VPN

The AIP provides access to internal resources via a VPN connection. VPN stands for Virtual Private Network. With that your computer establishes a secure connection to the institute network. The access to the internal network of the AIP is protected by a "next generation firewall". In order to establish a connection via VPN you need a so called "VPN client software" and an AIP account with access to the windows domain "Astrophysik".

**Attention** After the installation of the new firewall on 15.10.2020 the VPN connection via Cisco Anyconnect client does not work anymore. Please install a new VPN client software by following our tutorial!

Please take note of the existing restrictions

  • The connection establishment only works when your computer is connected to a network outside the AIP.
  • The VPN connection with the suffix "aip" enables you to access internal resources. The network traffic to ressources outside the AIP is handled by your Internet provider, thus unburdening the AIP network infrastructure.
  • If you want to access electronic journals licensed by the AIP at the same time, you need to set the suffix "journal" instead of "aip" in the domain/realm settings (see below). This VPN connection opens access to the AIP internal ressources, too. You might want to configure two VPN connections and to switch between them for normal activities and activities including access to the journals.

Linux operating systems

For linux we recommend using the open source client openfortivpn that can be easily installed and started from a command line. Here is an example from a computer with Ubuntu 18.04:

# Installing the VPN client from the repository of your distribution
sudo apt-get install openfortivpn
# Starting the VPN client and accepting the server certificate
sudo openfortivpn vpn-gate.aip.de:443 --realm=aip --username=your_account_name \
--trusted-cert cb96ba26aa7a0fe9ee46ae139c1f34a636e607a2f78adba65ab84188d74180ee

Keep the command line window open as long as you want to be connected to the VPN. Please replace "--realm=aip" by "--realm=journal" if you want to access electronic journals licensed by the AIP.

Other operating systems

For Microsoft-, Apple- and Android operating systems we recommend using the VPN client of the firewall manufacturer. The "FortiClient" offers a different amount of functions depending on the operating system and the graphical user interfaces do differ too. The following tutorial possibly needs to transferred accordingly to your client depending on your operating system.

Please open the manufacturers download page and search for the area regarding the version number 6.0.x. Klick the download button according to your operating system and follow the instructions. It is possible that you need administrative rights on your computer.

The installer requests you to acceps the license agreement among other things. Please accept these. Depending on your operating system you can then proceed with the standard installation (Windows), or you need to select the customized installation (MacOS) and add the module "malware protection".

FortiClient-Download.08

The FortiClients contains a standalone antivirus function ("real-time-protection"). If you do already have an antivirus software installed on your computer the FortiClient will recognize this and offer to disable its own "real time protection" module during the installation. Please accept that accordingly.

FortiClient-Conflicting-Antivirus-SW

During the installation the actual client software will be downloaded in the background. This can take a while.

After the installation the client starts and can now be configured. Depending on your operating system it might be necessary to start the client's graphical user interface by clicking the icon the taskbar of your computer.

FortiClient-icon-mit-arrow

Please click on "Remote Access" in the menu on the left and then click on the link "Configure VPN". Die VPN connection will be established via SSL.You should enter a meaningful name into the field "Connection Name" (e.g. "AIP-VPN"). Please enter "vpn-gate.aip.de/aip" into the field "Remote Gateway" (including the suffix "/aip" or "/journal", if you want to access electronic magazines!) You can keep the standard values on the other settings and save everything.

FortiClient-vpn-connection

Now you can enter your windows user name and your password in order to establish the connection.

FortiClient-user-auth

You will receive a message when the connection has been established successfully and you can close the window now. You can check the connection status and close the connection by clicking the FortiClient icon. Depending on your operating system and the installation type the FortiClients also offers the possibility to search for vulnerabilities and malware on your computer. Both should be done frequently!

FortiClient-connected

For purists - connecting to the AIP network via SSH

Users with an active AIP account incl. linux access are able to connect to the AIP via the SSH gateway server "login.aip.de".

Cluster access

Further information regarding the HPC clusters at the AIP can be found on the eScience Webpages.

Establishing a VPN connection to the administration network

You can find a tutorial on how to connect to the administration network here (only in german).

Last update: 25. May 2021