VPN AnyConnect

Virtual Private Network (VPN) technology allows remote users to access resources that are otherwise only available on campus. A secure connection is established and data traffic is tunneled encrypted through the public internet.  The remote computer is assigned an IP address from the Garching MPG campus address range, virtually extending the campus network to the remote user.

VPN Server (Gateway)

A new VPN service has been deployed based on Cisco AnyConnect technology:
vpn.mpcdf.mpg.de (only reachable from outside the Garching MPG campus or eduroam)

The old VPN server 130.183.203.254 (L2TP/IPSec) with the corresponding clients (Shrew Soft, vpnc) was taken out of service on 02/28/2019.

Connection Profiles (Groups)

After connecting to vpn.mpcdf.mpg.de, you will be offered a selection of groups to chose from.

AllUsers can be used by all users with a MPCDF (Kerberos) account same as the old VPN service.

The MPCDF and IPP groups authenticate against their respective Windows Active Directory. They will assign addresses from dedicated ranges which might be required for specific services such as the IPP intranet.

By default, all traffic is sent through the VPN tunnel once the secure connection has been established.
Using the SplitTunnel profiles, you can elect to only send traffic to the Garching MPG campus (130.183.X.X) through the tunnel, while all other traffic is sent through your normal local router.

For the best security, we recommend always using the normal, fully tunneled profiles unless you have a specific reason not to.

Desktop and Notebook (Windows, Mac OS X, Linux)

To set up the VPN on your computer, just point your browser to
https://vpn.mpcdf.mpg.de

Please note that this and the VPN in general only works from outside the Garching MPG campus or from the guest network (eduroam).

VPN AnyConnect Login

Once logged in, the client for your operating system will be available for download together with futher instructions and screenshots. On the first connection, enter vpn.mpcdf.mpg.de as the server.

Linux (futher information & troubleshooting)

The Cisco AnyConnect client will generally work well under most Linux distributions. After the client has been installed, you should be able to find it in your Applications menu. Alternatively, you can also start it on the command line:

/opt/cisco/anyconnect/bin/vpn connect vpn.mpcdf.mpg.de

Futher documentation for Linux is available here.

Mobile Devices (Android and iOS)

You can install the Cisco AnyConnect client direcly from the app stores.

 

Technical Details (Ports and Firewalls)

The AnyConnect VPN client communicates with the server via port 443 same as a normal web browser. Generally, no special firewall rules should be necessary.

Please note that the VPN server is only reachable from outside the Garching MPG campus or the guest networks (eduroam).

At the moment IPs are assigned to clients from the following ranges:

    MPCDF:    130.183.212.8   - 130.183.212.62  (130.183.212.0/26)
    AllUsers: 130.183.212.65 - 130.183.212.126 (130.183.212.64/26)
    IPP GAR: 130.183.212.129 - 130.183.212.191 (130.183.212.128/26)
    IPP HGW: 130.183.212.192 - 130.183.212.223 (130.183.212.192/27)

In case you want to whitelist those IPs in your services please note that while the assignment of the IPs mentioned above will not change, the ranges may be extended in the future depending how much the individual groups are used.

Document Actions