Problems? Please consult our FAQ for OpenVPN.
If your question is not answered in the FAQ, please write a mail to: vpn∂scc.kit.edu
To use the VPN service at KIT you have to follow the installation instrructions for your operating system..
Using Split VPN tunneling
As VPN is heavily used at the moment you should consider using the Split Tunneling Configuration. But only if you are in a secure environment, for example if you work from home.
Please download the Split configuration from Custom configurations.
Configuration #2 Split IPv4-Connect (l3, udp). Choose appropriate operating system and Port 1194.
Advantage: Only the traffic with destination KIT is going through the tunnel. So with split VPN your connection to the internet is more performant and you reduce load of the KIT VPN infrastructure.
Disadvantage: You won't be able to reach publishers directly which do not support user authentication because you won't be recognized as KIT user.
Default VPN tunnel at KIT
You need the default configuration file kit.ovpn. You can find it on top of the page with the installation instructions.
Log in with the KIT account (ab1234 for employees or uxxxx for students).
Employees: Please use your KIT login name, which you can look up in the Self-Service Portal by the SCC. It consists of two characters and four numbers (e.g. ab1234). The log in to the portal is possible with the KIT mail address.
Students: Your login name consists of one u and four characters (e.g. uxxxx).
VPN2VLAN (access to organization unit subnet)
Custom VPN tunnels right into the subnet of the organization unit have to be requested by the IT responsibles of the organization unit. Please write to vpn<at>scc.kit.edu.
If you as a user need VPN access for a specific VLAN i. e. subnet, please contact your IT responsible. If you have been authorized, you only need to append @realm to your KIT username. If the access is also available with split tunneling (must be requested additionally), the realm is <vlan-name>-split.
For the VPN2VLAN tunnels you have to use the configuration file kit-vpn2vlan.ovpn. You find it on top of the page with the installation instructions.
You need to login with: <kit-account>@vlan-name
Access to SAP with RSA SecurID Token (*not* ESS)
For the tunnel to SAP you have to use the configuration file for VPN2VLAN kit-vpn2vlan.ovpn. You find it on top of the page with the installation instructions.
You need to login with: <sap-account>@sap
Password: PIN+Token (without the plus sign, PIN and Token one after another)
Custom configuration files
Normally, you only need the default configuration file. But for special requirements there are further VPN tunnels. For these you need custom configuration files that you find on Custom configuration.
With split tunneling only the traffic with destination KIT goes through the VPN tunnel.
In case of using split tunneling with network manager in Linux make sure that Use this connection only for resources on its network" is checked in the NetworkManager under IPv4 and IPv6 settings →routes.
Establish a VPN connection from multiple computers simultaniously
To establish multiple connections to the OpenVPN server simultaniously you have to add a unique identifier to the user name to distinguish the clients. The identifier (e.g. the computer name) has to be added after the original user name, seperated by a /, and before any @.
Example: You can simultaniously log in with user/computer1 or user/computer1@vpn-split and user/computer2@vpn-split. You can choose any identifier.