VPN AnyConnect

Virtual Private Network (VPN) technology allows remote users to access resources that are otherwise only available on campus. A secure connection is established and data traffic is tunneled encrypted through the public internet.  The remote computer is assigned an IP address from the Garching MPG campus address range, virtually extending the campus network to the remote user.

VPN Server (Gateway)

A new VPN service has been deployed based on Cisco AnyConnect technology:
vpn.mpcdf.mpg.de (only reachable from outside the Garching MPG campus or eduroam)

Alternative VPN Server (Gateway)

Because of high usage due to COVID-19, a second VPN server has been set up:
vpn2.mpcdf.mpg.de (only reachable from outside the Garching MPG campus or eduroam)

Please note that the configuration is different in a few respects from the one described on this page. You can find more information about it here.

Connection Profiles (Groups)

After connecting to vpn.mpcdf.mpg.de, you will be offered a selection of groups to chose from.

AllUsers can be used by all users with a MPCDF (Kerberos) account.

The MPCDF and IPP groups authenticate against their respective Windows Active Directory. They will assign addresses from dedicated ranges which might be required for specific services such as the IPP intranet.

By default, all traffic is sent through the VPN tunnel once the secure connection has been established.
Using the SplitTunnel profiles, you can elect to only send traffic to the Garching MPG campus (130.183.X.X) through the tunnel, while all other traffic is sent through your normal local router.

For the best security, we recommend always using the normal, fully tunneled profiles unless you have a specific reason not to.

Desktop and Notebook (Windows, Mac OS X, Linux)

To set up the VPN on your computer, just point your browser to
https://vpn.mpcdf.mpg.de

Please note that this and the VPN in general only works from outside the Garching MPG campus or from the guest network (eduroam).

VPN AnyConnect Login

Once logged in, the client for your operating system will be available for download together with futher instructions and screenshots. On the first connection, enter vpn.mpcdf.mpg.de as the server.

Linux (futher information & troubleshooting)

The Cisco AnyConnect client will generally work well under most Linux distributions. After the client has been installed, you should be able to find it in your Applications menu. Alternatively, you can also start it on the command line:

/opt/cisco/anyconnect/bin/vpn connect vpn.mpcdf.mpg.de

Futher documentation for Linux is available here.

Mobile Devices (Android and iOS)

You can install the Cisco AnyConnect client direcly from the app stores.

 

Technical Details (Ports and Firewalls)

The AnyConnect VPN client communicates with the server via port 443 same as a normal web browser. Generally, no special firewall rules should be necessary.

Please note that the VPN server is only reachable from outside the Garching MPG campus or the guest networks (eduroam).

At the moment IPs are assigned to clients from the following ranges:

    MPCDF:    130.183.212.8   - 130.183.212.62  (130.183.212.0/26)
    AllUsers: 130.183.212.65 - 130.183.212.126 (130.183.212.64/26)
    IPP GAR: 130.183.212.129 - 130.183.212.191 (130.183.212.128/26)
    IPP HGW: 130.183.212.192 - 130.183.212.223 (130.183.212.192/27)
    Reserved: 130.183.213.1 - 130.183.215.255 (allocated as needed)

In case you want to whitelist those IPs in your services please note that while the assignment of the IPs mentioned above will not change, the ranges may be extended in the future depending how much the individual groups are used.

Document Actions