OpenConnect VPN client

TU Dresden’s VPN can be used with the free software Openconnect VPN Client as well as with Cisco’s AnyConnect Secure Mobility Client.

Instructions for Linux (Ubuntu 18.10 LTS and newer):

Installation of openconnect/ network-manager-openconnect / network-manager-openconnect-gnome

In Ubuntu, open the “Ubuntu Software Center”, please find “openconnect”, “network-manager-openconnect”, and "network-manager-openconnect-gnome" and install all three packages, or install them via the APT in the command field:
sudo apt-get install openconnect network-manager-openconnect network-manager-openconnect-gnome 

Reboot your computer and log in again.

Start the Settings Manager by clicking on the toolbox icon (screwdriver/open-end wrench):
 

01_opc_1810 © Ubuntu18.10


On the windows that appears next click on "Network" and then on the "+" sign right from "VPN" :
 

02_opc_1810 © Ubuntu18.10


Select the connection type in the new window “Add VPN” by clicking on “Cisco AnyConnect Compatible VPN (openconnect)":
 

03_opc_1810 © Ubuntu18.10

Now complete the form that appears. Enter a “Connection Name” (e.g. “TU Dresden”) and the name of the VPN-Gateway (“vpn2.zih.tu-dresden.de”). Copy the certificate chain of TU-DFN-PKI for the “CA Certificate” from here, save it as TUD-CACert.pem and refer to the file in the input field “CA Certificate”. Then click the green “Add” button in the upper right corner:

04_opc_1810 © Ubuntu18.10


To establish the VPN-connection, click on the toolbox icon again and under “Network” switch on the new “TU Dresden VPN” connection  (from OFF to ON). As a prerequisite your computer needs to be connected to the internet via WiFi or Ethernet.
 

05_opc_1810 © Ubuntu18.10

In the next window “Connect to VPN ‘TU Dresden’" first choose the split group at "GROUP:" (A-Tunnel-TU-Networks). Then enter your credentials "Username:" (<ZIH-username>@tu-dresden.de) and "Password:". Replace "user" with your personal username/login at ZIH and at "Password:" enter your personal password belonging to that username at ZIH.
Then click the "Login" button:

Openconnect_06 © Openconnect_06

Now the connection should be established. A small padlock symbol should be visible on the topmost line of your linux screen:
 

07_opc_1810 © Ubuntu18.10



To disconnect from VPN, click on the toolbox icon again and under "Network" --> "VPN" turn the connection "TU Dresden VPN" off (from ON to OFF).

The VPN connection can be created by a CLI command too:
sudo openconnect -u <ZIH-Username>@tu-dresden.de --authgroup=A-Tunnel-TU-Networks vpn2.zih.tu-dresden.de

Instead of Group "A-Tunnel-TU-Networks" other Tunnel Groups can be used. The description can be found here

FAQ:

  • SSL connection failure: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).

    (SSL-Verbindung versagt: Die Diffie-Hellman-Primzahl, die vom Server gesendet wurde, ist nicht akzeptabel (zu kurz).)
    Solution: in Linux enter this command as root:
    # update-crypto-policies --set LEGACY

About this page

ZIH Web
Last modified: Aug 18, 2022