Regional University Computing Center

Configuration for Linux

1. Installation of the VPN-Client Software

 

The required VPN-Client Software can under certain conditions get installed for Linux from our web-portal via your web browser. This automatic installation only functions with a 32bit (x86) version as well as with an installed Sun/Oracle Java Plugin. You will find help for a  manual installation at the end of this page.

Please open the following website for installation procedure:

vpn.uni-kl.de

 

Please access by using your RHRK-user name, followed by @rhrk.uni-kl.de and your RHRK- password.

 

After successful access at the web portal, the VPN-Client software will be installed automatically.

After a terminal window will open up. An authentication is needed there with sudo for the installation. Please enter the password of your local Linux-user there.

 

After a successful installation a relevant notice will appear on the web-portal and the VPN- connection is in process. An active connection can be recognized with the padlock symbol on the Cisco AnyConnect-Symbol in status bar.

2. Establishing VPN connection

After the onetime installation of the VPN-Client, accessing the Web-Portal is no longer required. The connection to VPN can be established and ended directly via the Cisco AnyConnect-Symbol.

After the first successful connection, your user name (RHRK-user name, followed by @rhrk.uni-kl.de) is pre-filled, only your password needs to be inserted.

3. Ending the VPN-Connection

Please remember to end the VPN-connection as displayed, as soon as you no longer need it.

4. Manual Installation

In the event that an automatic installation via the web-browser does not function (e.g. with an x64-installation or a missing Java-Plugin), then this installation program can also be downloaded manually and performed. You can recognize a failed download at the following:

In this case please follow this link to the installation program, save the file and run the program with the following command:

sudo sh ./vpnsetup.sh

For the first connection please enter the server name vpn.uni-kl.de. After the first successful connection and the automatic download of the configuration profile, the connection is called TU Kaiserslautern.

5. Certificate Warning

With your first attempt to connect you may unfortunately receive a warning that the server certificate cannot be verified ("Untrusted VPN Server Blocked!"). With Linux, the VPN-Client utilizes its own memory which does not contain the required certificate.

With systems containing Ubuntu or Debian it is sufficient to link the in the system existing certificate with the VPN-Client (as root):

 

ln -s /etc/ssl/certs/deutsche-telekom-root-ca-2.pem /opt/.cisco/certificates/ca/

Alternatively you can also copy the following CA-Certificate manually to: /opt/.cisco/certificates/

T-Telesec-Root-CA-2

6. Alternative VPN-Client

OpenConnect is an open alternative for the Cisco AnyConnect Secure Mobility Client. OpenConnect can either be used per CLI or via the GUI of the Network Manager (package name under Debian / Ubuntu: network-manager-openconnect und openconnect). Please enter vpn.uni-kl.de for name of the VPN-Server. OpenConnect works with our presently implemented server version, however we cannot offer support for it at this time or warrant inter-operation with future versions.

Zum Seitenanfang