FAQ - Frequently asked questions regarding VPN
VPN – Your connection from your home to the TUK
By using the VPN access point of the TUK your client will get an ip-address of the TUK network. You will actually become a member of the TUK network and you can use all the services the TUK offers, even if you are not on the campus. The entire communication and data-exchange between your device like personal computer, laptop, tablet computers or smartphone and the TUK network will be tunneled through a secure and encryted connection.
The Staff gets the opportunity to use a feature called Full Tunnel. Full Tunnel means, that the entire data exchange is being encrypted before the TUK network can be reached. In this way a secure connection can be established while using hotspots or third party providers.
When ever you are asked for an authorization, for example WLAN, VPN or 801.1X your username followed by @rhrk.uni-kl.de and your password is needed. In the past a Unix/AIX/Linux and a Windows password was required. This is obsolete now. In case you did not have a chance to synchronize your passwords at passwort.uni-kl.de you should do it as soon as possible. The section RHRK account is glad to provide additional information for you.
All the holders of a valid RHRK-Account are considered to be authorized users. External users may use the profile Split Tunnel only. Role accounts and accounts of student organizations are not authorized. Further information can be found in the RHRK account section.
You do see a context menu with the entries "group" or "Gruppe" in your VPN login dialog to choose the VPN profile.
Option 1 is Full Tunnel. That means, that all data transferred is using the VPN gateway. There are two main reasons to select this profile. You are getting a TUK IP address and all data is transferred encoded even if you are using a public hotspot.
This option is restricted to TUK members.
In case of Split Tunnel only the traffic towards the TU Kaiserslautern is routed through the encrypted tunnel. If your home-provider is considered save for confidential communication and you need to access services restricted to the TUK network, you may use this profile.
For external users, this is the only option.
The option "Full Tunnel (with) local LAN access" is pretty much like "Full Tunnel" plus access to your local network (to use your printer or NAS for instance), what in case of standard Full Tunnel is blocked for security reasons. Do not choose this profile while connected to an untrusted network or a public hotspot.
This option is restricted to TUK members.
Your VPN client is saving your selection as a preferred option.
Only endpoint devices like your desktop computer, laptop, tablet or smartphone are meant to use the Remote Access VPN, home routers are not.
No. Since the TUK dorms have a physical connection with the TUK network, there is no need for a VPN connection.
There a maximum of 3 parallel VPN connections per account possible.
If you are located outside the TUK network and established a VPN connection using the "Full Tunnel" option you may check your own IP.
Just go to http://test-ipv6.com or http://ct.de/ip
You should get something like 131.246.xxx.yyy in case of ipv4 or 2001:638:208:xxx: in case of ipv6. These numbers are reserved for the TUK and indicate that you established the connection successfully.
In general, yes it is possible.
Some companies are using a proxy server which has to be used to access the internet. The VPN client by default uses the proxy server setup in the operating system, so in most cases the VPN connection can still be established. (Check the proxy details in your network connection settings.)
A VPN connection needs at least a TCP port 443 to vpn.uni-kl.de. If there is good network connectivity it may be possible to use UDP port 443 to optimize the speed.
In this case you have to select the the option "Split_Tunnel" or "Full_Tunnel-Local_LAN_Access" in the groups(Gruppe)-menu within the login dialog.
Since you are located on the campus and already logged in the TUK network it is not feasible to use a VPN connection.
As soon as I try to establish a VPN connection I receive an error message „Login failed: 80090308: LdapErr“
Most likely you are using the wrong combination of username and password or just a typing mistake. In addition you need to check if you are an authorized user and/or have a valid account.
May be your passwords for the different RHRK services are not synchronised properly. To rule this out go to https://passwort.uni-kl.de and reset your password.
I used Cisco AnyConnect VPN client in the past to set up a differnt VPN connection. Do I have to reinstall the client?
A reinstall is not necessary if you have the Cisco AnyConnect Secure Mobility Client installed.
However you have to select vpn.uni-kl.de on your first login. On your first login the TUK profile will be installed automatically and saved as TU Kaiserslautern. The next time you want to connect just chose this entry to connect.
Please be aware, that your VPN client may be updated automatically once you log in.
Cisco provides the following information: "AnyConnect for Android is available for download only from the Android Market for your Android device, or from Amazon for Kindle devices. You cannot download it from the Cisco website or after connecting to a secure gateway."
If our FAQ and configuration notes could not help you, you can seek advice from our Service Point.
In addition you can get support by writing a detailed email to hotline(at)rhrk.uni-kl.de. Please make
sure you specify the operating system in use. If possible submit the log files of your VPN client. (If
your are using windows, this should be found at C:\Program Files (x86)\OpenVPN\log.)