VPN with OpenConnect on Linux

Preliminary note

Troubleshooting help can be found below.

Note general

Some restricted services of the University or the State and University Library can only be used when you are on campus, so that the device you use has an address from the area assigned to the University.

To access these services from home or on the road, you must install a so-called VPN client software (AnyConnect or OpenConnect) on your device once and establish a connection to the campus with the VPN client before each access to the restricted services. This means that you are "virtually" on campus and can use the services you are used to.


Please note the different types of tunnels and make sure you choose the correct tunnel.

Initial Setup - Step 1

Make sure that your computer is connected to the Internet so that the required software can be installed if necessary. 
Open the terminal and type the following command:

sudo apt install network-manager-openconnect-gnome

Confirm the installation with the instruction mentioned in the terminal. Now restart your device.

Initial Setup - Step 2

Now go to the "Settings" and open the "Network" tab. Next, click on the "+" icon next to VPN.

Initial Setup - Step 3

Select "Multi-protocol VPN Client (Openconnect)" as the menu item. 

Initial Setup - Step 4

In this window you can now enter the details of the VPN endpoint.

  • The name of the connection is freely selectable
  • The gateway should be named "vpn.uni-bremen.de"
  • The value called "UserAgent" (if available) must be set to "AnyConnect"
    • Should the value not be present, please have a look at ABC
  • All other values can remain at default

Now click on "Add" in the upper right corner.

The right image is an example of a configuration where the "UserAgent" field is present.

Add UserAgent

You only need to follow this step if the "UserAgent" field was not available in the "Initial Setup - Step 4"!

Tested this script so far only under Ubuntu 23.03 Lunar Lobster! Use this script only if the file /usr/bin/openconnect is NOT present.

To add the UserAgent to not yet supported OpenConnect versions, you have to create a file in the terminal that adds the UserAgent via script.
Create the file with the text editor of your choice. Here "vim" is used

sudo vim /usr/bin/openconnect

Now add the following content to the file

#! /usr/bin/env bash


if [[ "$@" =~ https:\/\/.+\.uni\-bremen\.de ]]; then
exec /usr/sbin/openconnect --useragent 'AnyConnect' "$@"
exec /usr/sbin/openconnect "$@"

Make the file executable

sudo chmod +x /usr/bin/openconnect

Now the UserAgent should be added automatically to connections with the Uni Bremen VPN

Connect - Step 1

Go to "Settings" and then to the "Network" tab. 

Connect- Step 2

Now click on your created VPN profile, previously named "Uni Bremen".

Connect - Step 3

Select the correct tunnel type under "Group".

Enter the credentials of your university account under Username and Password and click on Login.

As you can see in the last picture, a successful connection is marked by a colored button (here highlighted in orange).


I cannot download the installation file and get the message "Forbidden" instead.

  • Not all users of the university can access the VPN service. In particular, alumni are excluded from using it.
  • If you are a regular member of the university (for example, a regular student or staff member) or an employee of the SuUB, please contact the account administration to have the assignments of your account checked.

I have successfully established a VPN connection, but now I cannot use the library's services?

  • If you want to use services that are enabled for the network area of the University of Bremen but are not "hosted" in the network area of the university (publishers are an example here), you have to change the group from "Tunnel-Uni-Bremen" to "Tunnel-all-Traffic" when establishing the connection. For a detailed explanation please read the page VPN tunnel types.
    • ATTENTION: With this option all traffic will now be routed through the tunnel. Please leave the tunnel enabled with this option only as long as this is needed for working.
Updated by: VPN