Frequent questions and problems

Troubleshooting

The Cisco AnyConnect VPN Client cannot reach the VPN server!
If you already followed the instructions of [faq2], you can do a simple connection test with ping. On GNU/Linux and MacOS X open the shell of your choice, on Windows open the "MS-DOS command line", which can be started with Start → run → cmd.

The address of the VPN server is currently any1.rz.tuhh.de, which can be pinged from outside of the TUHH and from the TUHH Wi-Fi; for tests from inside the TUHH network you need to use the Backup-VPN address: vpn.tu-harburg.de. The following example shows a ping on GNU/Linux (Windows analog):

tux@tuhh> ping any1.rz.tuhh.de
PING any1.rz.tuhh.de (134.28.204.181) 56(84) bytes of data.
64 bytes from 134.28.204.181: icmp_seq=1 ttl=126 time=1.89 ms
[..]

In this example the VPN server is reachable. If your output looks the same, you should start troubleshooting in the (personal) firewall and other configurations on your computer. You can also use our WebVPN Dienst to check if a connection can be established.

If the ping cannot reach the VPN server, the troubleshooting should start at the network connection. Maybe the ping request was interrupted on its way; establishing a connection with the VPN server should be possible in this case anyway. The reasons for this are many. Try for an instance if a ping can reach our DNS server, if the any1.rz.tuhh.de domain name could not be resolved into a IP address:

tux@tuhh> ping 134.28.202.14
PING 134.28.202.14 (134.28.202.14) 56(84) bytes of data.
64 bytes from 134.28.202.14: icmp_seq=1 ttl=126 time=1.89 ms
[..]

If the ping test did not result in a positive output, the error probably lies within the network configuration and the nameserver resolution (DNS). In your Wi-Fi you need to use DHCP for the DNS settings.

Literature research

With our VPN Service students are able to access literature which would be usually behind a Paywall. We recommend using the TU-library search rather than the publishing websites. Thus, you don't accidentally find books, which are not licensed by us.

Ports

Members of the university are in the TUHH intranet after logging in. For security reasons, the following restrictions still apply when accessing the Internet:

• Unencrypted access to exteral e-mail server (TCP Port 25) is not allowed.
• TCP ports 135, 139 and 445 are blocked.
• UDP ports 137, 138 and 445 are blocked.

The AnyConnect Client uses the SSL/TLS protocol to encrypt data. These data are transported over TCP/UDP port 443.

Frequently Asked Questions (FAQ)

• [faq1] What is a VPN?
  VPN stands for "Virtual Private Network" and is used for secure communication between to nodes through an encryption method. More information can be found at Wikipedia.
• [faq2] I am connected to the TUHH Wi-Fi or to a LAN port at the notebook workspaces and the VPN Client does not establish a connection with the VPN server.
  Check if your IP address is originating from our Wi-Fi Network. This may not be the case if you incorrectly configured your Wi-Fi connection. In some cases it may also be possible that active personal firewalls discard DHCP packages, which will result in an incorrect IP address.
• [faq3] I am not on the TUHH campus an would like to download the Cisco AnyConnect VPN client.
  Because the Cisco AnyConnect VPN client obliges strict US export restrictions, we are only allowed to offer the download to members of the TUHH. To download the Cisco AnyConnect VPN client from external , use our WebVPN Gateway. This way, we ensure authentication of TUHH members.
• [faq4] Is there a possibility to securely connect to the TUHH, without using the VPN service?
  Yes. The RZT offers a SSH entry server, on which you can find your user directory or to which you can establish a SSH tunnel or a SocksV5 proxy. The SSH server is also reachable from our Wi-Fi without a VPN client. For more information about OpenSSH please read the SSH Manual. For GNU/Linux there is a manual for the SSH tunnel. A SocksV5 proxy only enables access to the TUHH intranet; with the SSH tunnel solution, you can surf worldwide!
• [faq5] How can I verify, that the software comes from the TUHH?
  The RZT signs every windows software, that they offer, with a digital signature. When you run a program, you will see that the verified publisher of that software is the Technische Universitaet Hamburg.
  
• [faq6] Which instruction for macOS should I use to set up my VPN?
  We currently offer the Cisco AnyConnect Client and an VPN profile which uses the built-in VPN feature of macOS.
  In times of COVID-19 we suggest the use of the AnyConnect client. With the help of this tool the network load can be controlled. Therefore, video conferences will be excluded from the VPN to prevent any stutter.
• [faq7] Which settings does the native VPN client for iOS use?
  It uses IPSec with the IP protocol type ESP, UDP port 500, NAT-T 4500 and NAT-T 10000.
• [faq8] Is there any alternative to the native iOS VPN client?
  You can also use the official Cisco AnyConnect app from the Apple App Store. Configured with gateway any1.rz.tuhh.de a tunnel via TCP and UDP over port 443 will be established. Keep in mind that you need to insert your password every time you want to connect to the VPN.
• [faq9] Can I use multiple VPNs at once?
  Only use one VPN at a time please.
Go to Windows specific FAQs