Recently, an additional input field with the text "Bitte zweiter Faktor eingeben (OTP) / Please enter second factor (OTP)" has appeared during VPN login.
What does this mean? | This is the required additional input of a "time-based one-time password" ((T)OTP) for two-factor or multi-factor authentication (2FA/MFA). |
I haven't set up MFA yet, but you can only access the MFA page with VPN. What can I do? | Please contact our IT Service. |
Should I always use the VPN when I am working outside of the University network? | When working for the university from outside, VPN should be activated if possible.
In view of the increase in attempted attacks on internal services, more of these services have been offered in the recent past and will only be offered "within the university" in future, meaning that they can only be used from outside with a VPN connection. |
The automatic installation on the vpn-ac website is not working. What can I do? | Problem with login? A one-time password (2FA/MFA/token) is now also required here.
Problem downloading? Please contact our IT Service, stating your operating system. You will be sent a download link. |
How do I get the setup client for AnyConnect for Windows ARM64 or Linux ARM64? | Unfortunately, the download via the download portal is probably failing because the browser is not transmitting the operating system (OS) correctly. Please submit a support request using the linked contact form for IT Services or, alternatively, send an email to IT Services from your university email address. | |
How do I access a network computer on the local network? | When you have an active VPN connection, all data is transferred through an encrypted connection to the URZ. If you wish to, for example. access a network computer on the local network, activate the option “Allow local (LAN) access when using VPN (if configured)” in the AnyConnect Advanced Window (gear icon on the bottom right). |
I would like to remotely access my office computer from home. How do I set this up? | The general recommendation is to organise the data storage in such a way that you can also access the data from the remote workstation.
In principle, a corresponding service (RDP, VNC, SSH) must be activated on a suitable port on the office computer in consultation with the IT coordinator and the local firewall must be adjusted. The energy-saving settings of the operating system must be configured so that the computer does not shut down or fall asleep; alternatively, Wake-on-LAN may also be used.
Updates and protection devices on the computer should be up-to-date; all passwords of authorised users on the computer should be strong, e.g. comply with the password rules of the URZ. Make a note of the name or IP address of your computer, the port on which the service is active and the user ID and password for accessing your office computer.
From home, first start the VPN and then the client software with which you want to access the computer.
More detailed information, especially on Windows/RDP, can be found in the Sharepoint section for IT coordinators. |
Directly after logging in, multiple new connections are reported. Why does this happen? | For technical optimization, up to three connections are established, and the system sometimes switches back and forth between these connections. This is usually due to peculiarities of the route from your location to the server in the URZ. When this issue does not subside after a minute and keeps happening, please inform the IT Service. |
I am experiencing frequent disconnections. Is there anything I can do to improve this? | Using the gear icon in the VPN client, activate the option “Enable automatic VPN reconnect.” If you are experiencing problems persisting past the first minute after logging in, please inform the IT Service. |
I have a much better connection bandwidth without the VPN. Is the VPN server overloaded? | The VPN server provides all users with a fixed bandwidth, which is sufficient for even more data-intensive purposes such as video conferences according to our tests. The number of users and the connection load is currently (as of 15.12.2023) far below the possible limit. |
Only data to and from the University should sent via the VPN; everything else should use my own internet connection. How do I set this up? | This configuration is called "split tunneling". You can set it up yourself by entering an extended username: Use the following username
<Uni-ID>@split.uni-heidelberg.de
and your usual password. |
I want to have a video conference, but the audio/video quality isn't very good. Is this due to the VPN? | If you have problems, you can try whether it improves without the use of a VPN. In most cases, the problems lie elsewhere (different browser, browser restart, server side). |
Is there a VPN client for 32-bit versions of Linux? | Cisco discontinued support for the AnyConnect Client for 32-bit systems in 2016. Windows and MAC OS systems with only 32 bit are outdated and should no longer be used. For Linux-based systems, the use of the free client "openconnect" from the package sources of your operating system may help. |
Does the URZ support the free VPN client openconnect? | We generally recommend using the "Cisco Secure Client" ("AnyConnect") that matches the server. For resource reasons, we can only support this one cross-operating system client.
You are also welcome to make an enquiry about this to the IT service; however, we ask for your understanding if such an enquiry cannot be answered quickly or in sufficient detail. |
Openconnect with NetworkManager used to work without any issues, but since the introduction of 2FA/MFA there have been problems. | This works with newer versions of NetworkManager, e.g. in Debian12.
If the GUI does not yet work properly in your distribution, you can also establish the VPN connection in the command line:
openconnect --protocol=anyconnect --useragent='AnyConnect' vpn-ac.uni-heidelberg.de
(In some cases, "sudo openconnect..." also helps). |
How can I gain access to a network printer or other devices in the local network (LAN)? | If you want to access a network printer or another device on LAN (local network directly connected to your computer), you can set this up in the VPN client by selected “Advanced Window” (gear icon)... > Preferences > check “Allow local (LAN) access when using VPN (if configured)” |
How can I uninstall Cisco AnyConnect on Mac? | To uninstall, please use the “Uninstall AnyConnect” program, which is located in the “Cisco” folder in the program folder.
Note: Please do not try to remove the client from the program folder using the usual Mac deletion process, as this will result in an incomplete uninstallation. |
Why can't I save the password in the "Cisco Secure Client"? | The software provider wants to offer a security solution,
and storing the password in the user's operating system is not an option.
However, if you set up your own "automatic login",
please include a pause in the "login script";
otherwise in the event of problems (or if the account expires) such scripts will generate
a large number of incorrect login attempts in our logs,
without the user noticing and without us being able to report it. |
