Open­VPN un­der Linux

Notice 2025 – Math VPN as a Service of the ZIM


As a result of a certificate provider change, starting from 12/2025 the complete Math VPN service will be offered by ZIM.

Installation

For this, download the installer from the official OpenVPN download page and run it. Follow the standard installation procedure.

Configuration

The configs can be found in the ZIM Help Wiki in the respective VPN articles (https://hilfe.uni-paderborn.de/VPN_einrichten).

Please make sure that you have requested and installed a current certificate, required for the used operating system, via the ZIM service portal.

The VPN for employees of Mathematics is listed as “Institute for Mathematics – ID: 10”.

Usage

To use OpenVPN, open OpenVPN-GUI via the Start menu. In the system tray (next to the clock) a new symbol will appear. Open the context menu with a right-click on the symbol, select the entry “10_windows_udp_redirect” and choose connect. A new window with several status messages will open.

If everything worked, the symbol will change its color to green and the VPN connection is established. If needed, the connection can be disconnected again via the context menu.

Please then check the assigned IP addresses at https://imt-infoboard.uni-paderborn.de/ip/

There, the information should be marked in green and for IPv4 be in the range 131.234.50.160/27 and for IPv6 in the range 2001:638:502:5183::/64.

===========================

Notice 2025 – not yet released!!!


As a result of a certificate provider change, by 12/2025 the configs have to be adjusted again:

  • Additional file containing the new Certificate Authority (CA): HARICA_CA_Chain.pem
    [currently present: Sectigo_CA_Chain.pem]
  • Change in file math.ovpn: replace Sectigo_CA_Chain.pem with HARICA_CA_Chain.pem

At present, the server vpn2.math.uni-paderborn.de can already be used with the new data.

Installation

If not already available, first install the OpenVPN package. For example via command line with the command sudo apt-get install openvpn.

Graphical configuration

Preparation

The graphical configuration of the math VPN is done via the NetworkManager. For this the extension network-manager-openvpn is additionally needed. Under some systems also network-manager-openvpn-gnome. Both can be installed again via the sudo apt-get command, specifying the two extensions. Afterwards the service must be restarted with the command sudo service network-manager restart.

Configuration

The configuration itself takes place in the said NetworkManager, which can be opened both in the Start menu under Connections and via the connection icon in the toolbar. A new connection is to be created there, where the OpenVPN option is selected under VPN connection types. The following settings must be made:

 

Enlarge image

Important: This is not the normal password (e.g. for webmail) but a separate one. If you do not yet have VPN access data or if you have forgotten your password, please contact a member of the RBM.

The certificate needed for the CA certificate field can be downloaded here and can be stored e.g. in a separate VPN folder.

Under Advanced, a few adjustments must also be made.

Enlarge image

1. General: select the Use custom UDP fragment size (1300) and Restrict TCP maximum  segment size (MMS) items, while all other items must remain unchecked.

Enlarge image

2. Security: set Cipher to default and HMAC Authentication to SHA-384 as well as disabling Use custom size of cipher key.

Enlarge image

3. TLS authentication: Server Certificate Check is no longer used and can therefore be set to Don't verify. Instead, the option Verify peer certificate usage signature must be enabled and Server must be selected for the Remote TLS type.

 

 

After saving the settings, a VPN connection can now be established either via the app itself or again via the menu in the toolbar.

Con­fig­ur­a­tion via Com­mand­line

To do this, create a directory in your user directory where the configuration files are stored, e.g. VPN.

Place the configuration and certificate file from the ZIP archive there. 

To start the VPN connection, change to the previously created directory using cd and start the client with root rights via sudo openvpn math.opvn

You will then be asked for a username and password.

Important: This is not the normal password (e.g. for webmail) but a separate one. If you do not have VPN access data yet or if you have forgotten your password, please contact a member of the RBM.

Leave the terminal window with the OpenVPN client open as long as you need the VPN connection.

Further information: