A ZTNA Solution That’s IoT-friendly

Cloud Connexa supports both ZTNA and IoT device communication.

Secure Remote Access IoT Device Connectivity in a Single Solution

ZTNA solutions are built to ensure distributed, remote, and hybrid workforces have access to applications, but most don’t help IoT/IIoT devices communicate with application servers. Cloud Connexa allows you to create a secure virtualized business network that expands protection beyond your perimeter while providing the tools and capabilities needed to build a strong zero trust network.


Ensure your distributed workforce and IoT/IIoT devices have secure access to services they need while protecting them from cyberattacks.

Cloud Connexa, our cloud-based virtual networking platform, includes built-in security functions essential to robust, reliable security in addition to supporting every major device operating system to provide interoperability for IoT/IIoT devices.

  • Restricted Internet Access

    Restricted Internet Access, a built-in Cloud Connexa feature, allows you to block all internet access for select user groups and networks, except to the trusted configured internet destination, thus reducing the potential attack surface and shielding users from cyber threats.

  • Digital Certificate Authentication

    Always-on unattended connections are supported by mutual authentication using digital certificates, so username and password credentials aren’t needed to authenticate connections.

  • Persistent IP Addresses

    Assigned tunnel IP address doesn’t change, despite disconnections, so a consistent mapping of device identity to tunnel IP address makes communication with a specific device easier for traffic control and management.

  • Router Support and Compatibility

    Popular routers — DD-WRT, OpenWrt, pfSense, Teltonika, Ubiquiti — support the OpenVPN tunneling protocol, simplifying connections between IoT/IIoT devices and CloudConnexa.

  • API and Terraform IaC

    Use Application Programming Interface (API) or Terraform Infrastructure-as-Code (IaC) for rapid system deployment and automated management.

  • Application Domain-based Routing

    Use Cloud Connexa to create an overlay network that connects all IoT networks, despite IoT routers with overlapping preset IP address ranges, with our application domain-based routing.


You can find a full list of compatible routers in OpenVPN Compatible Routers User Guides.

OpenVPN Connect client is supported on Windows, MacOS, Android and iOS. Open source client is available for Linux. To download, go here.

Domain-based routing is a Cloud Connexa feature that allows network administrators the ability to route traffic to different connected networks using FQDN (Fully Qualified Domain Names) assigned to applications hosted in those networks instead of using the network’s IP address subnets. To learn more about domain-based routing, read Cloud Connexa Launches Domain Routing Feature.

Cloud Connexa API provides developers access to many Cloud Connexa components such as Connectors, DNS Records, Devices, Hosts, and Networks, as well as manage OAuth (2.0), Users, User Groups, Access Groups, and Regions. To learn more read Cloud Connexa API User Guidance (beta).

Split Tunnel is a configuration setting of the tunnel that connects the device to Cloud Connexa. It can be set to select what kind of traffic is sent through the tunnel. All traffic (even internet traffic) is sent through the tunnel when set to OFF. When set to ON, only specific traffic configured to be routed to Cloud Connexa enters the tunnel, and general internet traffic does not.

You can find the Cloud Connexa Terraform Provider at https://github.com/OpenVPN/terraform-provider-openvpn-cloud.

The OpenVPN protocol is used for connecting and tunneling traffic to the WPC. The IP address assigned to the tunnel inner address is called ‘Tunnel IP Address.’ The Tunnel IP Addresses for all user devices and Connectors are assigned from the configured WPC Subnet range.

Get Started for Free

Cloud Connexa comes with three free connections, no credit card required.