Configure VPN Connection on macOS (OpenVPN)

Requirement!

To set up the VPN, you need a second factor (abbreviation: 2FA or MFA). This is an additional security layer in addition to your HTW account password. You can set up the second factor within the account service using the following guide:
Multi-Factor Authentication

It is strongly recommended not to run any additional VPN clients in parallel!

Step 1: Download OpenVPN and the configuration file

Download the OpenVPN client and the certificate from our download portal (you need to log in with your HTW account). Then return to this guide.

To download the OpenVPN client and the VPN profile

Step 2: Install the VPN client

Start the setup (open the file openvpn-connect-<version>_signed.dmg) that you downloaded in Step 1.

You will then be prompted to select whether your Mac device has an Intel CPU or an Apple CPU/Chip. Choose the appropriate option.

If you need help deciding, you can find information about your CPU on this Apple page.

OpenVPN Setup Processor Selection

Step 3:

Click "Continue" at this step of the setup.

OpenVPN Setup Start View

Step 4: EULA

Accept the license agreement (EULA) and click "Continue" to proceed with the installation.

OpenVPN Setup Eula

Step 5: Select Installation Location

Select the installation location and click "Continue."

By default, the location is: "Install for all users of this computer."

OpenVPN Setup Memory Selection

Step 6: Install

Click "Install" to start the installation.

Confirm any prompts that appear during this step.

OpenVPN Setup Installation Confirmation

Step 7: Installation Completed

The installation is complete. You can click "Finish."

OpenVPN Setup Successful Installation Confirmation

Step 8: Confirm the EULA

The OpenVPN program should start automatically after installation.

After setup, the OpenVPN license agreement (EULA) will be displayed. Click "AGREE" to confirm it.

OpenVPN Eula

Step 9: Load the configuration file

Select the "UPLOAD FILE" tab and upload the configuration file from Step 1 either by clicking "BROWSE" or by dragging and dropping it into the window.

OpenVPN Upload File View

Step 10: Login

Enter your HTW account username (without @htw-berlin.de; e.g., s0000001 or amuster) in the "Username" field and click "CONNECT."

OpenVPN Login

Step 11: Enter HTW Account Password

Enter your HTW account password (the same as for LSF/Moodle) and confirm by clicking "OK."

OpenVPN Password Entry

Step 12: Enter Second Factor

Enter the one-time password (numeric code) generated by your authenticator app in this view. You set up this app using our guide. Then click "SEND."

OpenVPN Second Factor Entry

Step 13: VPN Successfully Connected

If everything was entered correctly, you will see "CONNECTED" in the OpenVPN client.

When the window is closed, the application will continue to run in the background.

OpenVPN VPN Successfully Connected

NO openVPN possible in eduroam or the HTW network!

In the entire HTW Berlin network (including the eduroam WLAN), an OpenVPN connection cannot be established (a timeout is displayed in the OpenVPN client).

Its use is mainly intended for outside the university.

in case of a slow or unstable OpenVPN connection

User experience has shown that you may experience speed or stability problems with OpenVPN if your Internet connection does not have a public IPv4 address but uses Dual-Stack Lite instead, which means multiple customers share a single IPv4 address.

If you notice that your OpenVPN connection is very slow or unstable, please try using a different Internet connection (e.g. the mobile hotspot of your smartphone via the mobile network). If the problem does not exist there, you might contact your Internet provider and ask them to provide you with your own IPv4 address for your Internet connection. A dynamic IPv4 address is sufficient for this; a fixed IP address (often offered for a fee) is not required.

Uninstallation of old VPN clients

After completing the installation, we recommend uninstalling any old installations of the Cisco AnyConnect program (if you used our old VPN client).