Secure Internet Access Admin Guide
This guide takes you through the process of securing internet traffic for your workforce. You can set up secure access to the public internet on the whole or to specific public resources.
This illustration shows a high-level view of the concept of secure internet access. On the left, each user connects with the OpenVPN Connect app on their device through a secure tunnel to the geographically closest OpenVPN Cloud Region. On the middle-right, each Connector on your private network, that provides access to the internet, establishes a secure tunnel between your network and the geographically closest Region. You can then configure User Groups and routes to that private network such that your workforce can either securely access specific public resources through OpenVPN Cloud or the entire internet.
- Set up your OpenVPN Cloud account.
- Access https://cloud.openvpn.com/ and sign up to give it a try with up to three free connections.
- Create an OpenVPN ID that uniquely identifies your VPN; for example, myopenvpnID.openvpn.com. Your ID lets you administer your VPN network and download the OpenVPN Connect Client and its configuration profile. The Connect client can also directly import configuration profiles using your OpenVPN ID to get your user devices connected to OpenVPN Cloud.
- Configure the private network, that you want to use to provide access to the internet via OpenVPN Cloud, in the OpenVPN Cloud administration portal.
- Access the Networks section and add a new network.
- You can then choose to either:
- Enable Egress to route all internet traffic through this network,
- Or leave Egress disabled and define your public resources by domain name or IP address.
- For further information, refer to Domain Name as a Route , VPN Egress and Adding VPN Egress.
- Here is a detailed example of setting up a network for VPN egress: HQ Network being used as VPN egress route.
- Next, you must set up a network Connector and make sure it’s online.
- Deploy a Connector on your private network. You can choose your operating system or compatible router and use the quick launch directly in the portal to deploy the Connector. For more information, refer to Connector Deployment User Guides
- For user groups, networks and hosts, for which all internet traffic should be routed through the network (Egress is enabled) navigate to them and change Internet Access to Split Tunnel Off, so that all their traffic is routed to OpenVPN Cloud. For more information, refer to Split-tunnel
- Connect your users
- You can manually create users in the Users section of the OpenVPN Cloud administration portal. When you add users to your account and include an email address, those users automatically receive an email with instructions for downloading the OpenVPN Connect client and their connection profile.
- If you don’t include an email address when creating new users, you’ll need to send those users the user portal link, username, and temporary password using some other means.
- If you set up SAML or LDAP authentication with OpenVPN Cloud, you can let your workforce know that they can use their existing SAML or LDAP credentials to download the Connect app for their devices and import a profile using your unique OpenVPN Cloud ID URL.
- Note that you can also configure User Groups, which enable you to set:
- The Regions that users are allowed to connect to.
- The type of authentication needed to establish a connection.
- The maximum number of devices that can access the VPN simultaneously.
- Split-tunneling on or off (routing public internet traffic).
- Refer to these guides for more information:
- Each user can then connect to OpenVPN Cloud and reach all internet resources through your egress-enabled network or specific subnets and domains through routes defined for the network.
- You also have the added option of configuring private services and access groups to enforce access controls.