You are located in service: VPN (Virtual Private Network)

VPN Modules

VPN Modules

Detailinformation

On this page you will find an overview of the various VPN modules offered by the IT Center.


  1. Base Modul: RWTH VPN
  2. Base+Modul: Instituve VPN
  3. Rights and Duties
  4. Usage

1. Base Modul: RWTH VPN

The IT Center operates a central, high-performance VPN server, which is redundant for reasons of availability.

Holders of a user name (format: ab123456) for whom this type of service has been activated in identity management are authorized to use it. The user group therefore includes all students and employees of RWTH Aachen University.

Use requires the download and installation of software available on the IT Center website.

2. Base+ Modul: Institute VPN

Institute VPN on dedicated hardware

Institutions often need to guarantee a restricted group of people access to internal resources. For this purpose, the IT Center offers VPN as an individual service. Other security measures can also be implemented here, e.g. end host assesments. 

This is implemented using dedicated hardware, which must be procured by the institution at its own expense via the IT Center. Depending on the expected number of users and usage profile, devices of different performance and price classes are available. The appropriate device type is selected after a consultation with the IT Center.

The VPN router is configured individually by the IT Center based on the customer's specifications recorded during the consultation. 

For example, access profiles or additional packet filters are adapted here to further restrict access in the institute LAN.

The device is usually operated on the institution's premises and can be installed by the IT Center.

By default, the VPN routers are centrally monitored by the IT Center.

The administration of the VPN service users is carried out by the user institution in IdM Selfservice. A corresponding portal service is operated by the IT Center; after the user institution has named authorized contact persons, these are entered as administrators by the IT Center and receive a link to the portal page as well as brief instructions on user administration.

A special case (only possible on dedicated hardware) is the connection of complete external networks to an institute LAN (via VPN tunnel). This can also be configured with the VPN routers mentioned and implemented several times - however, at least two VPN routers are required here, one at the desired location of RWTH Aachen University, the second at the location of the external institution.

Institute VPN on centralized IT Center hardware

As an alternative to operating the institute VPN on dedicated hardware, operation on centralized IT Center hardware is available.

In this case, virtual instances are created on redundant hardware in the IT Center. This subdivision offers a segmentation of the facilities against each other, which leads to simplified operation by the end user as well as an increase in security.

With this centralized solution, extended security measures and site-2-site configuration are not possible for technical reasons.

It offers pure remote access.

Rights and Duties

A computer that has established a connection to an RWTH VPN server can in particular access RWTH internal content in the RWTH Aachen University network. Furthermore, the computer is subject to all restrictions and the terms of use that apply in the RWTH Aachen University network.

Usage

VPN client software is required to establish a VPN connection. This takes over the establishment of the encrypted tunnel and tricks the system into believing that it is located in a different network. There are currently two fundamentally different access technologies available, for which different client software exists.

Connection technologyClientsoftwareDescription
SSLVPNOpen Secure Clientlatest and manufacturer supported client software; for Windows, Mac OS X, Linux, Android and Apple iOS available
IPSECOpen Secure Clientlatest and manufacturer supported client software; for Windows, Mac OS X, Linux, Android and Apple iOS available
 OpenConnect Clientalternative client software among others for Linux; not supported by the IT Center of RWTH Aachen University

last changed on 04/09/2024

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License