Configuring Aviatrix User SSL VPN

Aviatrix provides a cloud native and feature rich client VPN solution. The solution is based on OpenVPN® and is compatible with all OpenVPN® clients. In addition, Aviatrix provides its own client that supports SAML authentication directly from the client.

image0

Note

Only AWS is drawn in the diagram, but this feature applies equally to Azure and Google Cloud.

Configuration Workflow

Important

This document assumes you have set up an Aviatrix Controller. Please see this guide for more details.

There are 2 steps to setting up User VPN connectivity:

  1. Create a VPN Gateway
  2. Add a user

You can also watch a video to learn how to setup remote user VPN. The video is not up to date as the product graphics has changed, but the idea remains the same.

Create a VPN Gateway

Note

The description in the steps below provides critical fields to get you started. You can make changes to setup advanced features such as MFA and profile based access later.

  1. Login to the Aviatrix Controller

  2. Launch a gateway with VPN capability

    1. In the left navigation bar, click Gateway

    2. Click on the + New Gateway button at the top of the page.

      imageSelectGateway

      Important

      You will need a public subnet in the VPC where the Gateway will be provisioned. Be sure to provision a new one or identify the correct one prior to starting this step.

    3. Select the Cloud Type and enter a Gateway Name.

    4. Once the Account Name is selected, select the appropriate Region and VPC.

    5. After selecting the desired VPC ID, select the Public Subnet where the Gateway will be provisioned.

    6. Select the Gateway Size (t2.micro is sufficient for most test use cases).

      imageCreateGateway

    7. Select VPN Access. Leave the Advanced Options unselected.

      imageSelectVPNAccess

      Note

      Leave the Advanced Options unselected as you can configure it later.

    8. By default, NLB will be enabled, meaning you can create more vpn gateways that are load balanced by the ELB. (ELB will be automatically created by Aviatrix.)

    9. If you wish to create more of such VPN gateways (for example, behind ELBs for load balancing), click Save Template.

    10. Click OK to create the Gateway.

      Note

      Once you click OK, the Gateway will be provisioned and all the configuration will be applied. This will take a minute or two.

VPN Users

Users can be added manually or sync’d from an existing LDAP server.

  1. Login to the Aviatrix Controller

  2. Expand OpenVPN® on the left navigation bar

  3. Select VPN Users

    imageOpenVPNUsers

Create VPN Users

  1. Click + Add New

  2. Select the VPC ID where this user should be attached. The associated load balancer will appear in the LB/Gateweay Name

  3. Enter the User Name and User Email

  4. Click OK

    Note

    When a user is added to the database, an email with .ovpn file or .onc (for Chromebooks) will be sent to the user with detailed instructions.

    imageAddNewVPNUser

Conclusion

You now have a working Aviatrix VPN Gateway. Users can connect and gain access to their cloud resources.

Detailed audit logs are maintained and available in various logging platforms.

Note

Audit reports are best viewed in Aviatrix Splunk Application

OpenVPN is a registered trademark of OpenVPN Inc.