MUNI Connection from Home (VPN)


Common Problems

Wrong Password

Make sure you use only your UČO as a login. You can verify and set up your secondary password in the IS. 

I Can't Log in to MS Applications (Teams, O365) with OpenVPN Enabled

When authenticating to some applications (MS Outlook, etc.), it is required that the Internet connection has specific requirements. The Network Connectivity Status Indicator service takes care of that. It evaluates the connection status. More information is here. Within the available OpenVPN configurations on IT MUNI, all traffic is routed to the VPN tunnel. The problem occurs in the absence of a default gateway for the TAP network adapter used.

The solution is to use a modified configuration that directs only traffic destined to the university network to the VPN tunnel. It leaves everything else routed within the local internet connection. This is the so-called split tunneling.

Forbidden Access to VPN

In case of forbidden access, an email explaining the reason was sent to you. If the password is functional and the account is not blocked, you need to reinstall OpenVPN.
If you are an employee, you must have your employment correctly registered in IS MU. If you are a student and you have ended / interrupted your studies, your access is canceled immediately, even if you live in the dormitory. If you have your study interrupted in order to work on your thesis, you can apply for a guest account. Your supervisor has to guarantee it - at least contact the IT ServiceDesk and confirm that you need the VPN to work.

Reinstallation of OpenVPN

Windows

For VPN issues, it is best to uninstall OpenVPN, remove old files, and install the current version.

  1. First you need to turn off OpenVPN (right click on the system bar icon (bottom right)> quit)
  2. Uninstall (Control Panel> Programs> Uninstall a Program) OpenVPN and Tap-Windows applications
  3. Start File Explorer and delete the files from the following directories (not all must exist):
    C:\Program Files\OpenVPN\
    C:\Program Files\TAP-Windows\
    C:\Program Files(x86)\OpenVPN\
    C:\Program Files(x86)\TAP-Windows
    C:\users\%USERPROFILE%\OpenVPN\config\ (where %USERPROFILE% is the name of your user account on the PC)
  4. Restart the computer
  5. Download and install the OpenVPN package according to this manual

macOS

  • If you have already tried to install a VPN and it wasn't successful, exit Tunnelblick, uninstall it, and delete any old installation and configuration files before the new installation. Download everything again according to these instructions.
    If you already had a VPN for macOS installed on your computer, some windows may not appear, and some parts of the installation process may no longer be required.
  • Follow the instructions for VPN configuration for macOS.

Cannot Connect from outside the University

Verify that your device can connect in the university network. If you can connect at MU, but not outside MU, contact your ISP to enable OpenVPN, or you can try to connect via https by replacing the muni.ovpn (C:\programfiles(x86)\openvpn\config\muni.ovpn) configuration file with the muni-443.ovpn configuration file available on the page for special faculty VPN servers.

Electronic Sources are Still Unavailable

One of the most common reasons is that the OpenVPN client needs administrator privileges for proper functionality. So, if everything seems to work at first glance, but university electronic sources are still unavailable, it's often a problem that the application does not start with admin rights. If you are connecting to faculty VPN servers, the problem may occur if the electronic sources are available through IPv6. In this case, you access the electronic sources from your home network with IPv6 and the access to the sources is therefore rejected (because it is only possible from the university IPv6 addresses). A temporary solution can be to shut down the IPv6 protocol on your computer. We work to solve the problem.

Connection from China

The connection is blocked probably by the Great Chinese Firewall. We do not want to correct this situation because the use of OpenVPN can be illegal under Chinese law, and we do not want to expose our users to the risk of legal recourse by the Chinese authorities. See the article about VPN blocking by the Chinese firewall.

SELinux blocks OpenVPN on Fedora

In case of a default Fedora 18 or higher installation, SELinux may block OpenVPN access to the necessary certificates, making OpenVPN impossible to connect. Remediation is simple: copy the necessary certificates into /etc/openvpn/keys and restore the selinux context. If you have downloaded certificates from this site to your home directory, do the following in the terminal:

sudo mkdir /etc/openvpn/keys 
sudo mv ~/tcs-ca-bundle.crt /etc/openvpn/keys 
sudo restorecon -Rv /etc/openvpn 
sudo service openvpn restart

IPv6 Settings Error (netsh.exe interface ipv6 set address)

If the following error occurs while connecting to the VPN:

NETSH: C:\Windows\system32\netsh.exe interface ipv6 set address Local Area Connection 2 2402:b300:100:aafc:4000:1234:0:1000 store=active
ERROR: netsh command failed: returned error code 1

it is possible that IPv6 is not enabled on your device. IPv6 is checked through the registry key "HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents".

To enable IPv6 for all interfaces:

  1. Open regedit and navigate to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents.
  2. Set the key to rank 0x0.
  3. Close regedit.
  4. Restart the system.

In case you do not want to fight with registers settings, please contact ServiceDesk ICS.

If you still can not connect and do not know what the problem is, contact the IT ServiceDesk.
Or you can visit us in the University Computer Centre (CPS) at Komenského náměstí 2, Brno.