Using VPN you can connect to the university network over the Internet. If you use VPN your computer behaves the same way as if it is physically connected to the university network. This way you can use the services that are only available from inside the university network.

VPN using IPsec/IKEv2 with Strongswan (recommended)

Installing packages

Install the necessary packages for Strongswan
Debian/Ubuntu:
$ sudo apt install network-manager-strongswan libcharon-extra-plugins
For Ubuntu, the "universe" distribution component must be enabled beforehand:
$ sudo add-apt-repository universe
Fedora:
$ sudo yum install NetworkManager-strongswan-gnome

Afterwards you have to restart at least the NetworkManager service (if in doubt, restarting the whole system will also help):
$ sudo systemctl restart NetworkManager.service

Necessary manual configuration

Now create the configuration file charon-nm.conf with the content charon-nm { plugins { eap-peap { load = no } } } e.g. by
Ubuntu:
$ echo "charon-nm { plugins { eap-peap { load = no } } }" | sudo tee /etc/strongswan.d/charon-nm.conf
Fedora:
$ echo "charon-nm { plugins { eap-peap { load = no } } }" | sudo tee /etc/strongswan/strongswan.d/charon-nm.conf

Create and configure connection

Open the network settings dialog (Settings -> Network -> VPN) and add a new VPN connection by clicking on the plus symbol +:

Select IPsec/IKEv2 (strongswan) as type:

Configure the following parameters:

Server -> Address:

vpn.uni-mainz.de

Server -> Certificate:

Comodo_AAA_Services_root.pem (see below)

Client -> Authentication:

EAP (Username/Password)

Client -> Username:

The username of your JGU account followed by @uni-mainz.de
(cf. Username on https://account.uni-mainz.de/)

Client -> Password:

The password of your JGU account

Options:

Request an inner IP address

Algorithms:

Enable custom algorith proposals

Algorithms -> IKE:

aes256-sha1-sha256-sha384-modp2048

When selecting the server certificate, press STRG+L and enter the following path:
/etc/ssl/certs/Comodo_AAA_Services_root.pem:

Connect

Click Apply and then establish the connection by clicking on the toggle button:

If you encounter problems creating and configuring the connection, try the program nm-connection-editor, too.

Invoke the Windows tools menu by pressing the Windows key + x. Within the following menu, choose Systemsteuerung:

Or: Click on the windows icon in the botom left and then type in "systemsteuerung" - which will display the 'Systemsteuerung' as an app to be opened. Open it.

Within the Systemsteuerung click on Netzwerk und Freigabecenter, then Neue Verbindung ... einrichten.

Next choose the menu item Verbindung mit dem Arbeitsplatz herstellen:

Click on Internetverbindung (VPN) verwenden:

Enter vpn.uni-mainz.de into the input field Internetadresse:
For Zielname you may enter a self-chosen name which you will later use to choose this VPN connection, e.g. Uni-VPN or VPN connection.

All other checkboxes can be left unchanged. Click on Erstellen .

In the next window you have to enter your JGU account user name and your password. You should only check the option 'Dieses Kennwort speichern' if you are the only user of this computer.

Finally, click on Verbinden. The VPN connection is now established.

If you would like to configure VPN for the first time, press the Windows key on your keyboard - this will display the Windows start menu your screen.

Then enter VPN at the keyboard (without clicking anywhere).

Now click on Virtuelle private Netzwerke (VPNs) ändern:

The window Netzwerk und Internet will be shown next. Choose VPN-Verbindung hinzufügen.

In the next window the following entries are to be made or chosen:

VPN-Anbieter: Windows (integriert)

Verbindungsname: this is arbitrary, you may for example call it 'VPN Uni Mainz'

Servername: vpn.uni-mainz.de

VPN-Typ: Automatisch

Anmeldeinformationstyp: Benutzername und Kennwort

Benutzername: your JGU account name followed by @uni-mainz.de:
yourusername@uni-mainz.de  (Please note: this does not in every case correspond with a person's e-mail address)

Kennwort: your JGU account password

If you do not enter anything in the fields for Benutzername and Kennwort, then you will be asked for them each time you establish a VPN connection. In case you want to save your login data, activate the checkbox 'Anmeldeinformationen speichern'. Then click on Speichern. Now the connection is permanently configured, but not yet active. In order to activate it, click on Verbinden within the open window.

If your are activating the connection for the first time you will see the follwoing notice: "Der Server kann nicht überprüft werden, da hierzu nicht ausreichend Informationen vorliegen. ..."

After clicking on Serverdetails anzeigen you will be shown the "finger print" of the VPN server:

You should check whether the character string shown is identical to the following one:

e5 04 5e ea 4d 2f 3a 1e 6f 05 ee 32 9d aa 21 e3 d0 15 fd 1e

Then, to activate the connection, click on Verbinden.

If you would like to disconnect later on, within the task bar on the right, click on the symbol for network connection. From within the list of available network connections shown then, choose the VPN connection and click on Trennen. In the same way, you may always re-establish the connection via the button Verbinden.

Please note: Some of the links below lead to pages in German, as work on the English version is still in progress. We apologize for the inconvenience.

In exceptional cases it may be necessary to authenticate your local computer via an additional network service: the so-called  'Virtual Private Network' (VPN) as a member of the Johannes Gutenberg University Mainz.

This applies to::

• certain download areas,
• access to the directory 'uni-mainz' via the FTP server of the Data Center,
• enhanced features of literature research at the university library, as well as access to full text editions of certain electronic journals. For these, please see: → http://www.ub.uni-mainz.de/datenbanken-id-927 .

After configuring your operating system with the relevant driver you will be able to use VPN. The link to the download site for the driver, as well as hints for configuring your operating system may be found in one of the following documentations:

• Configuration of VPN for Windows 10 / 11
• Configuration of VPN for Windows 8

Instructions for non-Windows operating systems may be found within the collections of documentations specific to the following operating systems:

	Mobile devices using Adroid
	Instructions for the macOS operating system (in German)
	Instructions for Unix Operating Systems

Please note: Some of the links below lead to pages in German, as work on the English version is still in progress. We apologize for the inconvenience.

All buildings of the university are wired in a structured way (with constraints at the tower building at the Augustusplatz). Almost all rooms have ethernet network sockets.

We recommend the following sequence:

• Get a JGU account, if you do not already have one. This enables all members of the university to:
  • use a mail address of the following form: loginname@uni-mainz.de
  • use all services of the Data Center from outside of the campus (at home, on conferences ...).

1. Check if the socket is activated. To do this, please fill in the following → application form for activation of a network socket and send it off.
   • If the socket is already activated, you will be notified about this in the lower part of the answer to your application.
   • If the answer states that your application is being worked on, then a member of staff of the Data Center still has to connect your socket to the campus network. After that has happened you will be informed about this via e-mail. The following steps may be approached beforehand:
2. Find the address of your network card.
3. If necessary, install the network card inside your device.
4. Connect the network cable of your device with your wall socket:
   • cables and other network components are available at the helpdesk and may be payed with the copying card of your institúte (Schomäcker card, for university members only).
5. Proposal of a name and registration of the physical address in order to receive an IP address for the device: → application form for an IP address.
6. Configure the device for use at the university: obtain the IP parameters automatically from the network. In order to check this, please see → server addresses for computer configuration.

Information about the Login System

Using the login system you may connect your own notebook to the internet at any activated network socket on campus (for example in the corridor on the ground floor of the natural sciences institute building), as well as within all of the wireless network access areas.

Connecting via Wireless LAN

For this you need to have a WLAN card in your device.

Connecting via a Network Plug

For this you need to have an Ethernet network card in your device that has a fitting (RJ45) connection.

Preparing Your Device

This requires the following configurations: in the system administration below network connections choose LAN connection / LAN Verbindung or wireless network connection / Drahtlose Netzwerkverbindung, then right-click on 'Properties / Eigenschaften':

Within the following window please configure the IP address and the DNS server as follows:

• Important: please check 'DNS-Serveradresse automatisch beziehen' and make sure that no DNS server address has been entered manually, so that the automatically assigned DNS server is used.
• Then click OK.

Login to the Network

To log in please direct your browser to the following address:

login.uni-mainz.de

You will then (after confirming the security certificate) get the following login screen:

Here, please enter the user name and password of your JGU account. After successful login you will receive the following message: 'Anmeldung erfolgreich'. After that you will be able to use the internet almost as usual. Due to the usage of dynamic addresses and 'network address translation' there might be restrictions with some internet services.

In case the login screen appears again and again, there is probably a problem with the firewall on your device. An instruction for configuring the firewall can be found → here (for various operating systems).

Questions?

If you have any questions or problems concerning login to the network please contact our helpdesk. Mail: → hotline@zdv.uni-mainz.de or the network department of the Data Center. Mail: → noc@uni-mainz.de .

The campus area has had comprehensive wireless network coverage since mid 2002. This applies to lecture halls, seminar rooms and isolated office rooms.

Outside of the campus area, the Domus and the Schönbornerhof am Schillerplatz have comprehensive wireless network coverage.

You may start wireless connections in any of the areas marked in green in the map below:

The Data Center operates two campus-wide wireless LANs in accordance with the 802.11a/b/g/n standard: one with the network name (SSID) Uni-Mainz and one with the network name eduroam. Both are encrypted and provide increased security. Beside these two, there is also the 'Winulum', which is un-encrypted and therefore not recommended for working or surfing.

Further information about the WLAN networks mentioned may be found here:

• Eduroam
• Uni-Mainz
• Winulum

Prerequisites for use:

• A JGU account or a JGU account at a college or other instituiton that participates in the eduroam network (for eduroam)
• A wireless-enabled notebook/netbook or other mobile device.

Students and staff of the university of Mainz usually connect to the network eduroam.

Please note the following:

• If you are using Windows (10 or an older version), we recommend using the firewall integrated in the operating system. We advise against installing additional firewall software.
• That no public DNS servers such as 8.8.8.8 and 8.8.4.4 are fixed in the network properties. The DNS server assignment must be configured to "Automatic (DHCP)".

The wireless network called eduroam can also be used by guests from other universities whose home university is part of the eduroam network.
We have described how the connection is set up for various operating systems: Notes on the left in the navigation bar under eduroam.

Problems with the network connection?

If you have problems accessing the wireless network, you can find help in the W-LAN consultation hours at the advice center .

You can find instructions on how to solve the WiFi error "Unable to connect to this network" in Windows here.

Bandwidth

There are currently two different types of access points in use:

Type Bandwidth nominal Bandwidth real

802.11a/b/g 54 Mbps 20 Mbps

802.11n 300 Mbps 120 Mbps

A gross bandwidth of 54 Mbit/s is nominally available for 802.11g. Transmission rates of around 20 MBit/s can be achieved. However, they depend on the distance between the station and the access point and the number of stations operated at the same time.

Access Points

In the publicly accessible buildings (libraries, corridors, seminar rooms, lecture halls, etc.), as well as outdoors on the university campus and in Germersheim, there are almost 500 Access Points for wireless LAN access to the campus network.

Number of stations that can be operated simultaneously

An access point can theoretically serve any number of stations. Since the stations share the bandwidth (shared medium), the theoretical transmission speed of 54 Mbit/s at one station drops accordingly.

Cost of internet access

The ZDV does not charge wireless LAN users for its use.

Network access

Access to the network is via dynamic DHCP via a dedicated web server. The computers must be configured appropriately for this.

Electrosmog

Very low power, ten times less than a mobile phone, approx. 100 milliwatts (mobile phone = 1 watt)

Remove Winulum

If you wish to use an Applie iPod with eduroam you will have to delete any existing Winulum connection, because otherwise an eduroam connection cannot be established.

xClose

<

This text will be overwritten by jQuery

>

Below Einstellungen, Wi-Fi-Netzwerke, press the arrow to the right of winulum, then press Dieses Netzwerk ignorieren and confirm this again.

Configuring eduroam

Then press the Home button on your iPod/iPhone, and the button Einstellungen:

xClose

<

This text will be overwritten by jQuery

>

Press Wi-Fi (must not be connected), then choose the network eduroam:

You will be asked for your user name and password. Please enter your user name (JGU account name), followed by @uni-mainz.de and the corresponding password. After that press Verbinden in the lower right.

Make sure you enter your real user name - not, for example, your mail alias, which is different!

The wireless network eduroam is also offered at other universities. If you wish to use eduroam at other universities, when entering your JGU account data you will have to add @uni-mainz.de to your JGU account name (even though it looks similar: this is not your e-mail address). Without that addition, at another university you would be regarded as a local user - and because presumably no user with your combination of user name and password exists there, a connection would then be refused.

Using the certificate

We will now show you the certificate data. Check the certificate below Mehr Details.

The right certificate is issued for the server radius.zdv.uni-mainz.de and it contains the following information for verification purposes. some of which will be displayed here:

CN = radius.zdv.uni-mainz.de
O = Johannes Gutenberg-Universitaet Mainz
L = Mainz
S = Rheinland-Pfalz
C = DE

finger print: ae bc 5d d0 ee 25 02 d1 14 e5 8e 77 45 a4 64 b7 37 73 b9 69

If a certificate with this information is displayed, click on Annehmen. Now wait until a connection has been established. The next thing on display will be an overview of the Wi-Fi networks. Done.