Jump directly to main navigation Jump directly to content Jump to sub navigation

VPN (Virtual Private Network)

Some internal resources are not available from outside.
You can use our VPN solution to access most of them.

Resources available via VPN:

Software and configuration

To use VPN you need a special software installed on your computer.

Please use our Self Service (Module: VPN access) to get connected:
https://selfservice.eva.mpg.de

Module VPN access -> Request access via VPN.

Request a new certificate for VPN access:

Download the package containig certificate and configuration for the operating system of your device.

Validity and renewal of the certificate

The  certificate for VPN access is valid for one year.

You will receive an e-mail one week before the expiry so that you can renew your certificate.

After the extension, please delete the old certificate and download the new certificate again from selfservice portal and configure it according to the tunnel software.

With https://selfservice.eva.mpg.de   you can check the validity yourself or you can renew the certificate:

VPN Client Viscosity

We decided to purchse a licensed client for VPN "Viscosity".

Website: https://www.sparklabs.com/viscosity/

App Installation

For self-managed devices get in touch with your department IT to receive the installation file.

For computers managed by Empirum (Windows systems) your department IT is able to assign the program via our software deployment system.
For macOS systems managed by munki run "Managed Software Center" and choose Viscosity from the list of available optional apps.

Client Configuration

Windows

After successful installation of the program open it and find the program icon in the task bar:

Download configurations (new or extended) from https://selfservice.eva.mpg.de (as explained above) and extract them.

Rightclick the Viscosity item from he bottom right corner and select “Settings”. A new window will appear, select as shown in the window.

Import the default and the fallback configurations. 

Select the connection from the taskbar Viscosity icon and login with your MPI EVA credentials.
Done. 


macOS

macOS users use Managed Software Center to install Viscosity. After the program has been installed, open it from Applications.
You will find an icon in the top bar (maybe without any configuration).

Download your configuration files from https://selfservice.eva.mpg.de .
Extract the downloaded .tar archive and then import the configuration file mpievan_vpn.tblk to Viscosity → Settings → Import Connection → From File
Choose mpievan_vpn.tblk file.

Select your connection from the top menu icon and enter your username and password when requested.

Linux

Using the Command Line Client

  1. Install OpenVpn using the package manager of your distribution:

    Debian/Ubuntu:

        $ sudo apt-get install openvpn

    Fedora(22+):

        $ sudo dnf install openvpn

    CentOS(6,7)/Fedora(<22):

        $ sudo yum install openvpn
  2. Download your personal configuration package by clicking on Linux in the "Download configuration" section above.

  3. Switch to your download folder and move the package to e.g. your home drive:

        $ mkdir ~/mpieva_vpn $ cp OpenVPNconfLin_*.tar ~/mpieva_vpn $ cd ~/mpieva_vpn $ tar xvf OpenVPNconfLin_*.tar
  4. Start the connection by executing:

        $ openvpn mpieva_default.conf

    Please enter your MPI-EVA credentials when prompted:

        Auth user: <your MPI username> Auth password: <your MPI password>

Using the Network Manager

  1. Depending on your desktop environment search for packages similar to NetworkManager, vpn and your desktop (f.i. Gnome or KDE). Package names can be different for each linux distribution.

    Install NetworkManager and OpenVpn using the package manager of your distribution:

    Debian/Ubuntu:

        $ sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome

    Fedora(22+):

        $ sudo dnf install openvpn NetworkManager-openvpn NetworkManager-openvpn-gnome
  2. Download your personal configuration package by clicking on Linux in the "Download configuration" section above.

  3. Switch to your download folder and move the package to e.g. your home drive:

        $ mkdir ~/mpieva_vpn $ cp OpenVPNconfLin_*.tar ~/mpieva_vpn $ cd ~/mpieva_vpn $ tar xvf OpenVPNconfLin_*.tar
  4. Open the NetworkManager connection editor

    Create new connection using "Import VPN configuration" or "Import from file"

    Import config file mpieva_default.conf from folder ~/mpieva_vpn

    Set user name to your login name at MPI EVA

    Set "Ask for password every time" in password field

    Under "IPv4" look for "Routes" and mark checkbox "Use this connection only for resources on its network"

    Save you settings

Configure VPN on Android devices

  1. Download and untar the Linux configuration file from selfservice.mpg.de, and transfer files to your phone (somehow)
  2. Install the OpenVPN for Android app (https://play.google.com/store/apps/details?id=de.blinkt.openvpn, semi-officially approved by OpenVPN - https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-android/#official-openvpn-connect-app))
  3. Open the app and press '+' to add a new connection
  4. Press 'import' and import the corresponding EVA `.conf` file  
    Important: the conf file will try to tell the app where all subsequent 'supporting' files are and will make it seem like the files are found. This will _not_ work, so see step 5.
  5. Load supporting files manually:
  • Basic Tab >  CA Certification field > find in the browser and select `mpieva_cacert.pem`
  • Basic Tab > Client Certificate filed  > find in the browser and select `mpieva_client.crt`
  • Basic Tab >  Client Certificate key  > find in the browser and select `mpieva_client.key`
  • Authentication and Encryption Tab > TLS Auth File field > find in the browser and select `mpieva_ta_enigma.key`

Exit the configuration window and try selecting the connection on the main page of the app.