VPN - Frequently Asked Questions

Content

sprungmarken_marker_14136

FAQ to the VPN-access of the KIT

If the FAQ doesn’t help solving your problem, please see our troubleshooting page.

Which VPN-Clients can I use to establish a VPN connection to the KIT?

The SCC offers OpenVPN as VPN-service. Not supported are: PPTP, L2TP and native or Cisco IPSec.

OpenVPN General

I can’t log  into OpenVPN. Username/password aren’t accepted (error message “AUTH: Received control message: AUTH_FAILED”)

Please make sure that you log in with your KIT account. Students and employees  are automatically activated for VPN. If you don’t know your KIT account or your KIT password, please contact the SCC Service Desk.

In case you are an external employee and you have a guest- and partner account, please get in touch with your IT representative (IT-Beauftragter, ITB) and have your account activated for VPN.

If you need VPN access to an institute network, your KIT account has to be activated by the IT representative from the institute. You need the configuration file kit-vpn2vlan.ovpn. Your username is then: kit-account@realm. The realm you can find out by the IT representative.  

Please make sure that you are using the correct configuration file. For VPN2VLAN (access to the institute network – username kit-account@vlan-name) and the access to SAP (username kit-account@sap or kit-account@sap-von-aussen) you need the file kit-vpn2vlan.ovpn. You can find this in the instructions for your operating system. Further configuration files, for example for split VPN can be found on the page with the special configurations.

If you are sure everything is correct, but it’s still not working: You have to set a new password on https://my.scc.kit.edu . Probably your password isn’t synchronized in all systems. This can happen, when you have changed your password not via my.scc.kit.edu, but, for example in windows via Ctrl+Alt+Del.

My Internet Provider is Vodafone/Unitymedia/KabelBW/KabelDeutschland and the VPN connection does not work. The tunnel is established, but it seems like there is no traffic going through.

This requires that you download and use a configuration that is suitable for you from the special configurations page.
Before doing this, go to http://wieistmeineip.scc.kit.edu/index.html.en_US  and check whether you have IPv6.

If you have IPv6,  download the configuration file #3 (IPv6, UDP). If you don’t have IPv6 or the IPv6 configuration file doesn’t bring any improvement, download the configuration file #6 (IPv4, UDP, LowerMTU)

I have a hybrid connection from Deutsche Telekom and the VPN-connection does not work. The tunnel is established, but it seems like there is no traffic going through the tunnel.

Download on the page with the special configurations the configuration file #6 (IPv4, Lower MTU) and use this.

The VPN connection is established, but the VPN connection doesn’t work. With VPN I have no access to KIT Intranet and also not to the internet. Everything or a lot of things are not loading or are loading very slowly.

This is most likely due to PMTUD issues with your provider. This requires that you download a configuration file which is right for you from the special configurations page.

Before doing that, go to the page http://wieistmeineip.scc.kit.edu/index.html.en_US and check, which Internet Service Provider (ISP) you are using and if you have IPv6.

KABELBW, KABELDEUTSCHLAND, VODAFONE, VODANET or LIBERTYGLOBAL: In case you are having IPv6, download the configuration file #3 (IPv6, UDP). If you don’t have IPv6 or the IPv6 configuration file doesn’t bring any improvement, download the configuration file #6 (IPv4, UDP, LowerMTU). In order not to disturb the connection to the rest of the internet (not KIT) you can also choose the split configuration.

DTAG: Probably you are using a hybrid connection from Deutsche Telekom. Download the configuration file #6 (IPv4, UDP, Lower MTU).
Other ISP: Try the configuration file #3 (IPv6, UDP) and #6 (IPv4, UDP, Lower MTU)

The OpenVPN-connection is not established, so there is a timeout when establishing the connection


The connection is either blocked by a local firewall on the computer (switch it off as a test) or you are in a network where udp port 1194 is blocked. You can bypass this by replacing port 1194 with port 443 in the OpenVPN configuration. You can download the configuration file with udp port 443 on the page with the special configurations. If configuration #1 with port 443 doesn’t work either, download the IPv4 TCP-configuration with port 443 (#5).

When establishing the connection there is the error message “TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)”.

Your internet connection is not available or you are in a network where OpenVPN with standard port udp 1194 is blocked. In this case you can download an alternative configuration under special configurations. The best is to try the configuration #5 IPv4-Connect TCP (l3, tcp) port 443. A possible solution how to bypass the Open-VPN ban in Egypt: https://www.addictivetips.com/vpn/bypass-egypt-openvpn-ban/ .

I get the error message “Unrecoginzed option or missing parameter(s)”.

The version of your OpenVPN-client is too old for the required security parameters. You need a version >= 2.3.3. Windows, Mac OS X: download the current version of the OpenVPN-Client. Under linux you should consider a distribution-upgrade or install a more recent version from here: OpenVPN Software Repositories

I have disabled IPv6 on my computer and cannot establish a VPN connection.

In order to be able to establish a VPN-connection to KIT, IPv6 must be activated on your system (regardless whether your internet provider offers IPv6 or not). At least it must not be deactivated globally. Futhermore it must be activated on the tun/tap interface via which the VPN connection is running. For details, see the corresponding error messages in the sections on the individual operating systems.

I can’t establish the VPN connection for the access to SAP.

For the VPN-access to SAP you need the configuration file kit-vpn2vlan.ovpn. You can find this at the beginning of the instruction for your operating system. The username for the log in is kit-account@sap or kit-account@sap-von-aussen. As password enter your KIT-password, the comma character and the current token code.

OpenVPN Mac OS X

OpenVPN Linux

Other questions to VPN