Admin Portal

Ensuring that specific domains are always accessible using the Allow List

Overview The Allow List is a feature of Cyber Shield Domain Filtering. The Allow List enables you to override domain blocking. You can specify a list of domains that can be accessed even if they are present in a selected blocked domain category or are on the Block List. Note: If you are using both […]

Creating a custom domain filtering category using the Block List

Overview The Block List is a feature of Cyber Shield Domain Filtering. The Block List enables you to block a defined list of domains, which results in a custom domain filtering category. You can add domains to the Block List either individually or in batch using a text (.txt) file. Just as you can disable […]

Running a detailed report for monitored or blocked domains

Overview The domain detailed report is a feature of Cyber Shield Domain Filtering. The report provides information about any monitored and blocked domains for the previous five-day period. Generated reports are in CSV format and emailed to the signed-in administrator. The Top 10 Dashboard provides a link you can use to email a report of […]

Interaction between blocked and allowed domain names

A domain name consists of multiple levels, where a dot (.) separates each level. Consider the ‘cloud.openvpn.com’ domain name: .com is the top-level domain (TLD) .openvpn is the second-level domain cloud is the third-level or sub-domain The domain name matching logic checks domain names from right to left, starting from the TLD. Therefore, if you […]

OpenVPN Cloud Onboarding for Personal Use

OpenVPN Cloud while predominately meant to provide secure networking solutions to businesses can also be used for personal cybersecurity. Cyber Shield provides protection from malware and other threats without needing to tunnel all internet traffic through OpenVPN Cloud. After signup and selection of your OpenVPN ID you will see the Cloud Administration portal and will […]

Create Network Using Wizard

The Create Network configuration starts with an intention-based configuration wizard that can be skipped to continue with a form-based Network Configuration as described in Adding a Network It is recommended that you use the wizard for the following reasons: Configuration steps are tailored based on your intention(s) behind connecting your network to OpenVPN Cloud so […]

Remote Access Admin Guide

This guide takes you through the process of providing secure, remote access to your private networks and resources through OpenVPN Cloud. Your private resources can be located on cloud platforms (IaaS) or on-premises or both. You can quickly build a remote access solution for your employees who are connecting from various regions around the world. […]

Deploying a connector on Google Cloud Platform

You can deploy a connector in the Google Cloud Platform (GCP) environment during the network creation process. You must create a Linux virtual machine (VM) on GCP on which you install the network connector.

Deploying a connector on a Teltonika (RutOS) compatible router

You can configure a Teltonika compatible router for network connector deployment. You must use specific sections from the OpenVPN Cloud connector profile and apply them to the associated router settings.

Deploying a connector on a Ubiquiti (EdgeMAX) compatible router

Overview You can configure a Ubiquiti compatible router for network connector deployment. You must use specific sections from the OpenVPN Cloud connector profile and apply them to the associated router settings. Note: You must ensure that your router OS is EdgeRouter X v2.0 or newer. Steps: Download the connector profile Sign in to the OpenVPN […]

Enabling routing and NAT on Microsoft Windows Server 2016

Steps: Enable routing on Microsoft Windows Server 2016 You must first deploy the Routing and Remote Access Service on Windows Server. We strongly recommend that you refer to the specific documentation for the Windows Server version that you are using. This document provides information on deploying Routing and Remote Access Service for Windows Server 2016. […]

Enabling automatic login on macOS

You can enable automatic login on your macOS computer, which is required for deploying OpenVPN Cloud network connectors in a macOS environment.

Enabling routing and NAT on macOS

How to enable routing and NAT on macOS.

User Guide - Deploying a network connector in Microsoft Azure

You can protect your connections to networks hosted in Microsoft Azure with OpenVPN Cloud. Follow these steps to deploy a connector in your Azure network environment and enable VPN tunneling.

User Guide - Private LDAP Authentication

OpenVPN Cloud can be configured to use private LDAP authentication. This means that the LDAP server is positioned in your private network, and your users authenticate with the OpenVPN Connect app using their LDAP username and password credentials.

Cyber Shield - Observed Domains Trend Analysis

You must configure your OpenVPN Cloud Shield Domain Filtering to enable monitoring.

Cyber Shield

OpenVPN Cloud Shield provides Domain Name System (DNS) content filtering to protect your VPN users from malicious and suspicious websites, even when internet traffic isn’t transported through the VPN.

Cyber Shield - Blocked Domains Trend Analysis

You must configure your OpenVPN Cloud Shield Domain Filtering to block specific domain categories.

Cyber Shield Top-10 Dashboard

You must configure your OpenVPN Cloud Shield Domain Filtering to enable monitoring, and you can also choose to block specific content categories. The top-10 dashboard data displays the top recorded events for those categories that are monitored and blocked.

Cyber Shield Drill-Down Investigation

You must configure your OpenVPN Cloud Shield Domain Filtering to block specific domain categories before setting up a drill-down investigation.

Cyber Shield Investigation Report

You must configure OpenVPN Cloud Shield Domain Filtering to monitor or block specific content categories before setting up an investigation report.

Configuring Cyber Shield Domain Filtering

OpenVPN Cloud Shield analyzes the domain names in DNS queries received from VPN clients only when domain filter monitoring is turned on. When monitoring is active, Shield checks which content category each domain name being queried belongs in. If a domain name is matched to a category that is configured to be blocked, the domain name is not resolved.

User Guide - Using AWS private hosted zones with OpenVPN Cloud

There are two options for properly configuring the OpenVPN Cloud service to work with your AWS private hosted zone. For both options, you must first reconfigure your OpenVPN Cloud DNS servers to use the IP address of the Amazon-provided DNS servers for your VPC.

Adding a DNS record for a private domain name

OpenVPN Cloud provides a quick and easy way for you to route traffic to servers, on the networks connected to it, by name. Instead of making changes to your private DNS server’s entry or even using private DNS servers, you can add a DNS record right in your VPN configuration.

Adding a private domain name as a route to a network

OpenVPN Cloud allows you to configure one or more domain names as routes to reach a network. You can either use both domain names and IP address subnets or just one of them to configure a network.

Assign a public domain name to a network service

If you want to enforce access controls for public services that you have added as a route to a network, then you can define services under the destination network by using the public domain names that will be routed to the network.

Adding a public domain name as a route to a network

OpenVPN Cloud allows you to configure one or more domain names as routes to reach a network. You can either use both domain names and IP address subnets or just one of them to configure a network.

Assign a private domain name to a host

OpenVPN Cloud allows you to configure one domain name to reach a host. Note that when a domain name is used for a host, you do not need to add a DNS record in OpenVPN Cloud.

Adding a DNS record for a public domain name

You can add a DNS record for a public domain name similar to the steps for adding a private domain name. However, when you direct traffic to a server on your private network, you must ensure that the server can properly forward traffic on to the actual public internet destination.

Assign a private domain name to a network service

If you want to enforce access controls for services that you already have configured domain names in your private DNS server or in the Cloud DNS, then you can define services under the destination network by using the domain names that have been assigned to those services instead of using the IP address.

Giving a public domain name to a host

OpenVPN Cloud allows you to configure one domain name to reach a host. Because each host is configured to represent an internal service, any domain name given to a host is considered to be a private domain name and not a public domain name.

SAML configuration for IdP-initiated sign on

You can have your users to sign in to the OpenVPN Cloud User Portal directly from your SAML IdP application dashboard.

Changing a User's role to Administrator

A user needs to have administrative rights in order to configure the VPN, add users, and to carry out all other activities similar to that of the Owner except managing the subscription.

Alerting for important VPN events

An administrator can navigate to the Email Notifications tab within Settings to enable alerting emails for important VPN events. These emails can notify the administrator of events that require attention or action.

OpenVPN 3 Client for Linux

The OpenVPN 3 Linux project is a new client built on top of the OpenVPN 3 Core Library, which is also used in the various OpenVPN Connect clients and OpenVPN for Android.

SAML setup with Azure AD

An administrator can configure OpenVPN Cloud to authenticate access to the user portal, and download a VPN profile and VPN connections using a SAML 2.0 compliant Identity Provider.

SAML setup with G Suite

An administrator can configure OpenVPN Cloud to authenticate access to the user portal, and download a VPN profile and VPN connections using a SAML 2.0 compliant Identity Provider.

SAML setup with Okta

An administrator can configure OpenVPN Cloud to authenticate access to the user portal, and download a VPN profile and VPN connections using a SAML 2.0 compliant Identity Provider.

Using SAML for user authentication with OneLogin as the Identity Provider

An administrator can configure OpenVPN Cloud to use OneLogin as the SAML IdP to authenticate access to the user portal, download VPN profiles, and make VPN connections.

Connecting Networks to OpenVPN Cloud Using Connectors

Additional steps need to be taken after downloading and installing connector software to ensure that proper routing of traffic occurs between your networks and OpenVPN Cloud. In this document, we take an in-depth look at traffic flows to help you understand why certain actions need to be taken, and to also provide instructions and references for configuring the required functionality on the instance running the connector.

Launch Connector on AWS

Follow the steps in this guide to configure an AWS VPC network in the OpenVPN Cloud administration portal, and install an AWS instance with a Connector that uses AWS CloudFormation.

Clear all trusted devices for a user

Follow these steps to remove the devices that a user has chosen to trust to skip two-factor authentication.

Resetting Two-Factor Authentication for a User

Follow these steps to reset two-factor authentication for an OpenVPN Cloud user.

VPN Status and Error Logs

This guide provides information on viewing and understanding the OpenVPN Cloud VPN status and error logs.

Enable two-factor authentication for OpenVPN Cloud users

Follow the steps in this guide to enable two-factor authentication for your OpenVPN Cloud users.

Installing a connector for Windows

Follow these steps in the OpenVPN Cloud administration portal to install a connector for a Microsoft Windows environment.

Installing a connector for macOS

Follow the steps in this guide to install an OpenVPN Cloud host connector on a private network running macOS.

Change the per user device allowance

Follow the steps in this guide to change the per user device allowance in the OpenVPN Cloud administration portal.

Change the VPN subnets

Follow the steps in this guide to change your VPN subnets in the OpenVPN Cloud administration portal.

Change the default VPN region

Follow the steps in this guide to change the default VPN region in the OpenVPN Cloud administration portal.

Change DNS servers from default to custom

Follow the steps in this guide to change your DNS servers from default to custom in the OpenVPN Cloud administration portal.

Switch to manual profile distribution and create a user device

Follow the steps in this guide to set up manual profile distribution and create user devices in the OpenVPN Cloud administration portal.

Assign specific protocols to a service

Follow the steps in this guide to assign specific protocols to a service in the OpenVPN Cloud administration portal.

Set up user group access to a specific service

Follow the steps in this guide to set up user group access to a specific service in the OpenVPN Cloud administration portal.

Edit an access group

Follow the steps in this guide to edit an access group in the OpenVPN Cloud administration portal.

Reassign a user to a different group

Follow the steps in this guide to reassign a user to a different user group.

Add an access group

Follow the steps in this guide to add an access group in the OpenVPN Cloud administration portal.

Change the VPN topology from full-mesh to custom

Follow the steps in this guide to change your VPN topology from full-mesh to custom.

Configure a subnet as a service

Follow these steps in the OpenVPN Cloud administration portal to configure a subnet as a service.

Changing internet access for a user group

Follow these steps to change a user group’s internet access such that internet traffic enters the VPN and exits from the VPN Egress network.

Changing a Network's Internet Access to use VPN Egress

Follow these steps to change a network’s internet access such that internet traffic exiting the network enters the VPN and exits from the VPN Egress network.

Adding VPN Egress

This guide provides information on setting up a network as VPN Egress. One or more networks can be set to act as an exit point for public internet traffic that enters your VPN.

Check a user and assigned devices

Follow these steps in the OpenVPN Cloud administration portal to check a user and the devices assigned to that user.

Send a temporary password to a user

Follow these steps in the OpenVPN Cloud administration portal to send a temporary password to a user.

Add a user

Follow these steps to add a user in the OpenVPN Cloud administration portal.

Add a custom service

Follow these steps to add a custom service in the OpenVPN Cloud administration portal.

Edit the default User Group settings

This guide provides instructions on editing the default user group settings in the OpenVPN Cloud administration portal.

Installing a connector for Linux

Follow these steps to install a connector for Linux in the OpenVPN Cloud administration portal.

Customizing a User Group

This guide provides information on customizing a user group in the OpenVPN Cloud administration portal.

Add New User Group

Follow these steps to add a new user group in the OpenVPN Cloud administration portal.

Add a service to a host

Follow these steps to add a service to a host in the OpenVPN Cloud administration portal.

Adding a host

Follow these steps to add a host in the OpenVPN Cloud administration portal.

Adding a network

Follow these steps to create a network in the OpenVPN Cloud administration portal.

Sign up as an owner

Follow these steps to get signed up to OpenVPN Cloud as an owner.