The AIP provides access to internal resources via a VPN connection. VPN stands for Virtual Private Network. With that your computer establishes a secure connection to the institute network. The access to the internal network of the AIP is protected by a "next generation firewall". In order to establish a connection via VPN you need a so called "VPN client software" and an AIP account with access to the windows domain "Astrophysik".

**Attention:** The following instructions do not apply to the VPN connection to the Verwaltungs-Netz. Please contact us directly if you need VPN access to this subnet!

Please take note of the existing restrictions

  • The connection establishment only works when your computer is connected to a network outside the AIP.
  • The VPN connection with the suffix "aip" enables you to access internal resources. The network traffic to ressources outside the AIP is handled by your Internet provider, thus unburdening the AIP network infrastructure.
  • If you want to access electronic journals licensed by the AIP at the same time, you need to set the suffix "journal" instead of "aip" in the domain/realm settings (see below). This VPN connection opens access to the AIP internal ressources, too. You might want to configure two VPN connections and to switch between them for normal activities and activities including access to the journals.
  • Before a VPN connection is established, your PC is checked for necessary security updates etc. If necessary, the software is updated, what can consume several minutes.

Linux operating systems

For linux we recommend using the open source client openfortivpn that can be easily installed and started from a command line. Here is an example from a computer with Ubuntu 18.04:

# Installing the VPN client from the repository of your distribution
sudo apt-get install openfortivpn
# Starting the VPN client and accepting the server certificate
sudo openfortivpn vpn-gate.aip.de:443 --realm=aip --username=your_account_name \
--trusted-cert 5d89f02fff72fc044873a8b38880152a46f48bc2e00aa19ff7beab8b16b6fa6f

Keep the command line window open as long as you want to be connected to the VPN. Please replace "--realm=aip" by "--realm=journal" if you want to access electronic journals licensed by the AIP.

Other operating systems

For Microsoft-, Apple- and Android operating systems we recommend using the VPN client of the firewall manufacturer. The "FortiClient" offers a different amount of functions depending on the operating system and the graphical user interfaces do differ too. The following tutorial possibly needs to transferred accordingly to your client depending on your operating system.

For Windows and MacOS, we provide a pre-configured version. Select the Setup executable according to your operating system, start the setup executable and follow the instructions. It is possible that you need administrative rights on your computer.

Windows: https://extreme-ems.aip.de:10443/installers/Default/7.0.10_win_macOS/FortiClientSetup_7.0.10_x64.exe

MacOS: https://extreme-ems.aip.de:10443/installers/Default/7.0.10_win_macOS/FortiClient_7.0.10.dmg

The installer requests you, among other things, to accept the license agreement. Please accept it. Depending on your operating system you can then proceed with the standard installation (Windows), or you need to select the customized installation (MacOS) and add the module "malware protection".

For Android Systems, please install the current FortiClient app (not the FortiClient VPN app!) using Google Play Store.

Current versions of FortiClient (higher than 7.0.x) should be configured via a so-called EMS server, for which the following instructions apply. Further below you will also find instructions for older versions of FortiClient, with which you can open the VPN connection directly.

Configuration using the EMS Server

In the following, the setup of the VPN client is explained using the example of an Android system.

The application (app) is free of charge. To do this, go to the Google Play Store and search for FortiClient.

Tap the app you want (FortiClient, not the FortiClient VPN app!) and then press the Install button at the top.

Einrichtung FortiClient Android - App aus Google Play Store installieren

Accept the access permissions.

- Allow access to camera and storage

- Allow "Display over other apps"

Einrichtung FortiClient Android - "Display over other apps" erlauben
Einrichtung FortiClient Android - Zugriff auf Kamera und Speicher erlauben

The application will then be downloaded and installed. If the app has been downloaded successfully, you will now find the icon of the application with the name FortiClient among your installed apps.

Open the application via the icon.

The first time you start the application, a window will appear, select "User Input" (Login). It is not necessary to enter mail address and phone number.

Einrichtung FortiClient Android - User Input auswählen

The next step is to set your displayed user name in the app. When you confirm it with the "Next" field, you will be redirected to the next window.

Einrichtung FortiClient Android - Namen in App festlegen

Furthermore, select "Specify EMS IP" below.

Einrichtung FortiClient Android - EMS-Server eintragen

In the window that appears, enter the host:


Nothing else is needed.

Einrichtung FortiClient Android System - Host and Port

A prompt for the EMS certificate appears. To proceed further, tap on "ALLOW".

Einrichtung FortiClient Android - Abfrage EMS-Zertifikat

The EMS settings are searched. After succesfully searching and loading the settings, the status will change to green. Please check if the "Zero Trust Telemetry Settings" are activated. If not, please activate them using the switch right next to the text "Zero Trust Telemetry Settings."

Einrichtung FortiClient Android System - extreme-ems.aip.de.jpg
Einrichtung FortiClient Android - EMS-Einstellungen werden gesucht
Einrichtung FortiClient Android System - gefundene Verbindung.jpg

Via the menu (accessible via the three horizontal lines on the top), select the topic VPN.

Einrichtung FortiClient Android - VPN anlegen

Different VPN tunnels are offered, tap on the VPN tunnel you need. Normally it is the "AIP Default". When you want to access online journals from the AIP library, please select "AIP Journal". Click "Connect" on the next page.

Einrichtung FortiClient Android - VPN auswählen

In the following window, fill in the necessary login data and log in.

Einrichtung FortiClient Android - Login-Daten eingeben

First, information about the FortiClient establishing and monitoring a VPN connection pops up. this is correct, please tap on "OK".

Einrichtung Forticlient auf Android - Verbindungsanfrage

Then accept the untrusted certificate again.

Einrichtung FortiClient Android - Zertifikatswarnung

Finally, the VPN tunnel is opened and some information about it are displayed. To disconnect you can use the "Disconnect" field at the bottom.

Einrichtung FortiClient Android - Verbindung hergestellt

Instructions for older versions of FortiClient


The FortiClients contains a standalone antivirus function ("real-time-protection"). If you do already have an antivirus software installed on your computer the FortiClient will recognize this and offer to disable its own "real time protection" module during the installation. Please accept that accordingly.


During the installation the actual client software will be downloaded in the background. This can take a while.

After the installation the client starts and can now be configured. Depending on your operating system it might be necessary to start the client's graphical user interface by clicking the icon the taskbar of your computer.


Please click on "Remote Access" in the menu on the left and then click on the link "Configure VPN". Die VPN connection will be established via SSL.You should enter a meaningful name into the field "Connection Name" (e.g. "AIP-VPN"). Please enter "vpn-gate.aip.de/aip" into the field "Remote Gateway" (including the suffix "/aip" or "/journal", if you want to access electronic magazines!) You can keep the standard values on the other settings and save everything.


Now you can enter your windows user name and your password in order to establish the connection.


You will receive a message when the connection has been established successfully and you can close the window now. You can check the connection status and close the connection by clicking the FortiClient icon. Depending on your operating system and the installation type the FortiClients also offers the possibility to search for vulnerabilities and malware on your computer. Both should be done frequently!


For purists - connecting to the AIP network via SSH

Users with an active AIP account incl. linux access are able to connect to the AIP via the SSH gateway server "login.aip.de".

Cluster access

Further information regarding the HPC clusters at the AIP can be found on the eScience Webpages.

Establishing a VPN connection to the administration network

You can find a tutorial on how to connect to the administration network here (only in german).

Last update: 23. January 2024