Answer comes 5 years late, lol. Anyway, posting this in english so more people can benefit from the solution.
Its really really simple, today I got pissed (again) at the TUHH/RZ for this bullshit nonsense with the VPN (and lack of support for Linux). Dreamspark is non-existent, its no longer possible to obtain a Windows OS license at our TU. This isn't the case with other universities (eg Uni Hamburg) and I dont fully understand the reasons for this. But if you cant offer Windows, at least support a proper (non-hipster bs) free OS.
Cant compile the old Cisco VPN client and afaik AnyConnect wont run on a 64bit linux distro either. Hence Openconnect.
-------------------------------
Im running 64bit Mint 17 (Cinnamon).
Download the TUHH rootcert and profile from here:
(Cant post URL due to forum restrictions)
TUHH Rechenzentrum website > VPN Service > VPN Profile >
>
vpn-profile-rootcert.TUHH-Hybrid.zip
(requires Web VPN login, use your credentials)
Extract the files somewhere. The ones we need are:
TUHH-VPN-rootcert.pem - the CA root certificate
TUHH-Hybrid.pcf - file with the configuration
----------------
# install openconnect
sudo apt-get install openconnect network-manager-openconnect
# if vpnc option is missing under Network Connections / Add / VPN:
sudo apt-get install network-manager-vpnc-gnome
Go to Network connections > Add connection. From the connection type dropdown navigate to VPN > "Cisco Compatible VPN (vpnc)". Hit Create.
On the window that appears there are 3 tabs (for me). The necessary values you can get from the config file (TUHH-Hybrid.pcf)
-VPN tab:
Gateway = casg.rz.tu-harburg.de
Host=casg.rz.tu-harburg.de (corresponding line in the config file)
User name = #your username e.g.
abxy1225
User password = #your password
Group name = TUHH-Hybrid
GroupName=TUHH-Hybrid
Group password = TUHH-Hybrid
#
(I guess its not a secret..)
GroupPwd=TUHH-Hybrid
Check "Use hybrid auth"
checkbox!
CA File: Browse to the rootcert file and select it.
e.g. linux-install-TUHH-VPN-rootcert.sh
-Advanced tab:
#again, check the latest config file to make sure that there are no changes
Domain: leave empty
Vendor: Cisco(default)
Version: leave empty
Encryption Method: Secure (default)
NAT traversal: NAT-T when available
IKE DH Group: DH Group 5
Perfect Forward Secrecy: Server
Local port: 0
------------------------------------------
This should be similar for other Debian x64 distros.
Edit: Great, I can't post URL's even when they are to the RZ's website.
Edit 2: If for any reason the VPN fails to start on the next system boot, check if you haven't added the certificate file from a flash stick or something (
). If the CA file is missing then that's the cause. Put it somewhere on your file system and add it again to the VPN connection.
