Problems? Please consult our FAQ for OpenVPN.

If your question is not answered in the FAQ, please write a mail to: vpn∂

To use the VPN service at KIT you have to follow the installation instrructions for your operating system..

Using Split VPN tunneling

As VPN is heavily used at the moment you should consider using the Split Tunneling Configuration. But only if you are in a secure environment, for example if you work from home.

Please download the configuration file kit-split from Custom configurations.

Advantage: Only the traffic with destination KIT is going through the tunnel. So with split VPN your connection to the internet is more performant and you reduce load of the KIT VPN infrastructure.

Disadvantage: You won't be able to reach publishers directly which do not support user authentication because you won't be recognized as KIT user.

Default VPN tunnel at KIT

Configuration file

You need the default configuration file kit.ovpn. You can find it on top of the page with the installation instructions.

User name

Log in with the KIT account (ab1234 for employees or uxxxx for students).

Employees: Please use your KIT login name, which you can look up in the Self-Service Portal by the SCC. It consists of two characters and four numbers (e.g. ab1234). The log in to the portal is possible with the KIT mail address.

Students: Your login name consists of one u and four characters (e.g. uxxxx).

VPN2VLAN (access to organization unit subnet)

Custom VPN tunnels right into the subnet of the organization unit have to be requested by the IT responsibles of the organization unit. Please write to vpn<at>

If you as a user need VPN access for a specific VLAN i. e. subnet, please contact your IT responsible. If you have been authorized, you only need to append @realm to your KIT username. If the access is also available with split tunneling (must be requested additionally), the realm is <vlan-name>-split.

Configuration file

For the VPN2VLAN tunnels you have to use the configuration file kit-vpn2vlan.ovpn. You find it on top of the page with the installation instructions.

User name

You need to login with: <kit-account>@vlan-name

VPN access to SAP with Token (*not* ESS)

Configuration file

For the tunnel to SAP you have to use the configuration file for VPN2VLAN kit-vpn2vlan.ovpn. You find it on top of the page with the installation instructions.

User name

You need to login: 

  • within the KIT: @sap with two-factor authentication
  • outside the KIT: @sap-von-aussen with two-factor authentication

The password is a combination of your KIT password and your token, separated by a comma.

Custom configuration files

Normally, you only need the default configuration file. But for special requirements there are further VPN tunnels. For these you need custom configuration files that you find on Custom configuration.


With split tunneling only the traffic with destination KIT goes through the VPN tunnel.

In case of using split tunneling with network manager in Linux make sure that Use this connection only for resources on its network" is checked in the NetworkManager under IPv4 and IPv6 settings →routes.

Establish a VPN connection from multiple computers simultaneously

To establish multiple connections to the OpenVPN server simultaneously you have to add a unique identifier to the user name to distinguish the clients. The identifier (e.g. the computer name) has to be added after the original user name, seperated by a /, and before any @.

Example: You can simultaneously log in with user/computer1 or user/computer1@vpn-split and user/computer2@vpn-split. You can choose any identifier.