Category filter

How to configure VPN settings on your Windows devices

Virtual Private Network or popularly known as VPN, allows you to establish a secured and encrypted connection over the internet. It enables you to safely transmit data through an encrypted tunnel, protecting your online identity, and allows you to use public Wi-Fi networks safely, in turn supporting the user to work remotely. It also allows routing all the traffic through the specified network ensuring secure access to corporate resources. Hexnode UEM allows you to configure VPN settings on your Windows devices.

Configure VPN server settings via policy

To configure VPN settings on your Windows devices.

  1. Login to your Hexnode UEM portal.
  2. Navigate to Policies.
  3. Select an existing policy or create a new one by clicking on New Policy.
  4. Go to Windows > Network > VPN. Click Configure.
Settings Description
Connection type Choose a connection type from the list. L2TP (default), PPTP and IKEv2 are the available options.
Connection name Provide a name for the VPN configuration for identification. The configured connection name will be displayed among the list of available VPN connections on the device once the policy is associated with the device.
Server Name/ IP Address Enter the IP address or Fully Qualified Domain Name (FQDN) of the VPN server.

The following options will be enabled when Advanced Connection Settings is checked.

Routing address

Routing address enables you to add the list of routes to the routing table for the VPN interface. A routing table is required for spilt tunneling and allows the networking stack to identify the traffic that needs to go over the VPN interface for split-tunnel VPN.

  • Address – Provide the subnet address in IPv4/v6 address format. (Mandatory)
  • Subnet Size – The subnet prefix size part of the destination for the route entry. (Mandatory)

You can add multiple entries by clicking the Add button.

DNS Routing Rules

DNS routing rules allow you to set up domain names and corresponding DNS servers and proxy servers required to establish the VPN connection.

  • Domain Name – Specify the domain name for the connection. (Mandatory)
  • DNS Servers – Specify the DNS server IP address. (Mandatory)
  • Web Proxy Servers – Specify the Web Proxy Server IP address if you are redirecting traffic through your intranet.

You can add multiple entries by clicking the Add button.

Routing policy

Specify the routing policy for the traffic coming through the network.

  • Allows traffic through VPN and local network connection – In this case, only the specified traffic can go over the VPN connection while the rest of the internet traffic can go through the local network connection.
  • Force all traffic through the VPN – The entire traffic gets pushed through the VPN.

Proxy

A proxy server acts as an intermediary between the device and the internet. All communication between the device and the internet is made secure by passing them through the proxy server. The available values are None, Manual and Auto Detect.

  • None – This means no proxy server is configured.
  • Manual – Setup proxy server manually.
    • Server (If Proxy is set as Manual) – Specify the IP address for the proxy server.
  • Auto Detect – Setup proxy server automatically with a proxy auto-config URL.

Configuring L2TP

L2TP connection
Settings Description
Connection Protocol Specify the connection protocol for the VPN connection. EAP is the only supported protocol.
User Authentication The method with which a device can be authenticated with the VPN server. The only available option is Shared Secret.
Shared Secret A key known to the VPN server and the device which is used to establish a connection between the two.

Configuring PPTP

PPTP connection
Settings Description
Connection Protocol Specify the connection protocol for the VPN connection. EAP is the only supported protocol.
User Authentication The method with which a device can be authenticated with the VPN server. The only available option is Password.
Note:

The user has to provide the password manually on the device for authentication.

Configuring IKEv2

IKEv2 connection
Settings Description
Connection Protocol Specify the connection protocol for the VPN connection. Available options are EAP and Machine Certificate.
If Machine Certification is selected, then the device detects a certificate on the device certificate store to use for authentication.
User Authentication The method with which a device can be authenticated with the VPN server. The only available option is Password.
Note:

The user has to provide the password manually on the device for authentication.

Device-wide Traffic Rules

Specify the list of traffic rules. Only traffic that matches these rules will be sent through the VPN connection. While adding multiple rules, each rule operates based on an OR with the other rules. On the contrary, within each rule, each property operates based on an AND with each other. In the case of filter values, multiple entries must be comma separated.

Note:

Once a traffic rule is added, all the traffic that doesn’t match the rules is blocked.

  • IP Address – Specify the IP address to be allowed.
  • Ports: Specify the ports to be allowed.
  • IP Protocol: Specify the numeric value of the IP protocol to be allowed. Eg: TCP = 6 and UDP = 17.

Policies

  • Remember Credentials: Enable the option to remember the end-user login credentials.
  • Always On – Enable the ‘Always On’ option to automatically connect the VPN at sign-in and stay connected until it is manually disconnected.
  • Bypass for local intranet traffic: Enable this option to allow local intranet traffic to bypass the VPN connection.
  • Trusted Network Addresses: Specify the trusted network addresses. The device will not connect automatically if a trusted network is detected.

Associate the policy with Windows devices

If the policy has not been saved,

  1. Navigate to Policy Targets > +Add Devices.
  2. Choose the target Windows devices and click OK. Click Save.
  3. You can also associate the policy with device groups, users, user groups or domains from the left pane of the Policy Targets tab.

If the policy has been saved,

  1. Go to Policies and choose the desired policy.
  2. Click on the Manage drop-down and select Associate Targets.
  3. Choose the target entities and click Associate.

What happens on the device?

On associating the VPN server configuration with the Windows device, users will be able to view the deployed VPN network configurations among the available networks (Settings > Network & Internet > VPN). The data traffic will be permitted as the user tries to access the internet based on the VPN traffic rules.

Configured VPN connection on the device.

Note:

If any changes are made to an existing policy the user will have to manually reconnect to the VPN. The changes will only take effect after the user reconnects.

  • Managing Windows Devices