Jnk (Diskussion | Beiträge) |
|||
| (27 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt) | |||
| Zeile 4: | Zeile 4: | ||
|translated title=VPN on macOS | |translated title=VPN on macOS | ||
}} | }} | ||
| + | A VPN creates an encrypted data tunnel for your Internet connection. With the Paderborn University VPN, you can securely access the university’s internal network from off-campus—just as if you were on campus. This allows you, for example, to access library services, literature databases, network drives, or specific websites that are only available within the university network. | ||
| + | <br> | ||
| + | The University of Paderborn uses OpenVPN via the Tunnelblick app for this service. The following instructions explain how to set up the VPN on your Mac. | ||
| + | <br clear=all> | ||
<bootstrap_alert color=warning> | <bootstrap_alert color=warning> | ||
<span style='font-size:30px;'>⚠</span> | <span style='font-size:30px;'>⚠</span> | ||
<br> | <br> | ||
| − | + | If you receive the following error message in Tunnelblick, set up Tunnelblick with a new certificate and a new configuration file following these instructions: | |
<br> | <br> | ||
<code>Authentication failed - The passphrase was not accepted</code> | <code>Authentication failed - The passphrase was not accepted</code> | ||
<br> | <br> | ||
| − | Do | + | Do ‘’'not'‘’ downgrade the OpenSSL version in Tunnelblick. This is a security risk. |
</bootstrap_alert> | </bootstrap_alert> | ||
| + | ==Simultaneous connections== | ||
| − | |||
| − | |||
| − | |||
<bootstrap_alert color=info> | <bootstrap_alert color=info> | ||
<span style='font-size:30px;'>🛈</span> | <span style='font-size:30px;'>🛈</span> | ||
| Zeile 40: | Zeile 42: | ||
== What needs to be done? - Quick Guide == | == What needs to be done? - Quick Guide == | ||
# Install the latest stable version of Tunnelblick. [https://tunnelblick.net/downloads.html Tunnelblick] | # Install the latest stable version of Tunnelblick. [https://tunnelblick.net/downloads.html Tunnelblick] | ||
| − | # Generate your '''personal network certificate''' in the [https://serviceportal.uni-paderborn.de | + | # Generate your '''personal network certificate''' in the [https://serviceportal.uni-paderborn.de Serviceportal]. |
# '''Download the configuration file''' | # '''Download the configuration file''' | ||
| − | #: <iframe key="vpnconfig" width="600" height="450" | + | #: <iframe key="vpnconfig" width="600" height="450" path="/openvpn/en/?group=upb&os=mac&redirect=1" /> |
# Create a configuration file for Tunnelblick and import it. | # Create a configuration file for Tunnelblick and import it. | ||
| − | |||
== Step-by-step instructions: Preparation == | == Step-by-step instructions: Preparation == | ||
=== Install Tunnelblick === | === Install Tunnelblick === | ||
| − | + | * Download the latest '''stable version''' of Tunnelblick. | |
| − | + | * https://tunnelblick.net/downloads.html | |
| − | * | + | [[File:Tunnelblick Download.png|left|mini|without|600px]] |
| − | |||
| − | |||
<br clear=all> | <br clear=all> | ||
| + | |||
| + | * Install Tunnelblick. | ||
=== Generate network certificate === | === Generate network certificate === | ||
| Zeile 84: | Zeile 85: | ||
You have now downloaded your personal network certificates. | You have now downloaded your personal network certificates. | ||
| − | ==Set up Tunnelblick == | + | == Set up Tunnelblick == |
| − | Download the configuration file, select the VPN you want to connect to and click Download. | + | Download the configuration file. To do this, select the VPN you want to connect to and click Download. |
| − | + | <iframe key="vpnconfig" width="600" height="450" path="/openvpn/en/?group=upb&os=mac&redirect=1" /> | |
| − | |||
| − | |||
| − | |||
<br clear=all> | <br clear=all> | ||
| + | <span style="color:green"> Note:</span> You can click Download here to download your configuration file. This is not a screenshot ;-) | ||
| − | + | {{VPN-Options-en}} | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
[[Datei:VPN Ordner.png|links|mini|ohne|350px|create folder]] | [[Datei:VPN Ordner.png|links|mini|ohne|350px|create folder]] | ||
| Zeile 169: | Zeile 163: | ||
<br clear=all> | <br clear=all> | ||
| − | == | + | ==Replacing the configuration file== |
If you have been using VPN access for a while, it may be necessary at some point to update the configuration file to the latest version. Below we explain how this works. | If you have been using VPN access for a while, it may be necessary at some point to update the configuration file to the latest version. Below we explain how this works. | ||
<bootstrap_accordion> | <bootstrap_accordion> | ||
| − | <bootstrap_panel heading=" | + | <bootstrap_panel heading="Click here for details" color="info"> |
| + | |||
| + | If you still have the <code>.tblk</code> file you used to set up Tunnelblick: Open the <code>.tblk</code> file by right-clicking and selecting "Edit" and replace the configuration file. You can then import the file back into Tunnelblick by double-clicking it. Before importing, delete the old configuration in Tunnelblick or rename the file. See [[#Set up Tunnelblick]] for more information. | ||
| + | |||
| + | <br> | ||
| + | |||
| + | Alternatively, you can edit the configuration file in Tunnelblick. We explain this below. If this doesn't work, you can also set up Tunnelblick completely from scratch. In this case, start with: [[#Generate network certificate]] | ||
| + | |||
| + | <br> | ||
| + | |||
| + | '''Editing the configuration file in Tunnelblick''' | ||
| + | |||
* Download the new configuration file. | * Download the new configuration file. | ||
| + | |||
<br> | <br> | ||
| − | [[Datei:Vpn-unter-macos-01.png|links|mini|ohne|450px| | + | [[Datei:Vpn-unter-macos-01.png|links|mini|ohne|450px|Configuration file]] |
| + | |||
<br> | <br> | ||
* Select the configuration file. | * Select the configuration file. | ||
| − | * Open the context menu with a '''right click | + | |
| + | * Open the context menu with a '''right-click. | ||
| + | |||
<br clear=all> | <br clear=all> | ||
| + | [[Datei:Vpn-unter-macos-02.png|links|mini|ohne|450px|Open with...]] | ||
| − | |||
<br> | <br> | ||
| − | *Select '''"Open with"'''.<span style="color:green"> (1)</span> | + | * Select '''"Open with"'''.<span style="color:green"> (1)</span> |
| + | |||
* Then click on '''"Other..."'''.<span style="color:green"> (2)</span> | * Then click on '''"Other..."'''.<span style="color:green"> (2)</span> | ||
| + | |||
<br clear=all> | <br clear=all> | ||
| + | [[Datei:Vpn-unter-macos-03.png|links|mini|ohne|450px|Choose program]] | ||
| + | |||
| + | * Select '''"TextEdit"''' from the list. (1) | ||
| + | |||
| + | * Then click on '''"Open"'''. (2) | ||
| + | |||
| + | |||
| + | [[Datei:Vpn-unter-macos-04.png|links|mini|ohne|450px|Copy configuration]] | ||
| + | |||
| + | |||
| + | * Copy the entire contents of the configuration file to the clipboard. | ||
| − | + | * The fastest way to do this is with the following keyboard shortcuts: | |
| − | |||
| − | * | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
** <code>cmd</code> + <code>A</code> (Select all) | ** <code>cmd</code> + <code>A</code> (Select all) | ||
| − | ** <code>cmd</code> + <code>C</code> ( | + | |
| − | + | ** <code>cmd</code> + <code>C</code> (Copy) | |
| + | |||
| + | |||
| + | [[Datei:Vpn-unter-macos-05.png|links|mini|ohne|450px|Status menu]] | ||
| + | |||
| + | |||
| + | * Click on the '''Tunnel Vision''' icon in the menu bar at the top right. (1) | ||
| + | |||
| + | * Then click on '''"VPN Details"'''. (2) | ||
| + | |||
| + | |||
| + | |||
| + | [[Datei:Vpn-unter-macos-06.png|links|mini|ohne|450px|Configurations]] | ||
| − | + | * Select the '''"Configurations'''" menu. (1) | |
| − | |||
| − | * | ||
| − | |||
| − | |||
| + | * On the left, select the configuration you want to edit. (2) | ||
| − | |||
| − | |||
| − | |||
| − | |||
* Then click on the circle with the three dots at the bottom. | * Then click on the circle with the three dots at the bottom. | ||
| − | * Scroll down a | + | |
| − | * Click '''"Edit OpenVPN | + | * Scroll down a bit in the menu that opens. |
| − | + | ||
| + | * Click on '''"Edit OpenVPN Configuration File..." (3) | ||
| + | |||
| + | |||
| + | |||
* Do you want to keep your old configuration file and create a new one instead? | * Do you want to keep your old configuration file and create a new one instead? | ||
| − | * | + | |
| − | * Then select the copy and | + | * Click on "Duplicate Configuration" in the old configuration file. |
| + | |||
| + | * Then select the copy and proceed with <span style="color:green"> (3)</span>. | ||
| + | |||
<br clear=all> | <br clear=all> | ||
[[Datei:Vpn-unter-macos-07.png|links|mini|ohne|450px|Replace content and save]] | [[Datei:Vpn-unter-macos-07.png|links|mini|ohne|450px|Replace content and save]] | ||
| + | |||
<br> | <br> | ||
| − | * | + | * The configuration file will now open. |
| − | * You can see how | + | |
| − | * Delete the contents of the configuration file and replace | + | * You can see how up-to-date your configuration file is by looking at the '''"Date"''' and '''"Version"'''.<span style="color:green"> (1)</span> |
| − | * The easiest way to do this is | + | * Delete the contents of the configuration file and replace them with the contents of the clipboard. |
| − | ** | + | |
| + | |||
| + | [Datei:Vpn-unter-macos-07.png|links|mini|ohne|450px|Replace content and save]] | ||
| + | |||
| + | <br> | ||
| + | * The configuration file will now open. | ||
| + | |||
| + | * You can see how current your configuration file is by looking at the '''"Date"''' and '''"Version"'''. | ||
| + | |||
| + | * Delete the contents of the configuration file and replace them with the contents of the clipboard. | ||
| + | |||
| + | ``` * The easiest way to do this is with the following keyboard shortcuts: | ||
| + | |||
| + | ** cmd + A (Select all) | ||
| + | |||
** Delete | ** Delete | ||
| − | ** | + | ** cmd + V (Insert) |
| − | * You can see that you have made changes by the | + | |
| − | * Close the window by clicking | + | * You can see that you have made changes by the '''"Edited"''' indicator. (2) |
| − | + | ||
| + | * Close the window by clicking the red X. (3) | ||
| + | |||
| + | |||
You have now replaced the contents of the configuration file with the new version. | You have now replaced the contents of the configuration file with the new version. | ||
| − | The first time you connect | + | The first time you connect using the modified configuration file, you will see the following information: |
| + | |||
[[Datei:Vpn-unter-macos-08.png|links|mini|ohne|450px|Save configuration]] | [[Datei:Vpn-unter-macos-08.png|links|mini|ohne|450px|Save configuration]] | ||
| − | + | ||
| − | * Click ''' | + | |
| − | * | + | * Click on '''"Save configuration"'''. |
| − | + | ||
| − | * | + | * You can now connect using the new configuration file. |
| − | * | + | |
| + | * Made a mistake and want to undo the changes? | ||
| + | |||
| + | * Click on "Revert to the last saved copy." | ||
| + | |||
| + | |||
<br clear=all> | <br clear=all> | ||
| Zeile 254: | Zeile 304: | ||
==Common Issues== | ==Common Issues== | ||
| + | ===Passphrase not accepted=== | ||
| + | If you receive the following error message when connecting to the VPN: | ||
| + | <pre> Authentication failed - The passphrase was not accepted </pre> | ||
| + | Check that you have created the correct certificate. When creating the certificate, make sure you select '''Version 2'''. Tunnelblick cannot unpack SH1 certificates. | ||
| + | [[Datei:Vpn-unter-macos-14.png|links|mini|ohne|350px|SH1 certificate error message]] | ||
| + | <br clear=all> | ||
| + | |||
===Configuration file not readable=== | ===Configuration file not readable=== | ||
| − | + | During the download, the '''.ovpn file''' may be converted to a '''.txt file'''.<br> | |
| − | Select the configuration file. Press the | + | Select the configuration file. Press the <code>cmd</code> and <code>i</code> key combination. If the file ends with '''.txt''' under '''Suffix''', delete this part. The name should end with '''.ovpn'''. |
| − | === Group VPN ports are blocked - '''TLS handshake failed''' after a timeout (60 | + | === Group VPN ports are blocked - '''TLS handshake failed''' after a timeout (60 seconds) === |
| − | Group VPN connections are established over specific UDP ports. | + | Group VPN connections are established over specific UDP ports. These port forwardings are normally problem-free, as they do not overlap with other protocols. However, if your internet access is restrictive and only allows certain ports, this may cause a connection issue. This affects some university institutions or company networks. Home networks generally do not have this. |
'''Solution:''' | '''Solution:''' | ||
| − | * | + | * Change your location or network |
| − | * | + | * Open the required port or speak to the IT department to see if this is possible |
| − | *: | + | *: The port used for your group network can be found in the config file. |
| − | * If it is the '''hpc-pc2''' network, contact | + | * If it is the '''hpc-pc2''' network, contact PC2 for an alternative SSH access |
==See also== | ==See also== | ||
* [[Netzwerk]] | * [[Netzwerk]] | ||
* [[VPN Problembehandlung]] | * [[VPN Problembehandlung]] | ||
Aktuelle Version vom 2. Juli 2026, 09:04 Uhr
A VPN creates an encrypted data tunnel for your Internet connection. With the Paderborn University VPN, you can securely access the university’s internal network from off-campus—just as if you were on campus. This allows you, for example, to access library services, literature databases, network drives, or specific websites that are only available within the university network.
The University of Paderborn uses OpenVPN via the Tunnelblick app for this service. The following instructions explain how to set up the VPN on your Mac.
⚠
If you receive the following error message in Tunnelblick, set up Tunnelblick with a new certificate and a new configuration file following these instructions:
Authentication failed - The passphrase was not accepted
Do ‘’'not'‘’ downgrade the OpenSSL version in Tunnelblick. This is a security risk.
Simultaneous connections[Bearbeiten | Quelltext bearbeiten]
🛈
Do you want to connect your laptop and your mobile phone to the VPN in addition to your PC? You can set up VPN connections on multiple devices. However, each person can only establish one connection per VPN at the same time.
What does that mean?
Uni-VPN
- If you use the Uni-VPN, you can only establish one connection at a time.
- You cannot establish a connection to the Uni-VPN on another device at the same time.
- You must disconnect the existing connection first.
Group VPN
- If you use a group VPN, you cannot establish a second VPN connection to this group VPN on another device at the same time.
- You must disconnect the existing connection first.
- However, you can establish a parallel connection to the Uni VPN or another group VPN on another device.
What needs to be done? - Quick Guide[Bearbeiten | Quelltext bearbeiten]
- Install the latest stable version of Tunnelblick. Tunnelblick
- Generate your personal network certificate in the Serviceportal.
- Download the configuration file
- Create a configuration file for Tunnelblick and import it.
Step-by-step instructions: Preparation[Bearbeiten | Quelltext bearbeiten]
Install Tunnelblick[Bearbeiten | Quelltext bearbeiten]
- Download the latest stable version of Tunnelblick.
- https://tunnelblick.net/downloads.html
- Install Tunnelblick.
Generate network certificate[Bearbeiten | Quelltext bearbeiten]
You need a network certificate for the VPN connection.
Access the service portal:
- https://serviceportal.uni-paderborn.de
- Log in with your university account.
- Then click on Netzwerkeinstellungen under Benutzerverwaltung in the top menu.
- Click "Neues Zertifikat erstellen".
- Give the certificate a unique name (Example: MacBook VPN)
- Select Version 2 as the file format!
- Then click on "Neues Zertifikat zusenden".
- A new network certificate has been created for you.
- First copy the Import Password to the clipboard.
- Now click on "Download Network Certificate".
You have now downloaded your personal network certificates.
Set up Tunnelblick[Bearbeiten | Quelltext bearbeiten]
Download the configuration file. To do this, select the VPN you want to connect to and click Download.
Note: You can click Download here to download your configuration file. This is not a screenshot ;-)
Protocol
The VPN connection can be established using two different protocols.
Use UDP whenever possible. This protocol offers the best overall combination of high speed, low latency, and stability.
Use TCP only in exceptional cases if you are unable to establish a connection via UDP. Speed and latency may be significantly worse with TCP.
Route all anternet traffic through the tunnel?
The VPN tunnel can be configured in two different ways.
Full Tunnel
All internet traffic is routed through the VPN in encrypted form. You establish a connection to the Paderborn University network and access the internet from this network. From the perspective of the services you use online, you have a Paderborn University IP address. You benefit from the firewall and security measures in the University network.
Use this option if you want to access external resources provided by Paderborn University Library, such as eBooks.
Split Tunnel
With the split tunnel option, only connections to destinations within the Paderborn University network are routed through the VPN tunnel. From the perspective of the services you use online, you do not have a Paderborn University IP address.
Depending on network load, speed and latency may be slightly better in this mode.
Before downloading, deactivate the checkmark to create a split-tunnel configuration file.
- Create a new folder - For example, name it "vpn-upb".
- This is what your VPN connection will be called later.
- Now put the personal network certificate and configuration file in this folder.
- Rename your personal network certificate to
Network_Certificate.p12 - Example: Change the file name
Network_Certificate_muster_078B30.p12toNetwork_Certificate.p12 - The configuration file should have an icon like the screenshot and end with
.ovpn.
My configuration file looks different! - What now? -Click here-
- When downloading, it can happen that the .ovpn file becomes a .txt file. However, we can change the file extension again relatively easily.
- Click on the configuration file. Now press cmd + i on the keyboard.
- "Name & Suffix" may now read .ovpn.txt.
- Delete the .txt.
- Then press the Enter key.
- Click Add.
- Now rename the folder and add the file extension
.tblkto it. - You can use the context menu or right-click for this.
- You must now confirm the change.
- Click Add.
- You have now created a configuration for Tunnelblick - This now needs to be installed.
- Open this file with a double click.
- You will be asked which user you want to install the configuration for.
- Select "Only for this user".
- You will be prompted to enter your Mac password to install the configuration.
- Now click on the tunnel vision symbol in the menu bar at the top.
- Click connect on the desired VPN connection.
- In our example this is "connect vpn-upb"
- In the next step you will be asked to enter a password. Enter the import password mentioned above that belongs to the certificate.
- In addition, be sure to select the "Save to Keychain" option so that the password is saved (otherwise you will have to keep re-entering the import password).
- Wait until the font turns green and you are connected.
- You can quickly connect and disconnect the connection using the Tunnelblick symbol.
Replacing the configuration file[Bearbeiten | Quelltext bearbeiten]
If you have been using VPN access for a while, it may be necessary at some point to update the configuration file to the latest version. Below we explain how this works.
Click here for details
If you still have the .tblk file you used to set up Tunnelblick: Open the .tblk file by right-clicking and selecting "Edit" and replace the configuration file. You can then import the file back into Tunnelblick by double-clicking it. Before importing, delete the old configuration in Tunnelblick or rename the file. See #Set up Tunnelblick for more information.
Alternatively, you can edit the configuration file in Tunnelblick. We explain this below. If this doesn't work, you can also set up Tunnelblick completely from scratch. In this case, start with: #Generate network certificate
Editing the configuration file in Tunnelblick
- Download the new configuration file.
- Select the configuration file.
- Open the context menu with a right-click.
- Select "Open with". (1)
- Then click on "Other...". (2)
- Select "TextEdit" from the list. (1)
- Then click on "Open". (2)
- Copy the entire contents of the configuration file to the clipboard.
- The fastest way to do this is with the following keyboard shortcuts:
cmd+A(Select all)
cmd+C(Copy)
- Click on the Tunnel Vision icon in the menu bar at the top right. (1)
- Then click on "VPN Details". (2)
- Select the "Configurations" menu. (1)
- On the left, select the configuration you want to edit. (2)
- Then click on the circle with the three dots at the bottom.
- Scroll down a bit in the menu that opens.
- Click on "Edit OpenVPN Configuration File..." (3)
- Do you want to keep your old configuration file and create a new one instead?
- Click on "Duplicate Configuration" in the old configuration file.
- Then select the copy and proceed with (3).
- The configuration file will now open.
- You can see how up-to-date your configuration file is by looking at the "Date" and "Version". (1)
- Delete the contents of the configuration file and replace them with the contents of the clipboard.
[Datei:Vpn-unter-macos-07.png|links|mini|ohne|450px|Replace content and save]]
- The configuration file will now open.
- You can see how current your configuration file is by looking at the "Date" and "Version".
- Delete the contents of the configuration file and replace them with the contents of the clipboard.
``` * The easiest way to do this is with the following keyboard shortcuts:
- cmd + A (Select all)
- Delete
- cmd + V (Insert)
- You can see that you have made changes by the "Edited" indicator. (2)
- Close the window by clicking the red X. (3)
You have now replaced the contents of the configuration file with the new version.
The first time you connect using the modified configuration file, you will see the following information:
- Click on "Save configuration".
- You can now connect using the new configuration file.
- Made a mistake and want to undo the changes?
- Click on "Revert to the last saved copy."
Common Issues[Bearbeiten | Quelltext bearbeiten]
Passphrase not accepted[Bearbeiten | Quelltext bearbeiten]
If you receive the following error message when connecting to the VPN:
Authentication failed - The passphrase was not accepted
Check that you have created the correct certificate. When creating the certificate, make sure you select Version 2. Tunnelblick cannot unpack SH1 certificates.
Configuration file not readable[Bearbeiten | Quelltext bearbeiten]
During the download, the .ovpn file may be converted to a .txt file.
Select the configuration file. Press the cmd and i key combination. If the file ends with .txt under Suffix, delete this part. The name should end with .ovpn.
Group VPN ports are blocked - TLS handshake failed after a timeout (60 seconds)[Bearbeiten | Quelltext bearbeiten]
Group VPN connections are established over specific UDP ports. These port forwardings are normally problem-free, as they do not overlap with other protocols. However, if your internet access is restrictive and only allows certain ports, this may cause a connection issue. This affects some university institutions or company networks. Home networks generally do not have this.
Solution:
- Change your location or network
- Open the required port or speak to the IT department to see if this is possible
- The port used for your group network can be found in the config file.
- If it is the hpc-pc2 network, contact PC2 for an alternative SSH access




