VPN
The AIP provides access to internal resources via a VPN connection. VPN stands for Virtual Private Network. With that your computer establishes a secure connection to the institute network. The access to the internal network of the AIP is protected by a "next generation firewall". In order to establish a connection via VPN you need a so called "VPN client software" and an AIP account with access to the windows domain "Astrophysik".
**Attention:** The following instructions do not apply to the VPN connection to the Verwaltungs-Netz. Please contact us directly if you need VPN access to this subnet!
Please take note of the existing restrictions
- The connection establishment only works when your computer is connected to a network outside the AIP.
- The VPN connection with the suffix "aip" enables you to access internal resources. The network traffic to ressources outside the AIP is handled by your Internet provider, thus unburdening the AIP network infrastructure.
- If you want to access electronic journals licensed by the AIP at the same time, you need to set the suffix "journal" instead of "aip" in the domain/realm settings (see below). This VPN connection opens access to the AIP internal ressources, too. You might want to configure two VPN connections and to switch between them for normal activities and activities including access to the journals.
- Before a VPN connection is established, your PC is checked for necessary security updates etc. If necessary, the software is updated, what can consume several minutes.
Linux operating systems
For linux we recommend using the open source client openfortivpn that can be easily installed and started from a command line. Here is an example from a computer with Ubuntu 18.04:
# Installing the VPN client from the repository of your distribution
sudo apt-get install openfortivpn
# Starting the VPN client and accepting the server certificate
sudo openfortivpn vpn-gate.aip.de:443 --realm=aip --username=your_account_name \
--trusted-cert2ed23b92743324277713a3cdc186dd8030d11b02700bea70d05d3d190c5ace30
Keep the command line window open as long as you want to be connected to the VPN. Please replace "--realm=aip" by "--realm=journal" if you want to access electronic journals licensed by the AIP.
Other operating systems
For Microsoft-, Apple- and Android operating systems we recommend using the VPN client of the firewall manufacturer. The "FortiClient" offers a different amount of functions depending on the operating system and the graphical user interfaces do differ too. The following tutorial possibly needs to transferred accordingly to your client depending on your operating system.
For Windows and MacOS, we provide a pre-configured version. Select the Setup executable according to your operating system, start the setup executable and follow the instructions. It is possible that you need administrative rights on your computer.
MacOS: https://extreme-ems.aip.de:10443/installers/Default/7.0.13_win_macOS/FortiClient_7.0.13.dmg
The installer requests you, among other things, to accept the license agreement. Please accept it. Depending on your operating system you can then proceed with the standard installation (Windows), or you need to select the customized installation (MacOS) and add the module "malware protection".
For Android Systems, please install the current FortiClient app (not the FortiClient VPN app!) using Google Play Store.
Current versions of FortiClient (higher than 7.0.x) should be configured via a so-called EMS server, for which the following instructions apply. Further below you will also find instructions for older versions of FortiClient, with which you can open the VPN connection directly.
Configuration using the EMS Server
In the following, the setup of the VPN client is explained using the example of an Android system.
The application (app) is free of charge. To do this, go to the Google Play Store and search for FortiClient.
Tap the app you want (FortiClient, not the FortiClient VPN app!) and then press the Install button at the top.
Accept the access permissions.
- Allow access to camera and storage
- Allow "Display over other apps"
The application will then be downloaded and installed. If the app has been downloaded successfully, you will now find the icon of the application with the name FortiClient among your installed apps.
Open the application via the icon.
The first time you start the application, a window will appear, select "User Input" (Login). It is not necessary to enter mail address and phone number.
The next step is to set your displayed user name in the app. When you confirm it with the "Next" field, you will be redirected to the next window.
Furthermore, select "Specify EMS IP" below.
In the window that appears, enter the host:
extreme-ems.aip.de
Nothing else is needed.
A prompt for the EMS certificate appears. To proceed further, tap on "ALLOW".
The EMS settings are searched. After succesfully searching and loading the settings, the status will change to green. Please check if the "Zero Trust Telemetry Settings" are activated. If not, please activate them using the switch right next to the text "Zero Trust Telemetry Settings."
Via the menu (accessible via the three horizontal lines on the top), select the topic VPN.
Different VPN tunnels are offered, tap on the VPN tunnel you need. Normally it is the "AIP Default". When you want to access online journals from the AIP library, please select "AIP Journal". Click "Connect" on the next page.
In the following window, fill in the necessary login data and log in.
First, information about the FortiClient establishing and monitoring a VPN connection pops up. this is correct, please tap on "OK".
Then accept the untrusted certificate again.
Finally, the VPN tunnel is opened and some information about it are displayed. To disconnect you can use the "Disconnect" field at the bottom.
Instructions for older versions of FortiClient
The FortiClients contains a standalone antivirus function ("real-time-protection"). If you do already have an antivirus software installed on your computer the FortiClient will recognize this and offer to disable its own "real time protection" module during the installation. Please accept that accordingly.
During the installation the actual client software will be downloaded in the background. This can take a while.
After the installation the client starts and can now be configured. Depending on your operating system it might be necessary to start the client's graphical user interface by clicking the icon the taskbar of your computer.
Please click on "Remote Access" in the menu on the left and then click on the link "Configure VPN". Die VPN connection will be established via SSL.You should enter a meaningful name into the field "Connection Name" (e.g. "AIP-VPN"). Please enter "vpn-gate.aip.de/aip" into the field "Remote Gateway" (including the suffix "/aip" or "/journal", if you want to access electronic magazines!) You can keep the standard values on the other settings and save everything.
Now you can enter your windows user name and your password in order to establish the connection.
You will receive a message when the connection has been established successfully and you can close the window now. You can check the connection status and close the connection by clicking the FortiClient icon. Depending on your operating system and the installation type the FortiClients also offers the possibility to search for vulnerabilities and malware on your computer. Both should be done frequently!
For purists - connecting to the AIP network via SSH
Users with an active AIP account incl. linux access are able to connect to the AIP via the SSH gateway server "login.aip.de".
Cluster access
Further information regarding the HPC clusters at the AIP can be found on the eScience Webpages.
Establishing a VPN connection to the administration network
You can find a tutorial on how to connect to the administration network here (only in german).