Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
phone: +49 (341) 3550 - 0
fax: +49 (341) 3550 - 119
VPN (Virtual Private Network)
It is possible to access services/resources of the institute from outside the institute by using VPN.
Resources available via VPN:
- internal webserver
- terminal servers
To use VPN you need a special software installed on your computer. This software is available for
To use VPN on insitute computers, please ask your department's IT staff to install this software and to issue a digital certificate for you.
VPN-Client on Windows
Installation of SecurePoint SSL VPN
Download the most recent version from the vendors website.
Start the installation and choose the language you prefer.
Click NEXT to continue with the installation process.
Click I AGREE to accept the license agreement.
Choose ALL USERS to install SecurepointSSLVPN for all users of your local device. Click NEXT.
Choose the MANAGEMENT context to edit some important configurations later. Click NEXT.
Choose the installation directory and click NEXT.
All important installation components are selected. Click INSTALL.
If you use Windows XP a warning appears during the installation process. Click CONTINUE ANYWAY to install a special driver that is needed for SecurepointSSLVPN.
To complete the setup click FINISH.
Configuration of SecurePoint SSL VPN
Now the configuration files and certificates that will be provided by the department’s IT staff have to be installed. Create a new subfolder named config in the SecurepointSSLVPN program directory.
The program directory may be:
- C:\Program Files\Securepoint SSL VPN
- C:\Program Files (x86)\Securepoint SSL VPN
- C:\Programme\Securepoint SSL VPN
The files MPI_EVAN_ca.crt, MPI_EVAN_client.crt, MPI_EVAN_client.key, MPI_EVAN_emigma2_ta.key, MPI_EVAN_Default.opvn and MPI_EVAN_Fallback.ovpn have to be copied into this subfolder.
Start the SecurepointSSLVPN program by clicking on the desktop icon and a new icon will be shown in the taskbar.
Double click on it, then press IMPORT.
Choose the path to the config subfolder of the SecurepointSSLVPN program directory and import both configuration files:
Click CONNECT to establish the connection.
Enter your password and click OK.
Then the connection will be established.
VPN-Client on Linux
Install and configure OpenVPN for Linux clients
1. Install openvpn on your Linux client by using the distribution package.
2. Obtain an OpenVPN certificate from your department's IT administrator.
3. Put all files belonging to the certificate into the /etc/openvpn directory:
- update-resolv-conf.suse or
- MPI_EVAN_suse.conf or
4. cd into /etc/openvpn and execute "sudo chmod 755 /etc/openvpn/udate-resolv-conf*"
5. To start OpenVPN tunnel one must have root privileges on the system to load and setup kernel modules and network interfaces.
6. cd into /etc/openvpn and excute openvpn MPI_EVAN_suse.conf or openvpn MPI_EVAN_ubuntu.conf depending on your linux distribution.
root@client:/etc/openvpn# openvpn MPI_EVAN_ubuntu.conf
Fri Mar 7 13:05:19 2008 OpenVPN 2.0.9 arm-angstrom-linux-gnueabi [SSL] [LZO] [EPOLL] built on Aug 6 2007
Fri Mar 7 13:05:19 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Enter Private Key Password:
Fri Mar 7 13:05:21 2008 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Mar 7 13:05:21 2008 LZO compression initialized
Fri Mar 7 13:05:21 2008 UDPv4 link local (bound): [undef]:1194
Fri Mar 7 13:05:21 2008 UDPv4 link remote: <IP-address of gateway>:1194
Fri Mar 7 13:05:23 2008 [OPENVPN-SERVER] Peer Connection Initiated with <IP-address of gateway>:1194
Fri Mar 7 13:05:24 2008 NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
Fri Mar 7 13:05:24 2008 TUN/TAP device tun0 opened
Fri Mar 7 13:05:24 2008 /sbin/ifconfig tun0 <IP-address> pointopoint <IP-address> mtu 1500
Fri Mar 7 13:05:24 2008 ./client.up.linux.sh tun0 1500 1558 <IP-address> <IP-address> init
Fri Mar 7 13:05:25 2008 Initialization Sequence Completed
Changing certificate password (recommended)
root@client:/etc/openvpn# openssl rsa -aes256 <client.key >client.key.new
Enter pass phrase:
writing RSA key
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
root@client:/etc/openvpn# mv client.key.new client.key
VPN-Client on Mac OS X
Download the most recent version of "Tunnelblick" and double-click to open it: Tunnelblick (latest)
Start the installation by double-clicking at the Tunnelblick icon:
Click Open when prompted to confirm that you want to install this application:
Confirm the permission settings:
Finally, Quit the application.
Extract by double-clicking the compressed package (received via email) with your VPN certificates and configurations.
Open the folder MACOSX_CONFG and double-click on file MPI_EVAN_VPN.tblk and choose "Only me"
Next, you will be prompted to enter your username and password again to install the VPN configuration.
Starting the "tunnel"
Start Tunnelblick and the icon appear on the far right of your top toolbar. Click and select Connect MPI_EVAN_VPN to connect.
Enter the passphrase (also received via separate email).
If the connection attempt was successful, the Tunnelblick icon should now look enlightened and open.
Whenever you want to connect to the MPI-EVA just click at the tunnel icon. You may then use the Citrix Server (https://citrix.eva.mpg.de) or ssh-commands.
Changing certificate password (recommended)
Inside your VPN config package (received via email), change to MACOSX_CONFIG folder, there is a file named MPI_EVA_change_vpn_password.dmg.
Double-click this file and follow the instructions to change your password.
Replace outdated certificate
Check the email with your new certificate (reveived from your deparment's IT staff). Download both files (certificate and DMG file).
Open the atachment MPI_EVAN_VPN_OSX_replace_cert.dmg and follow the instructions to replace your outdated certificate.