VPN Modules
On this page you will find an overview of the various VPN modules offered by the IT Center.
The IT Center operates a central, high-performance VPN server, which is redundant for reasons of availability.
Holders of a user name (format: ab123456) for whom this type of service has been activated in identity management are authorized to use it. The user group therefore includes all students and employees of RWTH Aachen University.
Use requires the download and installation of software available on the IT Center website.
Institute VPN on dedicated hardware
Institutions often need to guarantee a restricted group of people access to internal resources. For this purpose, the IT Center offers VPN as an individual service. Other security measures can also be implemented here, e.g. end host assesments.
This is implemented using dedicated hardware, which must be procured by the institution at its own expense via the IT Center. Depending on the expected number of users and usage profile, devices of different performance and price classes are available. The appropriate device type is selected after a consultation with the IT Center.
The VPN router is configured individually by the IT Center based on the customer's specifications recorded during the consultation.
For example, access profiles or additional packet filters are adapted here to further restrict access in the institute LAN.
The device is usually operated on the institution's premises and can be installed by the IT Center.
By default, the VPN routers are centrally monitored by the IT Center.
The administration of the VPN service users is carried out by the user institution in IdM Selfservice. A corresponding portal service is operated by the IT Center; after the user institution has named authorized contact persons, these are entered as administrators by the IT Center and receive a link to the portal page as well as brief instructions on user administration.
A special case (only possible on dedicated hardware) is the connection of complete external networks to an institute LAN (via VPN tunnel). This can also be configured with the VPN routers mentioned and implemented several times - however, at least two VPN routers are required here, one at the desired location of RWTH Aachen University, the second at the location of the external institution.
Institute VPN on centralized IT Center hardware
As an alternative to operating the institute VPN on dedicated hardware, operation on centralized IT Center hardware is available.
In this case, virtual instances are created on redundant hardware in the IT Center. This subdivision offers a segmentation of the facilities against each other, which leads to simplified operation by the end user as well as an increase in security.
With this centralized solution, extended security measures and site-2-site configuration are not possible for technical reasons.
It offers pure remote access.
A computer that has established a connection to an RWTH VPN server can in particular access RWTH internal content in the RWTH Aachen University network. Furthermore, the computer is subject to all restrictions and the terms of use that apply in the RWTH Aachen University network.
VPN client software is required to establish a VPN connection. This takes over the establishment of the encrypted tunnel and tricks the system into believing that it is located in a different network. There are currently two fundamentally different access technologies available, for which different client software exists.
| Connection technology | Clientsoftware | Description |
|---|---|---|
| SSLVPN | Open Secure Client | latest and manufacturer supported client software; for Windows, Mac OS X, Linux, Android and Apple iOS available |
| IPSEC | Open Secure Client | latest and manufacturer supported client software; for Windows, Mac OS X, Linux, Android and Apple iOS available |
| OpenConnect Client | alternative client software among others for Linux; not supported by the IT Center of RWTH Aachen University |
