VPN (Virtual Private Network)
Use VPN technology to establish a safe, encrypted connection to Heidelberg University's network from anywhere in the world. This is particularly useful when you are travelling or working from home, as you can establish secure access to internal university IT services that are blocked from the outside world for security reasons. After connecting your device to the internet, you can start your VPN client to encrypt your connection.
The URZ supports the Cisco AnyConnect VPN Client, which students, doctoral candidates, and employees can download for free. It can be used to connect to the university's VPN server. When downloading the VPN client, you will be asked to enter your Uni-ID (or the account information for your project account). If you have problems or need further instructions, please consult the VPN how-tos (see how-to box below) or contact our IT-Service.
We highly recommend using the VPN client when you are connected via unencrypted Wi-Fi hotspots or when you are accessing eduroam at any institution other than Heidelberg University.
Frequently asked questions (FAQ)
IT services that can be accessed without a VPN should be used without one in order to free up more possible VPN bandwidth.
The majority of IT services used, e.g., for collaboration and digital education (Moodle, heiCONF, heiCHAT, ...) are accessible from any location and can be used without a VPN. For video conferencing or video streaming, it is advisable to forego using a VPN connection, since these services are sensitive to bandwith fluctuations. Many of the IT services offered by the University Computer Center are already encrypted with the communication protocol https, thus access is already secured according to the normal safety standards.
This type of configuration is called "split tunnelling". You can set it up yourself by entering an extended user name: Use the following user name, replacing <Uni-ID> with your Uni-ID (e.g., xy123),
and your regular password.
You can also download and install the Cisco AnyConnect client manually. The installation files are located in this license folder [The link is currently broken - we are working on a short-term replacement!] sorted by operating system. After this manual installation you will have to enter the server address vpn-ac.uni-heidelberg.de in the field next to the "Connect" button.
Then enter your Uni-ID and password in the corresponding fields.
When the VPN connection is active, all data is transferred through an encrypted connection ("tunnel") to the URZ. If you wish to have access to a network printer in the local network, activate the option "Allow local (LAN) access when using VPN (if configured)" in the settings (accessible via the gear symbol).
Please discuss this with your supervisor and your local network or IT representative.
Essentially, a remote service (RDP, VNC, SSH) must be activated for a suitable port on the office computer and the local firewall must be configured accordingly. The energy settings must prevent the computer from shutting down or going to sleep mode. The latest updates and security features on the computer should be installed; all passwords of permitted users on the computer should be strong, e.g., meet the password guidelines of the URZ. To connect, you will need to write down
- the name or IP address of your computer,
- the port on which the remote service is active,
- and the user ID and password used for accessing your office computer.
From home, first start VPN and then the client software with which you want to access the computer remotely.
A more detailed manual for Windows/RDP is in preparation and will be linked here.
For the purpose of technical optimization, up to three connections are established, between which the system sometimes switches back and forth. This usually happens due to the particularities of the connection from your location to the server in the URZ. If this problem does not subside after a minute and keeps reappearing, please inform the IT-Service.
The VPN server provides all users with a fixed bandwidth, which according to our tests is sufficient for even more data-intensive purposes such as video conferences. The number of users and the connection load is currently (as of 25 Mar 2020) far below the possible limit.
For video calls and video conferences (as well as all other IT services that can be accessed without a VPN connection) it is recommended to deactivate the VPN connection to free up the VPN bandwidth.
Since 2016, Cisco no longer offers a 32-bit version of AnyConnect. Please use the free alternative client openconnect for your distribution's software repositories.