Main Content

VPN on Linux (OpenConnect, recommended)

VPN on the Linux desktop with the open source VPN client OpenConnect

Latest 2023-05-21: Graphical login works limited, use command line.

The solution described below does not work correctly due to a bug in a required utility. Please use the following command in the terminal:

sudo openconnect --authgroup=unimr-vpn-staff-Passwort+2FA -u username vpn.uni-marburg.de
bzw.
sudo openconnect --authgroup=unimr-vpn-students-Passwort+2FA -u Username vpn.uni-marburg.de
Replace username with your staff or student username. The program continues to run in the terminal and remains in the foreground, the terminal must remain open. CTRL-C terminates the process and the VPN connection.

Entry requirements

• Inhalt ausklappen Inhalt einklappen Operating system, previous knowledge, internet, username

  • Operating System: Your Linux should be up to date, i.e. all necessary updates should be installed. This guide was created using Ubuntu Linux 22.04 LTS (Jammy Jellyfish) as an example.
  • Root Certificate: The Zertifikat T-Telesec Global Root Class 2 certificate, i.e. the file /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem must be present. Most modern distributions already bring the certificate with them.
  • Previous Knowledge: Sie verfügen über grundlegende Kenntnisse der Systemadministration unter Linux, d. h. Sie kennen die grundsätzliche Bedeutung von Administrator-Rechten und wissen, wie man Programme installiert.
  • Your Internet access works reliably. You are familiar with establishing and terminating connections and have an overview of the devices involved (e.g. ADSL modem, cable modem, WLAN-capable router, etc.).
  • Username and password of your university account (staff or students) are available.

Installation

To ensure the OpenConnect capability (external link to the provider) of the Gnome Network Manager, the appropriate packages for OpenConnect must be installed via the Software Package Manager of the Linux distribution.

For Debian and Ubuntu, install the packages network-manager-openconnect and network-manager-openconnect-gnome:

1. Make sure that your computer has an active internet connection for the installation.
2. Start a terminal. This can be done in many different ways depending on the desktop manager used:
   • Unity Desktop, Gnome 2 Desktop: Press the key combination Alt + F2, enter "gnome-terminal" and start the corresponding program.
   • Gnome 3 Desktop: Press the key combination Alt + F2, enter "gnome-terminal" in the search field and start the corresponding program. If no input dialogue appears after the key combination, start the program "Terminal" via the usual menues.
3. In the terminal, enter one of the following commands. For newer distributions based on Debian, the following applies:

   sudo apt-get install network-manager-openconnect-gnome

   For older distributions based on Debian, the following applies:
   

   sudo apt-get install network-manager-openconnect

4. Then enter the password for your Linux account on the computer, press <Return> or <Enter> to execute the command with administrator rights.
5. After a few seconds, the installation should be completed.

Settings

1. Select Panel → Network → Settings.
   

   

   
   
   
   
   
   
   
   
   
   
   
2. In the dialogue Network, select + to set up a new VPN connection.
   

   

   
   
   
   
   
   
   
   
   
   
   
   
   
   
3. In the Add VPN dialogue, select the VPN client.
   • As type select Multi-protocol VPN Client (openconnect).
     

     

     
     
     
     
     
     
     
     
     
     
     
4. In the Add VPN dialogue, enter the following information in the Identity tab:
   
   
   • Connection name: vpn.uni-marburg.de
   • Gateway: vpn.uni-marburg.de
   • CA certificate: Search for the file /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem in the file browser of the corresponding field (possibly deviating from the illustration).
     

     

     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
   • In the IPv4 tab under DNS, deactivate Automatic and enter the following name servers: 137.248.1.8, 137.248.1.5, 137.248.21.22

1. Then confirm the settings with Apply.
   
   

Establishing a connection

1. Under Panel → Network, select Connect to establish the VPN connection you set up earlier.
    

   

   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
2. In the Connect to VPN dialogue, you can log on to the VPN.
   
   • Select as VPN host: vpn.uni-marburg.de.
     

     

     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
   • As GROUP, select the group you want (unimr-vpn-students or unimr-vpn-staff-password+2FA).
   • As Username, enter your user name.
   • Enter your personal password as Password.
   • Then click on Login.

3. After a few seconds you should be connected to the VPN of the Philipps-Universität Marburg.

Disconnection

• Select Switch off under Panel → Network below the corresponding VPN connection to terminate the VPN connection.
  

  

  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  

Troubleshooting (cross-platform

Until the problem is solved, the supplementary WebVPN service can be a useful workaround. If you have been using VPN to send e-mail via the SMTP servers of the Philipps-Universität, it is best to switch your mail client to SMTP-Auth, cf. settings for mail programmes.
Until the problem is solved, the supplementary WebVPN service can be a useful workaround. If you have been using VPN to send e-mail via the SMTP servers of the Philipps-Universität, it is best to switch your mail client to SMTP-Auth, cf. settings for mail programmes.

• Inhalt ausklappen Inhalt einklappen Individual website/magazine/database not accessible

  If you can reach most restricted websites but not your desired site (e.g. a specific magazine or database) when the VPN is active, please try the following first:

  1. Exit the web browser completely, if necessary restart the PC.
  2. Start the VPN client and establish the connection.
  3. Start the web browser
  4. First delete the browser cache, e.g.:
     Firefox: Tools→ Clear recent history ... → Details, all ticks except for Remove cache → Click Clear now.
     Internet Explorer: Security → Delete Browsing History, remove all ticks except for Temporary Internet Files → Click Delete.
     Safari: Safari menu → Clear Cache..., click on Clear there.
     Chrome: Click on the spanner icon area → Tools → Clear Search Data... → Remove all check marks except for Clear cache → Click Clear internet data.
  5. Call up the page again.

  Often, the starting order described above already helps you to call up the desired page. You can also use the WebVPN service as a workaround here.

• Inhalt ausklappen Inhalt einklappen Access to the publisher's server works, but some internal services (e.g. network drives, CMS, printers) are not available.

  There is probably an address conflict. If your router at home assigns an internal IP address of the form 192.168.x.y with x ≥ 1, address and routing conflicts may occur in principle, as these private addresses (except with x=0) are also used in the UMRnet. Configure the DHCP server of your router so that it assigns addresses of the form 192.168.0.y or other private addresses.

• Inhalt ausklappen Inhalt einklappen Troubleshooting for OpenConnect under Linux

  Problem	Possible causes and solutions
  After the connection attempt, OpenConnect reports "Failed to open tun device".	Probably the TUN/TAP kernel module was not loaded. You can manually reload the kernel module with the command sudo modprobe tun. Then try to connect again. To have the kernel module loaded automatically in the future, add the entry tun to the file /etc/modules.

If the problem still exists, please contact us by e-mail at vpn@hrz.uni-marburg.de. For journal/database problems, please always include the URL or link of the resource you are looking for.