Configuration of VPN with Linux

Using VPN you can connect to the university network over the Internet. If you use VPN your computer behaves the same way as if it is physically connected to the university network. This way you can use the services that are only available from inside the university network.

VPN using IPsec/IKEv2 with Strongswan (recommended)

Installing packages

Install the necessary packages for Strongswan
Debian/Ubuntu:
$ sudo apt install network-manager-strongswan libcharon-extra-plugins
For Ubuntu, the "universe" distribution component must be enabled beforehand:
$ sudo add-apt-repository universe

Fedora:
$ sudo yum install NetworkManager-strongswan-gnome

Afterwards you have to restart at least the NetworkManager service (if in doubt, restarting the whole system will also help):
$ sudo systemctl restart NetworkManager.service

Necessary manual configuration

Now create the configuration file charon-nm.conf with the content charon-nm { plugins { eap-peap { load = no } } } e.g. by
Ubuntu:
$ echo "charon-nm { plugins { eap-peap { load = no } } }" | sudo tee /etc/strongswan.d/charon-nm.conf
Fedora:
$ echo "charon-nm { plugins { eap-peap { load = no } } }" | sudo tee /etc/strongswan/strongswan.d/charon-nm.conf

Create and configure connection

Open the network settings dialog (Settings -> Network -> VPN) and add a new VPN connection by clicking on the plus symbol +:

Select IPsec/IKEv2 (strongswan) as type:

Configure the following parameters:

Server -> Address:
vpn.uni-mainz.de
Server -> Certificate:
Comodo_AAA_Services_root.pem (see below)
Client -> Authentication:
EAP (Username/Password)
Client -> Username:
The username of your JGU account followed by @uni-mainz.de
(cf. Username on https://account.uni-mainz.de/)
Client -> Password:
The password of your JGU account
Options:
Request an inner IP address
Algorithms:
Enable custom algorith proposals
Algorithms -> IKE:
aes256-sha1-sha256-sha384-modp2048

When selecting the server certificate, press STRG+L and enter the following path:
/etc/ssl/certs/Comodo_AAA_Services_root.pem:

Connect

Click Apply and then establish the connection by clicking on the toggle button:


If you encounter problems creating and configuring the connection, try the program nm-connection-editor, too.