Differences

This shows you the differences between two versions of the page.

Link to this comparison view

configure_vpn [2013/04/09 01:01]
cpanell [VPN Configuration Settings]
configure_vpn [2013/04/09 02:21] (current)
cpanell [Supported VPN Products (Windows and Mac OS X only)]
Line 1: Line 1:
 +===== VPN Integration =====
 +
 +**Available for:** Windows clients, Express clients, Mac OS X clients. 
 +
 +An integrated VPN is automatically launched with Open Mobile, which can pass the VPN login credentials and ensure a secure connection to corporate resources. Enabling VPN integration is recommended for all Open Mobile for Windows clients.
 +
 +<note important>You must define at least one account for authentication before configuring VPN integration.</note>
 +
 +Because a VPN is not required when on a corporate network, you have the option of enabling or disabling the VPN control switch in the Open Mobile UI. You can choose to enable the control with or without user confirmation, or to disable the control completely.
 +
 +{{ :screenshot174.png?600 |}}
 +==== Supported VPN Products (Windows and Mac OS X only) ====
 +
 +Open Mobile supports the following VPN products:
 +
 +=== Windows Clients ===
 +
 +  * Check Point
 +  * [[integrating_cisco_anyconnect|Cisco AnyConnect SSL]]  
 +  * Cisco IPSec
 +  * Juniper Networks
 +  * NCP
 +  * Nortel
 +  * Junos Pulse
 +  * [[windows_user_selected_vpn|User Selected]]
 +
 +In addition, using Custom VPN Integration, you can integrate a wide variety of VPN solutions into Open Mobile. Custom VPN integration is described below.
 +
 +=== Mac Clients ===
 +
 +  * [[integrating_cisco_anyconnect|Cisco AnyConnect SSL]]   
 +  * Juniper SSL
 +
 +<note important>Custom VPN integration is not available for Mac OS X clients.</note>
 +==== VPN Configuration Settings ====
 +
 +The VPN configuration settings are shown here. Depending on your VPN solution, some of these settings may be disabled.
 +
 +== Select your VPN client ==
 +
 +Select your VPN from the drop-down list. (Your selection of VPN may restrict some of the configuration settings that follow.)
 +
 +== VPN Launch for [Network Connection Types] of the following network types ==  
 +
 +Select a network connection type that will trigger VPN launch, as well as which network types for which the VPN will be automatically launched. 
 +
 +Network connection types include: 
 +  * **All network connections:** The VPN will be launched for all Open Mobile connections (those initiated in Open Mobile, as well as those inherited from other connection managers). 
 +  * **Initiated connections:** The VPN will only be launched on connections initiated in Open Mobile. (That is, connections inherited from another connection manager will not trigger a VPN launch.) 
 +
 +//Network Types// include Wi-Fi, Ethernet, Mobile Broadband, Dial, and DSL.  The VPN will automatically be launched for the selected types. Any number of these may be selected, but at least one type is required.
 +
 +== Enable the end user to launch the VPN on demand ==
 +
 +//(VPN On-Demand)//  If selected, the user will be able to launch the VPN using the **VPN** button in the Open Mobile client UI.  If not selected, the VPN is launched automatically on the specified connection types.
 +
 +== VPN Account and Authentication ==
 +
 +VPN authentication can be performed either by certificate or account credentials. 
 +  * **Authenticate using certificate (Cisco AnyConnect and Nortel only):** If selected, VPN authentication will be performed by certificate. 
 +    * Enter a default profile name, or leave blank for the VPN client to auto-select a profile. 
 +    * Select **Enable gateway selection** to enable the user to select a gateway from the profiles defined in the VPN client. If this option is chosen for a Windows 2.4.0 and later profile, you can select **Prompt User Upon Connection Attempt** to have the user select the gateway each time they connect.
 +  * **Authenticate using account:** If selected, VPN authentication will be performed by account credentials passed from the Open Mobile account you define. Then, select or enter the following: 
 +    * **Information to pass to VPN when launching:** Select one or more credential types (username, password, domain, and token) to pass to the VPN. 
 +    * **Select account...:** Select the account from which the credentials are to be drawn. 
 +      * A green check mark indicates that the credential type has been configured for that account. 
 +      * A red X indicates that the credential type has not been configured for that account definition.  You will not be able to save the integration if a red X is present. Select (or configure) another account to use. 
 + 
 +== Default Gateway/Profile ==
 +
 +Optionally, enter the name of the default VPN gateway or profile, and whether gateway/profile selection is enabled for the user. 
 +  * If gateway/profile selection is not enabled, you will need to specify the name of the default profile. 
 +  * If no default is specified, or the default does not match any existing entries in the VPN client, Open Mobile will select the first profile available in the VPN client. (Note that the user can override the default in Open Mobile under **Options %%|%% VPN**.) 
 +
 +Alternately, to specify the VPN gateway or profile for an SSL VPN such as Juniper, you can upload a file that includes VPN gateway information. A VPN gateway file is required if you use credential values other than username and password, such as Username/PIN+Token Code. 
 +
 +An example of a VPN gateway file is available for download on the **VPN Integration** page. If you create your own file, save the file as an .ini file before uploading it. 
 +
 +For more information, consult the tech note {{:om_vpn_gateway_file.pdf|Open Mobile VPN Integration Gateway File}}.
 +
 +== VPN GUI Visibility ==
 +
 +**Hide VPN GUI When Launching:** If selected, the VPN interface will be hidden from the end user. (In order for this feature to function, you must configure VPN Auto-Connect.) VPN GUI visibility does not affect the VPN system tray icon, just the visibility of the main VPN UI.  
 +
 +== VPN Connectivity ==
 +
 +  * **(VPN Timeout)** Choose the number of seconds before a VPN connection is timed out (before the attempt is considered failed and automatically canceled).  
 +  * **(Auto-Disconnect)** Whether the VPN will be disconnected if the user switches networks. 
 +  * **(Auto-Teardown)**  If selected, Open Mobile will tear down the Internet connection when the VPN is disconnected for any reason. 
 +  * If Auto-Teardown is enabled, choose a value for the number of times Open Mobile should attempt to reconnect once disconnected. If zero, no reconnection attempt will be made.  |
 +==== Enable VPN Integration ====
 +**To enable VPN integration:**
 +
 +  - Select **Enable VPN Integration** (Recommended).
 +  - Under **VPN Type**, select your VPN client from the drop-down list.
 +  - Under **VPN Settings**, select the behavior of your VPN client, based on the offered prompts. Depending on the VPN type, you may be prompted to enter specific connection or network types for which to automatically launch the VPN, account and authentication information, and the settings for the VPN gateways.
 +  - Under **VPN Connectivity**:
 +    * Indicate the number seconds allowed for a VPN connection.
 +    * Indicate the number of reconnection attempts the VPN will take when accidentally disconnected.
 +    * Indicate whether Open Mobile should disconnect from the Internet if the VPN is disconnected, and if yes enter the number of times that Open Mobile should attempt to automatically reconnect to the VPN before disconnecting from the Internet.
 +  - For Windows 2.x clients, under **When on Corporate Network**, choose whether to enable the **VPN** control in the Open Mobile interface.
 +    * **Enable VPN Control but require no user confirmation upon VPN connection attempt:** If connected to a corporate network, the user can launch the VPN with no confirmation required.
 +    * **Enable VPN Control but require user confirmation upon VPN connection attempt:** If connected to a corporate network and the VPN is launched, the user will be prompted to confirm the VPN connection attempt.
 +    * **Disable VPN Control:** (not recommended) Disables the VPN Control completely. Users will not be able to launch the VPN if a corporate network is detected. (Note that a false-positive CND test will deny the user VPN access, so make sure that your CND test criteria will have no chance to return any erroneous or spurious results.)
 +  - Click **Save.**
 +
 +==== Custom VPN Integration ====
 +
 +Open Mobile supports the integration of many industry-standard VPN solutions. However, it is possible to integrate Open Mobile with a much wider variety of VPNs, using the Custom VPN Integration feature.
 +
 +**Requirements:** Configuring custom VPN integration requires the following:
 +
 +  * You must define at least one method of Corporate Network Detection (CND), as well as enabling VPN polling, so Open Mobile can provide proper monitoring, status messages, auto-teardown, and other related features.
 +  * In addition, at least one of your [[corporate_network_detection|Corporate Network Detection]] rules should be configured to detect the network that is available through your VPN tunnel. 
 +  * When configuring the VPN integration, you will need to enter a connect command line, which can use either the literal path or %PROGRAMFILES% variable. Examples of a proper command line include:
 +    * For 32-bit path: C:\Program Files\YourVPN\example.exe -profile USCorpGWA -user <UserName> -password <UserPassword> -domain <UserDomain>
 +    * For 32-bit path and x86 path for 64-bit: %PROGRAMFILES%\YourVPN\example.exe -profile USCorpGWA -user <UserName> -password <UserPassword> -domain <UserDomain>
 +
 +**To integrate a custom VPN:**
 +
 +  - Select **Enable VPN Integration** (Recommended).
 +  - Under **Select your VPN client**, select Custom VPN.
 +  - In Custom **VPN Name**, enter the name of your custom VPN client.
 +  - In **Connect Command**, enter the VPN command-line parameters needed to connect with the VPN client.
 +  - In **Disconnect Command**, enter any command-line parameters needed to disconnect the VPN client.
 +  - Under **VPN Launch,** pick one or more network types for which to automatically launch the VPN, and whether the user will be able to launch the VPN on demand.
 +  - Specify any additional settings as prompted.
 +  - Click **Save**.
 +
 +<note important>If a custom VPN is configured to pass username and password, the password will be shown in clear text in the Task Manager.
 +
 +Custom VPN integration is not supported by iPass. Customers are responsible for all testing of custom VPN integration.</note>
 +
 +[[Create a New Profile]] > [[Configuration Settings]] > [[Connectivity]] 
 +
  
 

©2015 iPass Inc. All rights reserved. Terms of Use