Configuration: Network Settings
About the Page
Network Settings allows you to edit the settings for hostname, protocol, daemons, and port numbers for the three network servers compromising the Access Server: the VPN, Admin Web UI, and Client Web UI servers.
Use this section to configure the VPN server's hostname or IP address, interfaces, protocols, daemons, and ports. Incorrect configuration of your server's hostname or IP address breaks Access Server functionality. Any changes to these settings directly affect client configuration files issued to VPN clients. Thus, making any alterations requires users to update their connection profiles.
Ensure you correctly configure the server's hostname or IP address for Access Server to function. You can choose between using TCP, UDP, or both protocols. You can also define the port used by each protocol. When you select both protocols, you can define how many daemons both protocols may have.
Hostname or IP Address
This is the name or IP address that VPN clients will use to access the VPN Server. It must be a public IP address or Fully-Qualified Domain name (FQDN). We strongly recommend using an FQDN for this setting.
Interface and IP Address
This configures the port where Access Server listens to VPN server requests. If clients can't access the interface listed, they can't connect to the server.
You can choose TCP, UDP, or Both (multi-daemon mode) for protocol options. The OpenVPN protocol functions best over the UDP protocol. By default, Access Server's downloaded connection profiles are pre-programmed to try UDP first, then TCP, if that fails. However, you may need TCP or both for certain networks that may block some traffic.
For example only traffic for protocols such as HTTP, HTTPS, FTP, SMTP, POP3, and IMAP are allowed on a public network. Most of those are TCP-only. For connections through such a network, including support for TCP connections is helpful. By default, we choose port TCP 443, the same port as HTTPS traffic, which is usually allowed even on restrictive networks.
We consider TCP less ideal due to the possibility of the TCP meltdown phenomenon, which occurs when you stack one transmission protocol on top of another (such as TCP traffic transported within an OpenVPN TCP tunnel). The underlying layer may encounter a problem and attempt to correct or compensate for it, but the layer above overcompensates, which causes delays and problems.
Daemons and Port Numbers
You can change the number of TCP or UDP daemons and their port numbers with these fields.
Admin and Client Web Servers
When TCP or Both (multi-daemon mode) are selected, you can choose whether the VPN Server provides access to the Admin and/or Client Web Server services through its IP address and port. If you choose No, they are still accessible via their configured IP address and port number.
Admin and Client Settings
The sections for the Admin and Client UIs allow you to configure the ports to access each and the interfaces they listen on. You can change these settings with one of the three options beneath Interface and IP Address.
Notice that the Client Web Server can use the same IP address and port as the Admin Web UI. If chosen, it inherits the port, interface, and IP address defined for the Admin Web UI. If you choose to use a different IP address or port, additional configuration options display.
If you select Use a different IP address or port, then this additional section displays for configuration
Press the Save Settings button to finalize all changes.
The Network Settings page provides a straightforward interface to configure the settings for the VPN Server and the website settings for the Admin and Client servers.