====== VPN at Hamburg University ======

To connect to the Hamburg University network, via potentially unsecure (public) networks, it is strongly recommended to connect via a VPN (virtual private network) to establish a secure and encrypted connection.
The required VPN - Client can be downloaded from the web pages of the RRZ (the computing centre of Hamburg University).

<note important>Prerequisite to connect to the University VPN: You need a valid UHH - Identifier (like fmnv165)</note>


===== VPN installation on Windows =====


Download VPN – Client for Windows

=== How to install and configure the AnyConnect VPN – Client ===


  - Download and install the current[[http://www.rrz.uni-hamburg.de/fileadmin/internet_kommunikation/anyconnect/uhh-anyconnect-windows.msi|Cisco AnyConnect VPN-client]] from the RRZ-pages.
  - Double-click on the downloaded file to start the installation.
  - Confirm all message – boxes.
  - When the installation is finished, you'll find a new entry under:\\ '''Start'→ 'Alle Programme' → 'Cisco' → 'Cisco' → 'Cisco AnyConnect Secure Mobility Client' ''
  - click on the entry 'Cisco AnyConnect Secure Mobility Client' to start the VPN-client

=== Configuration ===

The next step you only need to perform when you establish a connection via the Cisco VPN - client for the first time. Please enter the address of the VPN – Gateway (vpn.rrz.uni-hamburg.de) as can be seen in the graphic below:
{{https://itwiki.math.uni-hamburg.de/lib/exe/fetch.php/en:user:vpngateway.png|vpn-gateway}}


Now click onto the 'Connect' – button. While the connection is being established you'll be prompted to enter your UHH – identifier together with your password into the following dialog – window:

{{https://itwiki.math.uni-hamburg.de/lib/exe/fetch.php/en:user:identpassword.png|identity}}
Press 'OK' to continue.

After a successful connection buildup a message will be displayed above the lower right corner of the task – bar:
{{https://itwiki.math.uni-hamburg.de/lib/exe/fetch.php/en:user:vpnconnected.png|vpnconnected}}

A successful connection can also be noticed by the small spherical icon  with a lock in front of it.{{https://itwiki.math.uni-hamburg.de/lib/exe/fetch.php/en:user:spherelock.png?30|success  }}\\ 
\\ 

===== VPN installation on OS X =====

=== How to install and configure the AnyConnect VPN – Client on Mac OS X ===

  - download the most current [[http://www.rrz.uni-hamburg.de/services/netz/daten/file/uhh-anyconnect-macosx-i386.dmg|Cisco AnyConnect VPN Client]] from the RRZ web pages
  - double-click on the downloaded file, a new window opens
  - in this window double-click on **AnyConnect.pkg** to start the installation
  - during the installation process confirm all messesage-boxes until your are about to choose the installation type (see graphic below):
<WRAP group>
<WRAP half column>

{{https://itwiki.math.uni-hamburg.de/lib/exe/fetch.php/en:user:screen_shot_2014-07-29_at_14.54.32.png|remove checkmarks}}
</WRAP>

<WRAP half column>
\\ 
**Remove the checkmarks** in front of 'Web Security', 'Diagnostics and Reporting Tool' and 'Posture' and confirm your changes by pressing 'Continue'.
</WRAP>
</WRAP>

The configuration should look like this now:

{{https://itwiki.math.uni-hamburg.de/lib/exe/fetch.php/en:user:screen_shot_2014-07-29_at_14.54.41.png?600|VPN only}}\\ 
To proceed with the installation confirm the selection by pressing 'Continue'.
When the installation is finished you'll find a new entry under:\\ 
-> Applications -> Cisco -> Cisco AnyConnect Secure Mobility Client.app (see pic. Below):
{{https://itwiki.math.uni-hamburg.de/lib/exe/fetch.php/en:user:screen_shot_2014-07-29_at_15.01.31.png|applications}}
\\ 
=== Configuration ===

**The next step you only need to perform when you establish a connection via the Cisco VPN - client for the first time**. Please enter the address of the VPN – Gateway (vpn.rrz.uni-hamburg.de) as can be seen in the graphic below:
{{https://itwiki.math.uni-hamburg.de/lib/exe/fetch.php/en:user:screen_shot_2014-07-29_at_15.51.18.png|address vpn}}

Now click onto the 'Connect' – button. While the connection is being established you'll be prompted to enter your UHH – identifier together with your password into the following dialog-window:
<WRAP group>
<WRAP half column>

{{https://itwiki.math.uni-hamburg.de/lib/exe/fetch.php/en:user:screen_shot_2014-07-29_at_15.51.49.png|identifier}}
</WRAP>

<WRAP half column>
\\ 
Press 'OK' to continue.
</WRAP>
</WRAP>

After a successful connection buildup a spherical icon with a lock in front of it will appear in the dock. (only temporary, whole VPN is in use)
{{https://itwiki.math.uni-hamburg.de/lib/exe/fetch.php/en:user:screen_shot_2014-07-29_at_15.52.44.png|spherical}}

Furthermore, the state of the connection can be viewed in the menu-bar at the upper margin of your display.
{{https://itwiki.math.uni-hamburg.de/lib/exe/fetch.php/en:user:screen_shot_2014-07-29_at_15.56.33.png|menu-bar}}







===== VPN installation on Linux =====

<note warning>According to a recent statement of the computing centre, VPN clients but Cisco Anyconnect are no longer able to establish VPN connections with university hamburg</note>

The Computing Centre has  [[http://www.rrz.uni-hamburg.de/de/services/netz/vpn/vpn-linux.html|instructions (in German)]], how to install the Cisco Anyconnect Client under Linux (Ubuntu). However, we recommend rather to use [[http://www.infradead.org/openconnect/|OpenConnect]], which in most Linux distributions can be installed directly from the package sources.

For Debian / Ubuntu and derivatives, please enter the following in the command-line:
  sudo apt-get install --install-recommends network-manager-openconnect-gnome
  sudo service network-manager restart
After installation click on the network-symbol, choose in the menu "VPN-Connctions" -> "Configure VPN".\\
In the new window, click the button "Add", and you will see a new window "Choose Connection Type". 

Choose in the dropdown-list to the entry "Cisco AnyConnect compatible VPN-Connection (openconnect)" and click the button "Create".

In the VPN-Configuration window choose as connection name for example "UHH-VPN". Enter the following in the Tab "VPN":

Gateway: ''vpn.rrz.uni-hamburg.de''\\
CA-Certificate: ''/etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem''

Leave the standard-settings in the remaining fields and click the button "Save".

To login to the VPN please provide your UHH-Account-Name: e.g. fmnv165, followed by your RRZ-Password (same password as for your email-account).