VPN Setup

As you as students will need to connect to h_da internal services from time to time to work on projects or tasks assigned to you during exercises we provide an updated VPN access based on WireGuard.

This document aims to guide you through the process of configuring your device to be able to connect to the VPN and therefore to h_da internal services.

Obtaining a VPN device configuration

Faculty Members

Faculty members need to use a different WireGuard Access Server to obtain their VPN configuration. You will find the Access Server here: mavpn.fdbi.h-da.de

To obtain a WireGuard configuration for your device head over to the WireGuard Access Server. Here you will be presented with two ways of logging in:

Step 1: STVPN login pageStep 2: GitLab LoginStep 3: Grant access to StudentVPN

You want to choose the OIDC option here, which will redirect you to the Gitlab login page.

On this page, log in with your Student credential (username: stXXXXXX, password: <your pw>). On a successful login, you will be prompted to grant access to StudentVPN.

Choose Authorize to complete the OIDC login, and you will be brought back to a dashboard to manage your VPN devices.

Tip

While logged in to Gitlab you may also set up two-factor authentication (2FA). This is however not necessary to access the VPN, but a good security practice. A guide to enable 2FA on Gitlab can be found here.

Adding a new device

In the WireGuard access server's dashboard you will see a dialog to enter a new device name. Enter a name for a new config file and click Add

Step 1: Adding a configStep 2: Downloading the config

Afterwards, you will be presented with a popup to download the WireGuard configuration file.

Notice

Choose a very descriptive name for the configuration, as you will need to create a new configuration for each additional device you want to connect.

While it is possible to use the same configuration file on multiple devices, this is discouraged as then only one device will be able to connect at one time. Multiple devices sharing a config and being connected at the same time will lead to strange and unexpected behavior.

Download the generated configuration file and place it somewhere on your PC for later use.

Obtaining the client

After we obtained our configuration file we need to download the WireGuard client from the download page. This page is also linked within the dialog box where we obtained the configuration file.

Adding the config file

Having installed WireGuard on your device, add the previously obtained configuration file by clicking the + icon in the bottom left corner and choosing Import Tunnel(s) from File....

Step 1: Import the config fileStep 2: Activate the tunnelActive tunnel

With the tunnel imported, you can activate it. You will see the indicator changing to green when a connection is established.

As only the required traffic gets sent through the WireGuard tunnel, you can stay connected and still browse as normal.

Checking connected devices

The WireGuard Access Server's dashboard will also show you the activity of your connected devices. This way you can easily check which clients are currently connected if you have created multiple configuration files. From here you can also delete a client which will render the configuration file invalid.