Cisco AnyConnect VPN Client

Please use Cisco AnyConnect Client to establish VPN access to TU Darmstadt's network. VPN operates by using ore recent network technologies, which is why it will be replacing other methods in the near future.

General Questions

An alternative client is OpenConnect (http://www.infradead.org/openconnect). According packages are offered for conventional Linux distributions. Ports for Windows and MacOS X are also available. Linux allows you to enable a connection with “sudo openconnect https://vpn.hrz.tu-darmstadt.de”. You can also use NetworkManager's GUI.

Unfortunately, we are not able to provide support for this software.

However, HRZ's helpdesk “Benutzerberatung” can assist you in terms of installation. At their location you will find a computer that is equipped with several virtual distributions for demonstration purposes.

Passwords should only consist of letters from ( a-z , A-Z ), numbers and the following special characters:“ $ % & ‘ ( ) * + , – . / : ; < = > ? @ [ \ ] _ { }. Passwords should not contain an umlaut: ( ä ö ü Ä Ö Ü ). The reason for this is that several operating systems are not able to process these correctly. In this case passwords are recognized as incorrect.

  • Terminated installation
    • Error message: “VPN client agent was unable to create the interprocess communication depot”
    • Reason: It is possible that settings regarding the joint usage of Internet connections are causing problems concerning the network interfaces.
    • Solution: deactivate this feature.
    • 1. “Start --> control panel --> network and Internet --> network and sharing center”
    • 2. “Change adapter settings”
    • 3. Select an adapter by right clicking it.
    • 4. Make sure to remove the setting that allows other users to use this computer connection for Internet access in terms Internet connection sharing.
    • 5. Confirm these changes and click “OK”.
    • 6. Complete this entire process for all further adapters you are using.

SMTP port (Port 25) is blocked for TU Darmstadt's entire network since the 25th of September, 2007. This entails that emails can no longer be sent beyond TU's network directly. Mail gateways need to be used instead.

You can log in via WiFi by using TUDWeb. However,eduroam is not going to work in this situation. Please set up a new password and pay attention to upper and lower case letters.

password manager

This message means that Cisco AnyConnect VPN service is currently not running. This could be caused by Windows boot accelerator software. These modifications might influence the rebooting process of Windows services in a ways that are no longer supported.

For example, such problems were caused by Lenovo Rapid Boot. Please uninstall this kind of software to solve the problem at hand.

AnyConnect Client verifies the certificates of remote stations. If you are only receiving a notification regarding this error while being at certain locations (e.g. hotels, hotspots etc.), then network access is terminating your SSL connection. This situation does not provide secure transmission, which is why you should proceed by using a different source for Internet access.

In case you are receiving notifications concerning this error regardless of what kind of Internet access you are using, please make sure that Telekom's certificates are installed on your device. Also, check whether you entered “vpn.hrz.tu-darmstadt.de” correctly.

If you are still experiencing problems after trying to problem solve as explained in the preceding steps, please use AnyConnect Secure Mobility Client's tool for troubleshooting.

In order to generate the document that needs to be send for system diagnosis, please do as follows.

1. Open Cisco AnyConnect Secure Mobility Client.

2. "Start -> all programmes -> Cisco -> Cisco AnyConnect Secure Mobility Client -> Cisco AnyConnect Diagnostics and Reporting Tool

3. Do not change any of the default setting and proceed

4. In order to generate and send the document, you need to chose the email package or send the document by using your preferred email programme. You may also use the inbox: netzbetrieb@hrz.tu-darmstadt.de.

Since 2015's February Patchday it is possible that a connection may cause an error message that notifies you of a failed connection system or subsystem initialisation.

This problem can be avoided by activating a compatibility mode for the programme “vpnui.exe”. The according method is described here. Microsoft and Cisco are working on fixing this problem.

Meanwhile Microsoft has issued a FixIt for KB3023607.

Before upgrading you should be sure to switch to AnyConnects current version. Connect to VPN gateway and execute the according update.

If there are any further problems after this update, please uninstall AnyConnect Client completely.