External Access to the Network (VPN)

Authentication is not equal to encryption. On public networks you authenticate with a password, but the data traffic remains unencrypted. A "UZH Virtual Private Network (VPN) connection" is used to encrypt public connections so that UZH members outside the UZH buildings have secure access to the UZH network, just as if they were sitting in the middle of it, just as if they were connecting directly to the UZH network.

You do not need any additional software to establish a VPN connection. All you need is an existing Internet connection and an active network connection configured with UZH-specific (encryption) parameters, as described below step by step. As an alternative to manual VPN configuration, Zentrale Informatik provides you here with a setup program for automated VPN configuration under Windows (versions 7 / 8 / 10).

show all

Windows - Automatic VPN configuration

1.) Download configuration file

  •  Download (save) the password protected setup file uzhvpn.exe to your PC.
    To do this, authenticate yourself with your short name and WebPass password.

2.) Execute configuration file

  •  
  • Double-click on the downloaded file (usually in the "Downloads" folder) to open it.
  • The connection should be available for "all users", not only for "own use".
  • At the end of the execution, the new VPN connection entry "UZH VPN" will appear in your taskbar, under the network icon (see next step).

If security prompts prevent you from opening the file, try running it with administrator rights (file context menu command "Run as administrator"). The exe file is no longer needed for later connections.

3.) Open VPN connection

  • Click on the network icon in the Windows taskbar (usually in the lower right corner).
  • Select the "UZH VPN" VPN connection that has just been automatically set up.
  • Click on "VPN" > "UZH VPN" (fig. right, only in Windows 10)
  • Click on "Connect".

4.) Establishing a VPN connection

  • Username Your Shortname
  • Password: Your VPN password
  • Click on the "Connect" button.

Wait a little until the data has been transmitted and the VPN connection has been established.

 ... Remove VPN connection

If the configuration must be disposed of, the VPN connection can be deleted in the adapter settings of the Network & Sharing Center. Either by clicking on the action menu command "Delete Connection" or via the context menu command "Delete".

 

Windows - VPN configuration

1.) Open the Network and Sharing Center in the Control Panel

For example, access the Network and Sharing Center in one of the following three ways:

  • Windows Start Menu > Control Panel > Network & Sharing Center (upper figure, Win 7)
  • Windows Search > Control Panel > Network & Sharing Center (middle figure, Win 7/8/10)
  • Windows taskbar and network icon > Network & Sharing Center (lower figure, Win 7/8/10)

2.) Select "Set up new connection or new network"

3.) Select "Connect to the workstation"

  • Click on Next.

4.) Select "Use the Internet connection (VPN)"

5.) Specify Internet address (server) and name

  • Internetadress: uzhvpn1.uzh.ch or uzhvpn2.uzh.ch.
    (vpn.uzh.ch does not work here because load balancing is not supported by the L2TP client).
  • Target name: Enter any descriptive name for the VPN connection (e.g. UZH VPN).
  • IMPORTANT: In Windows 7 activate the checkbox 'Do not connect now, set up for later use only'. This is necessary because further configurations have to be made after the wizard has finished.
  • Finally click on 'Next' (Windows 7) or 'Create' (Windows 8 / 10).

6.) Enter user data and close the assistant

Only in Windows 7 and 8:

  • Username: UZH Shortname
  • Password: VPN-Password.
  • Confirm by clicking on "Create".

Close the wizard. At this point, you must NOT click on "Connect now", as this would fail due to missing configurations. In Windows 10, you will not be asked for user data and the wizard will close automatically.

7.) Call up (connection) properties

Go back to the "Network and Sharing Center" (see point 1), click on "Change adapter settings" in the left selection and select the context menu command "Properties" (right click with the mouse) of the adapter you have just created.

8.) Set VPN type & authentication

  • Click on the "Security" tab.
  • VPN type: "Layer 2 tunneling protocol with IPsec (L2TP/IPSec)".
  • Authentication: "Allow the following protocols" > "Unencrypted password (PAP)".
  • Click on the "Advanced Settings" button.

9.) Specify advanced properties (group key)

  • Select the option "Use pre-installed key for authentication".
  • Key (shared secret): group password of the UZH connection profile ALL (see  Remote Access-VPN-Profile).
  • Confirm all windows with "OK".

Congratulations! You have successfully established the VPN connection.

10.) Open VPN connection

  • Click on the network icon in the Windows taskbar (usually in the lower right corner).
  • Select the VPN connection you have just set up (e.g. "UZH VPN")
  • Click on "VPN" > "Your VPN connection" (fig. right, only in Windows 10)
  • Click on "Connect".

11.) Establish VPN connection

 

  • Username: Your Shortname
  • Password: Your VPN password
  • Click on "Connect" (fig. left, Windows 7), respectively "OK" (fig. right, Windows 8 / 10)

Wait a little until the data has been transmitted and the VPN connection has been established.

 



Mac OS X - VPN configuration

1.) Open system settings

  • Open the system settings via the apple menu.

2.) Open Network Settings

  • Find and open the "Network Settings".

3.) Create new connection

  • Click on the "+" (plus sign) at the bottom left.
        (If greyed out, click on the padlock at the bottom to disable the security mechanism).

4.) Select port, type and name

  • Connection: Select VPN.
  • VPN Type: Select Cisco IPSec.
  • Service Name: Enter "UZH".
  • Click on "Create".

5.) Enter server address and user data

 

Server address: vpn.uzh.ch
Account name: Your UZH short name.
Password: Your VPN password
Activate the checkbox "Show VPN status in the menu bar".
Click Identification (or Authentication) Settings.

6.) Specify group key and name

  • Key ("Shared secret"): Our Group Password.
  • Group Name: Our Group Name
  • Confirm by clicking on "OK".

You can find the group key and the group password here
(Log in with UZH Shortname and WebPass password if required).

7.) Open VPN connection


You can start the VPN connection via the "Network settings" (see points 1 and 2) or via the VPN symbol in the menu bar (see next point 8). Authenticate yourself with your VPN user data (UZH Shortname).

8.) VPN connection status

The VPN connection status is displayed in the menu bar (if the corresponding option was activated during configuration).



Linux (Ubuntu) - VPN configuration

1.)  Installation of Openconnect

  • If not already pre-installed in newer operating systems, the VPN client Openconnect can be easily installed via the freely available (graphical) installation program "Synaptic Package Manager".
  • Alternatively, you can install Openconnect directly from the command line as follows (incl. dependencies)
       sudo apt-get install network-manager-openconnect
       sudo apt-get install network-manager-openconnect-gnome

2.) Add VPN connection

  • Click the "WLAN icon > Edit connections" in the menu bar.
  • Click on "Add".
  • Select "VPN connection compatible with Cisco AnyConnect (openconnect)" from the drop-down list
  • Click on "Create".

No group password (shared secret) needs to be specified. If the connection type "Cisco Anyconnect..." does not appear in the selection, you have not previously installed Openconnect as expected.

3.) Configure VPN connection

  •  Enter a name (e.g. "UZH") in the window that appears, and
  •  Enter "uzhvpn1.uzh.ch" for gateway
  •  Click on "Save" without making any further changes.

Optionally, you can specify a CA certificate.

4.) Establish VPN connection

  • In the menu bar, select WLAN icon > VPN connections -> "UZH VPN".
  • Click the "Connect" button in the dialogue box that opens.
  • Enter your user name and VPN password and click "Login".