Source: Own Illustration
At RWTH Aachen University, the Virtual Private Network (VPN) provides an important and secure connection to the university network. This connection is secured by encryption protocols such as TLS. VPN ensures that all data traffic – either to the RWTH network or, depending on the configuration, also to the Internet – is routed via a so-called “tunnel”. This tunnel protects the data on its way between your end device and the VPN server, where it is then integrated into the RWTH network. In the “Full Tunnel”, for example, requests from your device for external services appear with an IP address of RWTH Aachen University. In this article, we explain how you can set up and use the RWTH VPN service.
Possible Uses of the VPN
The use of a VPN is necessary, for example, if you want to research the catalogs of the University Library or access the high-performance computer of RWTH Aachen University. Access to the intranet of RWTH Aachen University and to the instructions for RWTHonline is also only possible via the RWTH network and therefore only from outside via a VPN. This also applies to specific data of individual institutes. In addition to the central VPN of RWTH Aachen University, institutes have the option of having their own secure VPN network set up at the IT Center for a fee. Further information on setting up the institute VPN can be found in our previous article, which explains various technical options such as dedicated hardware and central VPN instances. Institute administrators can contact our IT-ServiceDesk if they are interested.
Preparation and Installation
To use the central VPN, you need a corresponding self-service VPN account and a special VPN client – the Cisco Secure Client (formerly AnyConnect) is currently supported. The software and installation instructions for various devices can be found on IT Center Help. However, the use of native VPN clients that are directly integrated into operating systems such as Windows or macOS is not supported. These are often not compatible with the security standards of the RWTH VPN. You can find out how to connect to the VPN in our instructions on IT Center Help.
Multifactor Authentication (MFA) for VPN
Since February 2024, access to the VPN has been additionally secured by the mandatory introduction of MFA to make cyber attacks and phishing more difficult. With MFA, an additional security code is required, which is generated using a TAN list, authenticator app or hardware token. You can find detailed instructions in our MFA article and on IT Center Help.
The Infrastructure of the VPN
The VPN infrastructure of RWTH Aachen University is based on a highly secure and scalable network architecture, which we manage as an IT center. Especially since the pandemic, the VPN infrastructure has been greatly expanded to meet the increased requirements of remote working. In addition to RWTH Aachen University’s central VPN, the IT Center also manages around 145 other VPN access points for institutes – and the number is growing!
RWTH Aachen University’s VPN infrastructure is actively monitored in order to detect security incidents at an early stage and ensure service quality. In the event of unusual or unauthorized access, measures such as blocking the connection or reporting it to the responsible IT security department can be taken.
Current Status IPv6
The VPN infrastructure is being continuously expanded – either as part of the general network renewal or at the specific request of individual institutes. If a hardware update is due as part of this, the current network concept will be implemented at the same time. This also includes the activation of IPv6. Currently, just over 70% of all VPN accesses at RWTH Aachen University are already IPv6-capable.
Access to RWTH Aachen University’s VPN enables you to access the university’s digital resources securely and efficiently. Take advantage of this technology and protect your data. If you have any further questions, please contact the IT-ServiceDesk.
Responsible for the content of this article is Malak Mostafa.
Leave a Reply