yet)
  • Go again to Control Panel -> Network and Internet -> Network and Sharing Center
  • On the top left, click on "Change Adapter Settings"
  • Right-Click on "VPN-Connection" and choose "Properties"

Open the tab "Security" and select the following settings:

Vpn anleitung win7 step2.png

  • Type of VPN: IKEv2
  • Check "Use Extensible Authentication Protocol(EAP)
    • Select "Secured EAP (PEAP)
    • Click on Properties
      • Check the box "Connect to these servers:"
      • Fill the panel with dns2.hs-mittweida.de
      • In the list below, check the box with "Deutsche Telekom ROOT CA 2"
      • Select "Enable Identity Privacy" and write "anonymous" in the panel
      • Confirm with OK

Right-Click on the VPN-Connection and select "Connect".

Troubleshooting

Error 809

If you encounter error 809, a connection error, it is highly possible that the connection was blocked due to third party software like "ZoneAlarm", a firewall. Try to test the connection with the third party software deinstalled, as just deactivating it won't unblock the connection.

VPN WIN7 Fehler 809.png

Connection attempt could not completed / failed

Check the VPN settings -> Security. Make sure to set authentification to secured EAP(PEAP), open the properties and set "Connect to this server" with dns2.hs-mittweida.de. See the last steps of this manual for details.

FehlerVPN2.jpg


Error 13801

If this error occurs, the dfn-certificate may not be installed correctly. Please contact an administrator to get help: NCC.

FehlerVPN.PNG

VPN with Windows 8 (native)

It is possible to configure VPN on Windows 8 without using third-party software.

Display the Charms bar and then click on "Settings".

Vpn win8 1.png

Afterwards click on the small gear-symbol: "Change PC-Settings"

Vpn win8 2.png

Switch to "Network"

Vpn win8 3.png

In this new window, click the top entry "Connections", and then the plus-symbol "Add VPN-Connection".

Vpn win8 4.png

Enter the following credentials as seen in the screenshot.

Save the settings afterwards.

Vpn win8 5.png

How to connect to the VPN:

Click on the networksymbol in the taskbar. It will show the available network connections. The newly created VPN connection will be listed here. Click on it and connect.

VPN on Windows 10(native)

Open the start menu and click on "Settings".

Vpn1-win10.PNG

Choose "Network and Internet"...

Vpn2-win10.PNG

... "add VPN connection"

Vpn3-win10.PNG

Enter the following credentials as seen in the screenshot and save it. Use your username and password from your university credentials!


Vpn4-win10.PNG

Click on the newly created VPN connection -> change adapter settings.


VPN W10 Bild1.PNG

Rightlick with your mouse and choose "Properties".

VPN W10 Bild2.PNG

Change to "Network". Click on "Internet Protocol Version 4 (TCP/IPv4)"" and "Settings"


VPN W10 Bild4.PNG

Click on "Advanced..."

VPN W10 Bild5.PNG

Check the box at "Use default Gateway for remote networks"

VPN W10 Bild6.PNG

Close the window.

Important! The first version of windows 10 had a bug. This lead to the missing of the last checkbox. If this is the case, do the following:

Open the Windows Powershell

Windows > All Apps > Windows Powershell > Windows Powershell

Enter the following command:

Set-VpnConnection "HSMW" -SplitTunneling $FALSE

VPN W10 Bild11.PNG

Open / change to the window "Network and Internet"

Vpn5-win10.PNG

After the first succesful connection a dialogue window will pop up. Confirm and click on "Connect".

Vpn6-win10.PNG


VPN with Linux strongSwan

strongSwan is a complete IPsec implementation for Linux. You can either use the paket manager to install it or compile it yourself. This manual refers to the paket installation.

Installation on Debian Wheezy

To get the newest version of strongSwan, add the following line to your sources.list ( etc/apt/sources.list ):

deb http://http.debian.net/debian wheezy-backports main


Execute the following commands afterwards:

sudo apt-get update
sudo apt-get -t wheezy-backports install ca-certificates strongswan libcharon-extra-plugins libstrongswan-extra-plugins libstrongswan-standard-plugins


Add the following two lines to the init script (/etc/init.d/ipsec)

# Required-Start:    $network $remote_fs
# Required-Stop:     $network $remote_fs

Customizing the configuration files

After the installation is done, you must adjust the following files:

  • /etc/strongswan.conf
  • /etc/ipsec.conf
  • /etc/ipsec.secrets


Additionally, you need to create a link in the directory "/etc/ipsec.d/cacert" :

ln -s /etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem /etc/ipsec.d/cacerts/

strongswan.conf

This file should contain only the following lines:

charon {
  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown openssl resolve
}

Everything else besides this is not required and disturbs the connection!

ipsec.conf

Add the following lines of text to the file:

conn hsmw-vpn
        keyexchange=ikev2
        left=%defaultroute
        leftid=%any
        leftauth=eap
        eap_identity=username@hs-mittweida.de
        leftsourceip=%config
        leftdns=%config4
        leftfirewall=no
        right=141.55.128.84
        rightid=@vpn4.hs-mittweida.de
        rightsubnet=0.0.0.0/0
        rightauth=pubkey
        auto=add

ipsec.secret

In this file, you just have to add the following line:

username@hs-mittweida.de : EAP "K3nnw0rt"

Opening and Closing the VPN connection

To establish the VPN connection you need to execute this command:

ipsec up hsmw-vpn

You can terminate the VPN connection with

ipsec down hsmw-vpn


VPN with Android

Go to "Settings" -> "Wireless & Networks", click on "More..." select "VPN" and tap the "+" sign.

Vpn-android-1.png

After entering your information, hit Save.

Connect by going back to the VPN settings and selecting your VPN of choice.


VPN with iOS

Use the recommended VPN configuration profile:

https://wiki.hs-mittweida.de/en/Configuration_profiles_for_OS_X_and_iOS


Alternatively, follow the steps:

Go to ""Settings"" -> ""General"" -> ""VPN"" -> add VPN connection.

VPN-neu-iOS-1.png VPN-neu-iOS-2.png VPN-neu-iOS-6.png VPN-neu-iOS-3.png


Enter the following settings:

  1. IPSec Tab
  2. Description: HSMW-VPN
  3. Server: vpn4.hs-mittweida.de
  4. Account: username@hs-mittweida.de
  5. Password: Your password
  6. Use certificate: off
  7. Group Name: [hybrid] with edged brackets!
  8. Shared Secret: random words, numbers (e.g.: 0815, test)

VPN-neu-iOS-4.png VPN-neu-iOS-5.png

VPN with OS X

OS X 10.7 is the minimum requirement for this setup!

Alternatively, use the installation profiles: https://wiki.hs-mittweida.de/en/Configuration_profiles_for_OS_X_and_iOS

Open System Preferences and click on Network. The plus symbol on the bottom left corner opens a new window to create a new connection.

VPN-neu-OSX-1.png VPN-neu-OSX-2.png VPN-neu-OSX-3.png


  1. Interface: VPN
  2. VPN Type: Cisco IPSec
  3. Service Name: HSMW-VPN

VPN-neu-OSX-4.png

Enter the following credentials:

  1. Serveradresse: vpn4.hs-mittweida.de
  2. Accountname: username@hs-mittweida.de
  3. Kennwort: Your password

VPN-neu-OSX-5.png

Afterwards, click on the button Authentication Settings.... Choose Shared Secret

  1. Shared Secret: Enter arbitrary values (whatever, 0815, test)
  2. Gruppenname: [hybrid] with squared brackets!

VPN-neu-OSX-6.png

Confirm everything with Apply and connect.

VPN-neu-OSX-7.png