Define How Internet Traffic is Routed Using Your Wide-Area Private Cloud

Embed security and corporate policy enforcement into employee internet access.

Meet a Unique Array of Internet Traffic Control Needs

Your company needs to route user internet traffic to data centers for maximum Wi-Fi hotspot security, backhauling to on-prem or cloud-based UTM for security, and policy enforcement. OpenVPN Cloud, a cloud-based virtual networking platform that provides private networking but does not provide default internet access, lets you use an Internet Gateway with your OpenVPN Cloud wide-area private cloud (WPC) for internet access.


Tap into your WPC for customized internet traffic control

OpenVPN Cloud doesn’t just tunnel traffic to private resources on your connected networks; it also gives you unmatched control over internet-bound traffic routing by User Group, Network, or Host.

  • Level 1 Security: Split Tunnel ON

    For enhanced safety — and to use SaaS login restriction policies — steer traffic to specific trusted internet destinations into the tunnel using IP address ranges or domain names. Other internet traffic is not tunneled to your WPC and uses direct internet access. Cyber Shield content filtering blocks domains for added security even if traffic has direct internet access.

  • Level 2 Security: Split Tunnel OFF

    Tunnel all internet traffic from a connected network, application server, or remote user to one or more connected private networks acting as OpenVPN Cloud Internet Gateways. This ensures that all internet traffic is inspected for threats and uses third-party security solutions to apply corporate policies using 3rd party security solutions. IDS/IPS built into Cyber Shield can bolster or replace your current internet security stack.

  • Level 3 Security: Restricted Internet

    Enforce the strictest control by completely blocking internet access and limiting access to private and trusted internet destinations. This enhances cyber safety, restricts content, encrypts and tunnels traffic to trusted sites, reduces the need for additional security devices, and lets the public IP address range of the connected private network be used as a trusted source network in SaaS applications.


IDS is an acronym for Intrusion Detection System. OpenVPN Cloud uses Cyber Shield Traffic Filtering as an IDS to identify malicious or unsanctioned network activity. When Traffic Filtering Monitoring is turned ON, and traffic is routed through OpenVPN Cloud, Cyber Shield Traffic Monitoring passively inspects network traffic on a packet level and reports malicious traffic and network policy violations. Traffic Monitoring uses signature-based detection to compare malicious traffic against an ever-growing database.

IPS is an acronym for Intrusion Prevention System. OpenVPN Cloud Cyber Shield can also be used to prevent malicious or unsanctioned network activity. When Cyber Shield Traffic Monitoring is ON, and traffic is routed through OpenVPN Cloud, Traffic Filtering can be configured to stop malicious traffic and prevent network policy violations. To learn more on how to use Cyber Shield’s Traffic Filtering as an IPS, read Configuring Cyber Shield Traffic Filtering for Blocking Threats.

Yes — You can configure multiple Internet Gateways to route internet traffic. To learn more, read User Guide - VPN with multiple VPN Egress locations.

Split Tunnel is a configuration setting of the tunnel that connects the device to OpenVPN Cloud. It can be set to select what kind of traffic is sent through the tunnel. All traffic (even internet traffic) is sent through the tunnel when set to OFF. When set to ON, only specific traffic configured to be routed to OpenVPN Cloud enters the tunnel, and general internet traffic does not.

Yes, you can block access to specific domains. Blocking works regardless of whether the internet traffic is tunneled to the WPC or not. To do this, you must first turn Domain Filter Monitoring ON. Next, you’ll need to configure OpenVPN Cloud Domain Filtering and select the content categories that need to be blocked or use preset modes. To learn more about Domain Filtering, read Configuring Cyber Shield Domain Filtering | OpenVPN Cloud.

Internet security controls can be applied to User Groups, Networks, and Hosts. To learn how read OpenVPN Cloud Internet Access.

Cyber Shield content filtering is a feature of Domain Filtering that analyzes the domain names in DNS queries received from WPC clients only when domain filter monitoring is turned on. When Monitoring is active, Cyber Shield checks which content category each domain name being queried belongs in. If a domain name is matched to any of the 43 Cyber Shield Domain Filtering Categories that is configured to be blocked, the domain name is not resolved as expected and a “This site can’t be reached” page is displayed. Content can be blocked choosing any of those categories or by using 1 of 3 domain filtering preset modes:

  • Basic
  • Safe Browsing
  • High Productivity

Cyber Shield domain filtering can be configured from the OpenVPN Cloud administration portal in the Shield settings or through the Setup Wizard, by editing the Domain Filtering block categories. To learn how watch Domain Filtering Basic Configuration.

The internet security levels of Level 1, Level 2, and Level 3 can be configured from the Access > Internet navigation menu in Administration portal.

Connect to OpenVPN Cloud now with three free connections

OpenVPN helps you easily create a secure, virtualized, reliable network that ensures secure communications between your networks, applications, devices, and workforce.