Using VPN you can connect to the university network over the Internet. If you use VPN your computer behaves the same way as if it is physically connected to the university network. This way you can use the services that are only available from inside the university network.
VPN using IPsec/IKEv2 with Strongswan (recommended)
Installing packages
Install the necessary packages for Strongswan
Debian/Ubuntu:
$ sudo apt install network-manager-strongswan libcharon-extra-plugins
For Ubuntu, the "universe" distribution component must be enabled beforehand:
$ sudo add-apt-repository universe
Fedora:
$ sudo yum install NetworkManager-strongswan-gnome
Afterwards you have to restart at least the NetworkManager
service (if in doubt, restarting the whole system will also help):
$ sudo systemctl restart NetworkManager.service
Necessary manual configuration
Now create the configuration file charon-nm.conf
with the content charon-nm { plugins { eap-peap { load = no } } }
e.g. by
Ubuntu:
$ echo "charon-nm { plugins { eap-peap { load = no } } }" | sudo tee /etc/strongswan.d/charon-nm.conf
Fedora:
$ echo "charon-nm { plugins { eap-peap { load = no } } }" | sudo tee /etc/strongswan/strongswan.d/charon-nm.conf
Create and configure connection
Open the network settings dialog (Settings -> Network -> VPN) and add a new VPN connection by clicking on the plus symbol +:
Select IPsec/IKEv2 (strongswan) as type:
Configure the following parameters:
- Server -> Address:
vpn.uni-mainz.de
- Server -> Certificate:
Comodo_AAA_Services_root.pem
(see below)- Client -> Authentication:
- EAP (Username/Password)
- Client -> Username:
- The username of your JGU account followed by
@uni-mainz.de
(cf. Username on https://account.uni-mainz.de/) - Client -> Password:
- The password of your JGU account
- Options:
- Request an inner IP address
- Algorithms:
- Enable custom algorith proposals
- Algorithms -> IKE:
aes256-sha1-sha256-sha384-modp2048
When selecting the server certificate, press STRG+L and enter the following path:
/etc/ssl/certs/Comodo_AAA_Services_root.pem
:
Connect
Click Apply and then establish the connection by clicking on the toggle button:
If you encounter problems creating and configuring the connection, try the program nm-connection-editor
, too.