Navigation auf


Central IT

External Access to the Network (VPN)

Authentication is not equal to encryption. On public networks you authenticate with a password, but the data traffic remains unencrypted. A "UZH Virtual Private Network (VPN) connection" is used to encrypt public connections so that UZH members outside the UZH buildings have secure access to the UZH network, just as if they were sitting in the middle of it, just as if they were connecting directly to the UZH network.

You do not need any additional software to establish a VPN connection. All you need is an existing Internet connection and an active network connection configured with UZH-specific (encryption) parameters, as described below step by step.

ATTENTION: New shared secrets have been set for VPN, which must be changed at regular intervals. If you want to change the shared secret only, you will find instructions here: Change Shared Secret

show all

Managed Clients by the Central IT - VPN configuration

Windows / macOS

For the digital workstations managed by the ZI, it is sufficient to install the "UZH VPN" in the Software Center.

Institute owned or BYOD-Computers

Windows - VPN configuration

1.) Open the Network and Sharing Center in the Control Panel

With Windows 10 and 11, you need to go to the classic Control Panel view to successfully create a VPN connection.


Call the Network and Sharing Center via...

  • key combination 'Windows key' + 'R', type 'control panel' and click 'Enter'.
  • Mouse: Windows Start > context menu command 'Run' > enter 'control panel' > OK

(If "Network and Internet" appears, please set the view by 'Small icons'.)

2.) Create new adapter


Select ...

  • 'Set up new connection or network.'
  • 'Connect to the workstation.' Click Next and ...
  • 'Use my Internet connection (VPN)'.

3.) Specify Internet address (server) and name

  • Internetadress: or
    ( does not work here because load balancing is not supported by the L2TP client).
  • Target name: Enter any descriptive name for the VPN connection (e.g. UZH VPN).
  • Finally click on 'Create'.

4.) Call up (connection) properties


Go back to the "Network and Sharing Center" (see point 1), click on "Change adapter settings" in the left selection and select the context menu command "Properties" (right click with the mouse) of the adapter you have just created.

5.) Set VPN type & authentication

  • Click on the "Security" tab.
  • VPN type: "Layer 2 tunneling protocol with IPsec (L2TP/IPSec)".
  • Authentication: "Allow the following protocols" > "Unencrypted password (PAP)".
  • Click on the "Advanced Settings" button.

6.) Specify advanced properties (group key)

  • Select the option "Use pre-installed key for authentication".
  • Key (shared secret): group password of the UZH connection profile ALL
    (see  Remote Access-VPN-Profile).
  • Confirm all windows with "OK".

Congratulations! You have successfully established the VPN connection.

7.) Open and establish VPN connection

  • Click on the network icon in the Windows taskbar (usually in the lower right corner) (1).
    and select the VPN connection you just set up (e.g. "UZH_VPN") (2).
  • Alternatively, in the network connections (adapter settings), double-click the VPN connection you just set up (1) and select it in the page list that appears
  • Click on "Connect". (3)
  • Log in with your user name (short name) and Active Directory password (4).
  • Confirm with OK (5).

Mac OS X - VPN configuration

1.) Open system settings

VPN Mac Apfelmenue
  • Open the system settings via the apple menu.

2.) Open Network Settings

VPN Mac Systemeinstellungen Netzwerk
  • Find and open the "Network Settings".

3.) Create new connection

VPN Mac neue Verbindung
  • Click on the "+" (plus sign) at the bottom left.
        (If greyed out, click on the padlock at the bottom to disable the security mechanism).

4.) Select port, type and name

VPN Mac Typ
  • Connection: Select VPN.
  • VPN Type: Select Cisco IPSec.
  • Service Name: Enter "UZH".
  • Click on "Create".

5.) Enter server address and user data

VPN Mac Serveradresse

Server address:
Account name: Your UZH short name.
Password: Your VPN password
Activate the checkbox "Show VPN status in the menu bar".
Click Identification (or Authentication) Settings.

6.) Specify group key and name

VPN Mac Gruppenschlüssel
  • Key ("Shared secret"): Our Group Password.
  • Group Name: Our Group Name
  • Confirm by clicking on "OK".

You can find the group key and the group password here
(Log in with UZH Shortname and WebPass password if required).

7.) Open VPN connection

VPN Mac Anmelden

You can start the VPN connection via the "Network settings" (see points 1 and 2) or via the VPN symbol in the menu bar (see next point 8). Authenticate yourself with your VPN user data (UZH Shortname).

8.) VPN connection status

VPN Mac Status

The VPN connection status is displayed in the menu bar (if the corresponding option was activated during configuration).

Linux - VPN Configuration (Ubuntu 22.04 and Debian 11)

1.) Installation of required packages

  • sudo apt update && sudo apt install -y network-manager-vpnc-gnome

2.) Start VPN Configuration

  • nm-connection-editor

3.) Choose connection type

  • Click on Plus-Sign
  • Select connection type "Cisco Compatible VPN (vpnc)"
  • confirm with "Create"

4.) Fill in required fields

  • Connection name: UZH VPN
  • Gateway:
  • User name: <UZH Shortname>
  • Group name: ALL
  • Group password: see Remote Access-VPN-Profile

5.) Click Advanced

  • type "tun0" into the field "Tunnel interface name"
  • confirm with "Apply"

6.) Save

  • Confirm with "Save"

(If the button is greyed out, click "Advanced" und "Apply" again)

7.) Activate VPN connection


Click on the network icon in the top-right corner and activate the VPN connection


Unterseiten von External Access to the Network (VPN)