Notice 2025 – Math VPN as a Service of the ZIM

As a result of a certificate provider change, starting from 12/2025 the complete Math VPN service will be offered by ZIM.

Installation

For this, download the installer from the official OpenVPN download page and run it. Follow the standard installation procedure.

Configuration

The configs can be found in the ZIM Help Wiki in the respective VPN articles (https://hilfe.uni-paderborn.de/VPN_einrichten).

Please make sure that you have requested and installed a current certificate, required for the used operating system, via the ZIM service portal.

The VPN for employees of Mathematics is listed as “Institute for Mathematics – ID: 10”.

Usage

To use OpenVPN, open OpenVPN-GUI via the Start menu. In the system tray (next to the clock) a new symbol will appear. Open the context menu with a right-click on the symbol, select the entry “10_windows_udp_redirect” and choose connect. A new window with several status messages will open.

If everything worked, the symbol will change its color to green and the VPN connection is established. If needed, the connection can be disconnected again via the context menu.

Please then check the assigned IP addresses at https://imt-infoboard.uni-paderborn.de/ip/

There, the information should be marked in green and for IPv4 be in the range 131.234.50.160/27 and for IPv6 in the range 2001:638:502:5183::/64.

===========================

Notice 2025 – not yet released!!!

As a result of a certificate provider change, by 12/2025 the configs have to be adjusted again:

• Additional file containing the new Certificate Authority (CA): HARICA_CA_Chain.pem
  [currently present: Sectigo_CA_Chain.pem]
• Change in file math.ovpn: replace Sectigo_CA_Chain.pem with HARICA_CA_Chain.pem

At present, the server vpn2.math.uni-paderborn.de can already be used with the new data.

Installation

If not already available, first install the OpenVPN package. For example via command line with the command sudo apt-get install openvpn.

Graphical configuration

Preparation

The graphical configuration of the math VPN is done via the NetworkManager. For this the extension network-manager-openvpn is additionally needed. Under some systems also network-manager-openvpn-gnome. Both can be installed again via the sudo apt-get command, specifying the two extensions. Afterwards the service must be restarted with the command sudo service network-manager restart.

Configuration

The configuration itself takes place in the said NetworkManager, which can be opened both in the Start menu under Connections and via the connection icon in the toolbar. A new connection is to be created there, where the OpenVPN option is selected under VPN connection types. The following settings must be made:

1. Allgemein: Die Punkte Benutzerdefinierte UDP-Fragmentgröße verwenden (1300) und Maximale TCP-Segmentgröße (MMS) begrenzen auswählen, während alle anderen Punkte deaktiviert bleiben müssen.

2. Sicherheit: Chiffre auf Standard und HMAC-Authentifizierung auf SHA-384 stellen sowie Benutzerdefinierte Größe des Codeschlüssels verwenden deaktivieren.

3. TLS-Legitimierung: Überprüfung des Server-Zertifikates wird nicht mehr verwendet und kann somit auf nicht überprüfen gestellt werden. Stattdessen muss die Option Zertifikat der Gegenstelle mithilfe der Signatur überprüfen aktiviert und beim TLS-Typ der Gegenstelle Server ausgewählt werden.