Configure VPN Connection on Linux (OpenVPN)
Requirement!
To set up the VPN, you need a second factor (abbreviation: 2FA or MFA). This is an additional security layer in addition to your HTW account password. You can set up the second factor within the account service using the following guide:
Multi-Factor Authentication
It is strongly recommended not to run any additional VPN clients in parallel!
Step 1: Download the OpenVPN configuration file
Download the configuration file from our download portal (you need to log in with your HTW account). Then return to this guide.
To download the VPN profile
Step 2: Install the VPN client
Open a terminal and install OpenVPN with the following command, for example, on Debian/Ubuntu:
sudo apt install openvpn
On other distributions, the command may vary.
The Gnome/Ubuntu Network Manager does support OpenVPN, but unfortunately, it does not support MFA, which is why it is currently only offered via the console.
Step 3: Establish a VPN connection
Invoke OpenVPN with the following command, pointing to the path of the configuration file (VPN profile from Step 1).
sudo openvpn --config <path_to_configuration_file> --dev tun0
If you receive an error message such as “Options error: Unrecognized option…” when establishing a connection, please see the respective information box at the bottom of this page.
Step 4: Login with MFA
Log in with your HTW credentials (without @htw-berlin.de; e.g. s0000001 or amuster) and enter the second factor (one-time password; numeric code) from your authenticator app. You set up this app using our guide.
The connection is successful when "Initialization Sequence Completed" is displayed.
If your client does not support a second factor, enter your password and then the token directly in the password field.
NO openVPN possible in the eduroam or HTW network!
In the entire HTW Berlin network (including the eduroam WLAN), an OpenVPN connection cannot be established (a timeout is displayed in the OpenVPN client).
Its use is mainly intended for outside the university.
in case of a slow or unstable OpenVPN connection/websites cannot be accessed
User experience has shown that you may experience speed or stability problems with OpenVPN if your Internet connection does not have a public IPv4 address but uses Dual-Stack Lite instead, which means multiple customers share a single IPv4 address.
If you notice that your OpenVPN connection is very slow or unstable, please try using a different Internet connection (e.g. the mobile hotspot of your smartphone via the mobile network). If the problem does not exist there, you might contact your Internet provider and ask them to provide you with your own IPv4 address for your Internet connection. A dynamic IPv4 address is sufficient for this; a fixed IP address (often offered for a fee) is not required.
Error message: Options error: Unrecognized option…
You may receive the following error message or something similar when trying to connect:
Options error: Unrecognized option or missing or extra parameter(s) in Downloads/openvpn-HTW-mfa-connect-config.ovpn:3: data-ciphers (2.4.12)
This means that you are using an older OpenVPN version that does yet support the “data-ciphers” parameter in the configuration file.
In this case, edit the downloaded configuration file “openvpn-HTW-mfa-connect-config.ovpn” using a text editor as follows:
Remove these two lines:
data ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC and
data-ciphers-fallback AES-256-CBC
In the same place, add the following line:
ciphers AES-256-CBC
Then save the file. Afterwards, the connection should also work with older OpenVPN versions. If not, please contact us with the respective error message.
Uninstallation of old VPN clients
After completing the installation, we recommend uninstalling any old installations of the Cisco AnyConnect program (if you used our old VPN client).