Notice
This is the search page for the english version of the website. To search the german version of the website go to the german search page.
Filter
Installation:
- Download the installer "FortiClientVPN" (please only use this, never FortiClient) for your operating system from www.forticlient.com. If this download does not work, you can also download FortiClientVPN from the Downloads section of our RZ website after logging in.
- Install FortiClientVPN (Start the installation, accept the licence agreement and click on the "Next" button. Now click on "Next" again and then on "Install". At the end of the installation, click on "Finish").
- After the installation, you will see an icon "FortiClient" on your desktop and in your start menu.
Configuration:
- Open FortiClient and accept the terms again.
- Then click on "Configure VPN".
- Then enter "OTH-VPN" as the connection name. Please enter vpn.oth-aw.de as the remote gateway. Then click on "Save".
You can now connect to the VPN of the university.
Enter your user name and password and click on "Connect".
Now you are connected to the university via VPN.
To disconnect, click on the FortiClient icon in the taskbar (bottom right) and then select "Disconnect".
Known issues:
FortiClientVPN aborts connection with the message that the vpn gateway
would not be reachable. Solution: Open Internet options, click on the
"Privacy" tab, then on "Sites". Then enter vpn.oth-aw.de under "Website
address" and click on "Allow".
Install the ForticlientVPN from www.forticlient.com. If this download does not work, you can also download FortiClientVPN from the Downloadbereich of our RZ website after logging in.
You may have to uninstall the old Forticlient with the setup programme beforehand.
Configuration:
- Open FortiClient and accept the terms again.
- Then click on "Configure VPN".
- Then enter "OTH-VPN" as the connection name. Please enter vpn.oth-aw.de as the remote gateway. Then click on "Save".
Now you can connect to the university via VPN.
Forticlient for Linux can be found in the Downloadbereich
Configuration: Create a directory .fctsslvpn_trustca in your home directory and save the current certificate chain (Zertifikatskette) in this directory. Start ./fortisslvpn.sh for the first time as root and enter vpn.oth-aw.de as the server, in the field behind 443. Username and password as usual. Under Settings you can also save the configuration permanently. Now you can connect via VPN. If you have problems with the Forticlient in your Linux distribution, you can also try openfortivpn.
MAC iOS devices can also find the Forticlient in the APP store.
For Android you can also download an Android client via www.forticlient.com.
Alternatively, it is also possible to connect via openfortivpn via vpn.oth-aw.de. (Host:vpn.oth-aw.de, Port 443)
Software |
106 |
124 |
232 |
233 |
240 |
WTC 0.14 |
Acrobat Reader | x | x | x | x | x | x |
Adopt Open JDK (Java) | x | x | x | x | x | x |
AnatomyMap | x | x | x | x | x | x |
ANSYS Workbench | x | x | x | x | x | x |
anyLogistix | x | x | x | x | x | x |
Campus (UCAN) | x | x | x | x | x | x |
Citavi 6.14 inkl. Citavi-Picker | x | x | x | x | x | x |
Dassault CATIA V5 | x | x | x | x | x | x |
Eclipse IDE (2022-09) | x | x | x | x | x | x |
Enterprise Architect | x | x | x | x | x | x |
Factory I/O | x | x | x | x | x | x |
Faronics Deep Freece | x | x | x | x | x | x |
Faronics Insight | x | x | x | x | x | x |
Google Chrome | x | x | x | x | x | x |
ILOG | x | x | x | x | x | x |
Internet Explorer | x | x | x | x | x | x |
iPrint Client | x | x | x | x | x | x |
Java Dev. Edition | x | x | x | x | x | x |
Maple | x | x | x | x | x | x |
Maria DB | x | x | x | x | x | x |
MaxQDA | x | x | x | x | x | x |
Mendeley | x | x | x | x | x | x |
Micro Focus Groupwise | x | x | x | x | x | x |
Micro Focus OES Client | x | x | x | x | x | x |
MInitab | x | x | x | x | x | x |
Mozilla Firefox ESR | x | x | x | x | x | x |
MS Office Enterprise (Word, Excel, Power Point, Project, Visio) | x | x | x | x | x | x |
MSC Marc/Mentat | x | x | x | x | x | x |
MySQL client | x | x | x | x | x | x |
Notepad++ | x | x | x | x | x | x |
PalMill 5 | x | x | x | x | x | x |
Papercut | x | x | x | x | x | x |
plant Simulation | x | x | x | x | x | x |
PyDev (AddOn for Eclipse) | x | x | x | x | x | x |
Python | x | x | x | x | x | x |
Rapid Miner | x | x | x | x | x | x |
SAFE EXAM BROWSER | x | x | x | x | x | x |
SAP GUI (für SAP APO) | x | x | x | x | x | x |
Siemens NX inkl. TopOpt | x | x | x | x | x | x |
Sophos | x | x | x | x | x | x |
Splashtop | x | x | x | x | x | x |
SPSS | x | x | x | x | x | x |
STATA | x | x | x | x | x | x |
Stäubli SRS 2016.6.6 + Emulator s7.9.2 | x | x | x | x | x | x |
Tecnomatix | x | x | x | x | x | x |
Vistable | x | x | x | x | x | x |
VLC Player | x | x | x | x | x | x |
VMware | x | x | x | x | x | x |
Webots | x | x | x | x | x | x |
ZENworks Client | x | x | x | x | x | x |
Make sur you have a Internet connection.
If the GETEDUROAM app was installed please delete/remove the app and the saved WiFi.
1. Download the easyroam app: https://www.easyroam.de/winapp/easyroam.msix and install.
(if you dont have a Microsoft Store on your machine follow these instructions)
2. Start the Easyroam App. Usually a Browser will be opened.
3. In the WAYF (Where Are You From) locate Ostbayerische Technische Hochschule Amberg-Weiden and log in wit your OTH-AW Account.
4. After a successful login wird the main menu „Home“ will be
visible.After clickin on „install new profile“ a new easyroam profile
will be installed.
5. The new Profil will be shown as „valid“ in the main menu.
6. Wait a few Minutes for the configuration to finish.
Easyroam on Android
The easyroam app on ANDROID is downloadable from the Google Play Store: Easyroam
1. Delete the geteduroam app and also any existing eduroam profile. Download the easyroam app from the app Store and install.
2. Start the easyroam app.
3.There are two Ways to login either „Login through
Website“ or „Login using QR-Code“. Using „Login through Website“ youll
have to log in to WAYF (Where Are You From) see section 4. . If you have
a laptop or desktop at hand , you can login through portal at www.easyroam.de
and generate a QR code (valid 5 minutes), Which you can thenscan with
your easyroam app on your ANDROID Device. In this case you can skip
section 4. and install the Profile as shown under section 5. .
4.In the Search bar locate the DFN-AAI IdP Ostbayerische Technische Hochschule Amberg-Weiden and log in to your OTH-AW account.
5. Click on „Install new profile“to start the installation process for the new profile.
6. Click on „Confirm“.
7. Click on
„Allow".
8. The validity period for the certificate will be shown in green.
Shaould the easyroam Connection not work for once then pllease restart your devices WI-FI by turning it off and on again.
As long as there is a valid pseudocertificate on the device, the
device will log on regardless of operating system ANDROID oder iOS in
easyroam. A log in through the DFN-AAI IdP account is no longer neccessary. in the main menu by pressing
„Manage“ you can renew, install or revoke a certificate.
Through the button „Other profiles“ you can revoke profiles on other devices.
Einstellungen/Settings
Through Settings, it is possible to change to Fingerprint
verification,which is preventing unauthorized eduroam access on your
device. You can also configure the App to warn you if your Certificate
is abut to expire. Using „Reset this App“ you can revoke the certificate
that is installed on the device. After that you can follow the above
steps again.
My account
In the my account menu the logo of your organization (OTH-AW) should be
displayed . You can also check how many of your Profiles are in use and
how many can still be issued. The Status shows if your access to
easyroam is still active. It is possible that you can no longer issue
new Certificates, however the old ones might still be valid. Only the
easyroam admins of your organization may remove this restriction.
Please note. The name of the profile is not the name of the PKCS12 file. The name of the profile is used for the internal administration of the easyroam profiles. The name of the downloaded PKCS12 file is formed from the date and time of the generation of the PKCS12 file with the suffix .p12.
5. The CLI of openssl is used to extract the individual components such as the client certificate, the private key and the RootCA certificate:
Please note that Import Password of the .p12 - file is empty. When using openssl, pay attention to the wording: Enter Import Password with <return> acknowledge.
Client certificate:
openssl pkcs12 -in my_easyroam_cert.p12 -legacy -nokeys > easyroam_client_cert.pemPlease note, the -legacy option must be omitted here and in the following. Unfortunately, the use of the OpenSSL option is version dependent.
Private Key:
Please note, since the various network managers and the wpa_supplicant usually only accept password protected private keys, a password must be set during extraction. With the following command first Enter Import Password appears, so acknowledge with <Return>, then Enter PEM pass phrase appears: Here you enter a new password and remember it!
openssl pkcs12 -legacy -in my_easyroam_cert.p12 -nodes -nocerts | openssl rsa -aes256 -out easyroam_client_key.pemRootCA certificate:
openssl pkcs12 -in my_easyroam_cert.p12 -cacerts > easyroam_root_ca.pemThe .p12 at a glance:
openssl pkcs12 -info -in my_easyroam_cert.p12 -legacy -nodesThe certificate files can also be assembled with copy/paste. It should be noted that the private key must still be provided with a password.
6. There are indeed instructions on the net for configuring EAP-TLS on various network managers from the specified components. As an example, the CLI netctl on Archlinux is used to show how EAP-TLS and thus easyroam/eduroam can be configured on a Linux device. The following is required:
- netctl
- wpa_spplicant
- easyroam .p12 pseudo certificate
description='easyroam connection' Interface=wlan0 Connection=wireless Security='wpa-configsection' IP='dhcp' WPAConfigSection=( 'ssid="eduroam"' 'key_mgmt=WPA-EAP' 'eap=TLS' 'proto=WPA RSN' 'identity="76673789883214453797@easyroam.realm_der_einrichtung.tld"' # Hier muss der CN (Common Name) aus dem easyroam Pseudozertifikat stehen! 'client_cert="/etc/netctl/cert/easyroam_client_cert.pem"' 'private_key="/etc/netctl/cert/easyroam_client_key.pem"' 'private_key_passwd="FORYOUREYSEONLY"' 'ca_cert="/etc/netctl/cert/easyroam_root_ca.pem"' 'ca_cert2="/etc/netctl/cert/easyroam_root_ca.pem"' )Run the following command with root privileges:
netctl start easyroam
If easyroam shall be installed permanently run the following command:
netctl enable easyroam