MUNI Connection from Home (VPN)

Make sure you use only your UČO as a login. You can verify and set up your secondary password in the IS. 

When authenticating to some applications (MS Outlook, etc.), it is required that the Internet connection has specific requirements. The Network Connectivity Status Indicator service takes care of that. It evaluates the connection status. More information is here. Within the available OpenVPN configurations on IT MUNI, all traffic is routed to the VPN tunnel. The problem occurs in the absence of a default gateway for the TAP network adapter used.

The solution is to use a modified configuration that directs only traffic destined to the university network to the VPN tunnel. It leaves everything else routed within the local internet connection.

In case of forbidden access, an email explaining the reason was sent to you. If the password is functional and the account is not blocked, you need to reinstall OpenVPN.
If you are an employee, you must have your employment correctly registered in IS MU. If you are a student and you have ended / interrupted your studies, your access is canceled immediately, even if you live in the dormitory. If you have your study interrupted in order to work on your thesis, you can apply for a guest account. Your supervisor has to guarantee it - at least contact the IT ServiceDesk and confirm that you need the VPN to work.

Windows

For VPN issues, it is best to uninstall OpenVPN, remove old files, and install the current version.

1. First you need to turn off OpenVPN (right click on the system bar icon (bottom right)> quit)
2. Uninstall (Control Panel> Programs> Uninstall a Program) OpenVPN and Tap-Windows applications
3. Start File Explorer and delete the files from the following directories (not all must exist):
   C:\Program Files\OpenVPN\
   C:\Program Files\TAP-Windows\
   C:\Program Files(x86)\OpenVPN\
   C:\Program Files(x86)\TAP-Windows
   C:\users\%USERPROFILE%\OpenVPN\config\ (where %USERPROFILE% is the name of your user account on the PC)
4. Restart the computer
5. Download and install the OpenVPN package according to this manual

macOS

• If you have already tried to install a VPN and it wasn't successful, exit Tunnelblick, uninstall it, and delete any old installation and configuration files before the new installation. Download everything again according to these instructions.
  If you already had a VPN for macOS installed on your computer, some windows may not appear, and some parts of the installation process may no longer be required.
• Follow the instructions for VPN configuration for macOS.

Verify that your device can connect in the university network. If you can connect at MU, but not outside MU, contact your ISP to enable OpenVPN, or you can try to connect via https by replacing the muni.ovpn configuration file with the muni-https.ovpn configuration file available on the page for special faculty VPN servers.

The connection is blocked probably by the Great Chinese Firewall. We do not want to correct this situation because the use of OpenVPN can be illegal under Chinese law, and we do not want to expose our users to the risk of legal recourse by the Chinese authorities. See the article about VPN blocking by the Chinese firewall.

In case of a default Fedora 18 or higher installation, SELinux may block OpenVPN access to the necessary certificates, making OpenVPN impossible to connect. Remediation is simple: copy the necessary certificates into /etc/openvpn/keys and restore the selinux context. If you have downloaded certificates from this site to your home directory, do the following in the terminal:

sudo mkdir /etc/openvpn/keys 
sudo mv ~/tcs-ca-bundle.crt /etc/openvpn/keys 
sudo restorecon -Rv /etc/openvpn 
sudo service openvpn restart

If the following error occurs while connecting to the VPN:

it is possible that IPv6 is not enabled on your device. IPv6 is checked through the registry key "HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents".

To enable IPv6 for all interfaces:

1. Open regedit and navigate to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents.
2. Set the key to rank 0x0.
3. Close regedit.
4. Restart the system.

In case you do not want to fight with registers settings, please contact ServiceDesk ICS.