Secure Internet Access Admin Guide

This guide takes you through the process of securing internet traffic for your workforce. You can set up secure access to the public internet on the whole or to specific public resources.

This illustration shows a high-level view of the concept of secure internet access. On the left, each user connects with the OpenVPN Connect app on their device through a secure tunnel to the geographically closest OpenVPN Cloud Region. On the middle-right, each Connector on your private network, that provides access to the internet, establishes a secure tunnel between your network and the geographically closest Region. You can then configure User Groups and routes to that private network such that your workforce can either securely access specific public resources through OpenVPN Cloud or the entire internet.

network image of secure internet access
Secure Internet Access
  1. Set up your OpenVPN Cloud account.
    • Access and sign up to give it a try with up to three free connections.
    • Create an OpenVPN ID that uniquely identifies your VPN; for example, Your ID lets you administer your VPN network and download the OpenVPN Connect Client and its configuration profile. The Connect client can also directly import configuration profiles using your OpenVPN ID to get your user devices connected to OpenVPN Cloud.
  2. Configure the private network, that you want to use to provide access to the internet via OpenVPN Cloud, in the OpenVPN Cloud administration portal.
  3. Next, you must set up a network Connector and make sure it’s online.
    • Deploy a Connector on your private network. You can choose your operating system or compatible router and use the quick launch directly in the portal to deploy the Connector. For more information, refer to Connector Deployment User Guides
  4. For user groups, networks and hosts, for which all internet traffic should be routed through the network (Egress is enabled) navigate to them and change Internet Access to Split Tunnel Off, so that all their traffic is routed to OpenVPN Cloud. For more information, refer to Split-tunnel
  5. Connect your users
    • You can manually create users in the Users section of the OpenVPN Cloud administration portal. When you add users to your account and include an email address, those users automatically receive an email with instructions for downloading the OpenVPN Connect client and their connection profile.
    • If you don’t include an email address when creating new users, you’ll need to send those users the user portal link, username, and temporary password using some other means.
    • If you set up SAML or LDAP authentication with OpenVPN Cloud, you can let your workforce know that they can use their existing SAML or LDAP credentials to download the Connect app for their devices and import a profile using your unique OpenVPN Cloud ID URL.
    • Note that you can also configure User Groups, which enable you to set:
      • The Regions that users are allowed to connect to.
      • The type of authentication needed to establish a connection.
      • The maximum number of devices that can access the VPN simultaneously.
      • Split-tunneling on or off (routing public internet traffic).
    • Refer to these guides for more information:
  6. Each user can then connect to OpenVPN Cloud and reach all internet resources through your egress-enabled network or specific subnets and domains through routes defined for the network.
  7. You also have the added option of configuring private services and access groups to enforce access controls.
    • Learn more about configuring access to services here: Cloud Services
    • For information on setting up access groups for those services, refer to: Cloud Access Groups
    • Note: Your access controls won’t be active until your VPN topology is set to Custom.