Contents x
    Veltar VPN Configuration
    • 29 Oct 2024
    • 3 Minutes to read
    • Print
    • PDF
    Contents

    Veltar VPN Configuration

    • Updated on 29 Oct 2024
    • 3 Minutes to read
    • Print
    • PDF
    Article summary

    Once you have completed the setup of Veltar VPN server as described here, you can now proceed to create the VPN configuration on Scalefusion Dashboard and push it to the devices by performing the following steps,

    1. Create a VPN Tunnel using the VPN server IP and Secret key

    2. Configure the IP Range that needs to be allocated to managed devices

    3. Configure the list of IPs that a user has access to when connected to this VPN Tunnel and optimally configure a DNS server

    VPN Tunnel Configuration

    When setting up VPN tunnels through the Scalefusion Dashboard, consider the following:

    Listen Port for VPN Tunnels

    1. Port Selection:

      • Specify a Listen Port when creating a new VPN tunnel via the Scalefusion Dashboard.

      • This is separate from the HTTP/HTTPS port used for the Veltar VPN API’s.

    2. UDP Protocol:

      • The Listen Port for VPN tunnels uses the UDP protocol, not TCP.

    3. Firewall Configuration:

      • Ensure the chosen Listen Port is open in your firewall for incoming UDP traffic.

      • Configure port forwarding for this UDP port if behind a NAT.

    4. Port Range Consideration:

      • Consider opening a range of UDP ports (e.g., 51820-51830) for multiple VPN tunnels.

    Configuring VPN on Scalefusion Dashboard

    Pre-Requisites

    1. Enrollment mode on Android: BYOD, Shared Company Owned, COPE

    2. Enrollment mode on iOS : BYOD, AUE, User Authenticated & DEP/ADE

    3. Scalefusion Android Agent v17.0.1 or above and iOS Agent v4.1.1 should be installed on device.

    4. The device must be added to the User group (as the configuration can be published only to user Group).

    5. Device Profile(s) should be created on Scalefusion Dashboard

    Step 1: Create VPN Config

    1. On Scalefusion Dashboard, navigate to Veltar > VPN Tunnel and click on Create VPN Config.

    2. This will open the VPN config dialog/wizard.

    3. Provide the required details under following tabs:

      1. VPN Server Details: Under this, IT Admins need to enter the basic VPN details,

        1. VPN Host address: IP address or domain name of the VPN server that clients connect to in order to establish a secure VPN connection

        2. API Access token: A unique identifier used to authenticate a user or application when making API calls.

        3. API Port: The specific network port on the server that is used to handle API requests.

      2. Click Next

      3. Tunnel Details

        1. Tunnel Name: Enter a name for the tunnel

        2. IP Address: Base IP Address for the Tunnel. It is the virtual IP address assigned to the device within the VPN tunnel. For each device it is auto generated with the help of base IP address.

        3. Listen Port: Port on a server that accepts incoming connections

      4. Click Next

      5. Peer Details

        1. Allowed IPs: The IPs that we want to pass through VPN tunnel. Here, Range is not supported

        2. DNS Servers: In this phase we are not supporting it

        3. Persistent Keep Alive Time (in seconds): The idle time the connection will remain, if not actively being used. By default it is set to 60 seconds.

    4. After entering all details, click on Save

    5. The VPN Configuration will get created and displayed on the main VPN Tunnel page with other related details. The details will be as under:

      1. Tunnel Name

      2. IP:Port - The IP and Port for the Tunnel

      3. Total Peers: Number of devices on which the VPN config is published

      4. Sent/Received (MB) : The total data (in MB) sent / received on the tunnel for all the devices.

      5. Actions: Click on the three dots for the list of actions you can perform on VPN

    Step 2: Publish VPN configuration

    To apply VPN config you have created, the next step is to Publish it.  

    1. Click on publish by clicking on three dots under Actions

    2. In the new window, select the User Group(s) on which you want to publish the configuration.

    3. Click Publish

    Additional Actions

    You can perform following additional actions on a VPN Configuration (access from Actions):

    • Edit: Only peer details can be edited

    • Delete: Deleting a tunnel will unpublish/remove the VPN from the device.

    User Experience on Device

    iOS

    On publishing the VPN config,

    1. A new section for Veltar will be created inside Scalefusion Agent. Here, toggle on Secure VPN.

    Android

    On publishing the VPN config,

    1. Veltar will be available on the managed device. When you click on it, a key icon will be visible on the top notification bar and Secure VPN shows as Enabled.

    Known Behaviors

    Android

    1. On BYOD and Company Owned Personally enabled (COPE) Devices, you can enable or disable VPN manually but not on Shared Company Owned Devices.

    2. VPN and Secure Web Gateway cannot be used simultaneously. If both VPN and Secure Web Gateway are configured, the VPN will take precedence, and Secure Web Gateway functionality will be temporarily disabled.

    3. On certain devices, the VPN connection may be automatically disconnected due to device-specific compatibility issues. Users might encounter difficulties reconnecting to the VPN using Scalefusion in these cases.

    Was this article helpful?
    What's Next
    Ambitious companies around the world trust Scalefusion to secure and manage endpoints including smartphones, tablets, laptops, rugged devices, POS, and digital signages. Our mission is to make Device Management simple and effortless along with providing world class customer support.
    By Business Initiative
    Top Features
    Existing Users
    Connect With Us
    Sales and Support
    Copyright © 2023 Scalefusion. All rights reserved.