UserVPN

This section provides the purpose, elements, and actions performed on the UserVPN pages.

VPN Gateways
Users
Profiles
Settings

Default VPN
Geo VPN

Purpose

The Default VPN page displays and manages standard VPN Gateways for user connectivity.Choose a Default VPN gateway when:

You only need VPN for a single VPC.
VPN users are in the same region or country.
You use peered VPCs with different VPN Gateways and want to restrict logins by geography.

Geo VPN does not let you pick which specific gateway a user uses. Restrict access with VPN profiles instead.

You deploy multiple VPN Gateways on Azure, GCP, or OCI and do not need load balancing across them.

You want more freedom to edit Gateways individually. Default VPN Gateways that share a load balancer are edited as a group; standalone Gateways (no load balancer) can be edited one at a time.

Elements

+ VPN Gateway button: Starts workflow to create a new VPN Gateway.
Diagnostics button: Opens tools to troubleshoot VPN gateway issues.
VPN Gateways table: Shows Default VPN Gateway Name, Load Balancer, VPC/VNet, VPN CIDR, Subnet CIDR, Public IP, and actions.
Edit button: Modify existing VPN Gateway settings.
Delete button: Remove an existing VPN Gateway.
Actions menu: Additional options for managing the VPN Gateway.

Actions

View Default VPN Gateways

To view the list of Default VPN gateways:

Go to Cloud Fabric > UserVPN > VPN Gateways.
Select the Default VPN tab.
The Default VPN page appears with a table of VPN gateways.
Review Gateway Name, Load Balancer, VPC/VNet, VPN CIDR, Subnet CIDR, and Public IP for each gateway.

The table displays all Default VPN gateways and their configurations.

Parameter Details

CoPilot Parameter Name	Description
Gateway Name	Name of the Default VPN gateway.
Load Balancer	Associated load balancer for the VPN gateway.
VPC/VNet	VPC or VNet where the VPN gateway is deployed.
VPN CIDR	CIDR block assigned for VPN clients.
Subnet CIDR	CIDR block of the subnet hosting the VPN gateway.
Public IP	Public IP address assigned to the VPN gateway.

Create Default VPN Gateway

To create a Default VPN gateway:

Go to Cloud Fabric > UserVPN > VPN Gateways.
Select the Default VPN tab.
Click + VPN Gateway.
The Create VPN Gateway dialog appears.
Provide Name, Cloud, Account, Region, VPC/VNet, Instance Size, and configure Instances (Subnet, Public IP, VPN CIDR). Optionally configure Split Tunnel and Load Balancer.
Click Save.

A notification appears when the VPN gateway is created. The gateway must be launched from a public subnet.

Edit Default VPN Gateway

To edit a Default VPN gateway:

Go to Cloud Fabric > UserVPN > VPN Gateways.
Select the Default VPN tab.
Locate the VPN gateway and click the Edit icon on the row.
The Edit VPN Gateway dialog appears.
Make the configuration changes needed.
Click Save.

A notification appears confirming the changes to the VPN gateway.

Delete Default VPN Gateway

To delete a Default VPN gateway:

Go to Cloud Fabric > UserVPN > VPN Gateways.
Select the Default VPN tab.
Locate the VPN gateway and click the Delete icon on the row.
Confirm the deletion in the dialog.

A notification appears when the VPN gateway is deleted.

Run Diagnostics

To troubleshoot VPN gateway issues:

Go to Cloud Fabric > UserVPN > VPN Gateways.
Select the Default VPN tab.
Click Diagnostics.
The diagnostics tools open.
Follow the diagnostic workflow to troubleshoot VPN gateway issues.

The diagnostics tools help identify and resolve VPN gateway connectivity issues.

Reload DHCP Configuration on a Default VPN Gateway

Reloading DHCP Configuration refreshes DNS on the Gateway from DHCP and updates the VPN Configuration. Updated DNS settings are pushed to VPN clients when they connect again.To reload DHCP Configuration:

Go to Cloud Fabric > UserVPN > VPN Gateways > Default VPN.
Locate the Default VPN Gateway and click the Actions menu (three dots).
Select Reload DHCP Configuration.

A notification appears when the DHCP Configuration is reloaded.

Change Default VPN gateways to Geo VPN

To change Default VPN Gateways to Geo VPN:

Go to Cloud Fabric > UserVPN > VPN Gateways.
Keep VPN Gateways selected.
Select the Geo VPN tab.
Open the + Geo VPN Gateway dropdown and select Use Default VPN for GeoVPN.
Click DNS and select the Default VPN Gateway to convert to Geo VPN.
Click Save.

A notification appears when the Default VPN Gateways are changed to Geo VPN.

Purpose

The Geo VPN page displays and manages geographically distributed VPN gateways for optimized user connectivity.Choose a Geo VPN Gateway when:

You have a large deployment across regions and need lower latency.
VPN users are in different countries.
You deploy VPN Gateways on AWS and use a load balancer.

You want every gateway in the group to use the same configuration (same AWS account, region, VPC, and so on). That model is simpler than many different configurations, but you cannot edit Gateways individually in the same way as standalone Default VPN Gateways.

Elements

+ Geo VPN Gateway button: Starts workflow to create a new Geo VPN Gateway.
Diagnostics button: Opens tools to troubleshoot Geo VPN gateway issues.
Geo VPN Gateways table: Shows Geo VPN Gateway Name, VPC/VNet, VPN CIDR, Subnet CIDR, Public IP, and actions.
Edit button: Modify existing Geo VPN gateway settings.
Delete button: Remove an existing Geo VPN gateway.
Actions menu: Additional options for managing the Geo VPN gateway.

Actions

View Geo VPN Gateways

To view the list of Geo VPN gateways:

Go to Cloud Fabric > UserVPN > VPN Gateways.
Select the Geo VPN tab.
The Geo VPN page appears with a table of Geo VPN gateways.
Review Geo Gateway Name, VPC/VNet, VPN CIDR, Subnet CIDR, and Public IP for each gateway.

The table displays all Geo VPN gateways and their configurations. Geo VPN is currently available for AWS cloud only.

Parameter Details

CoPilot Parameter Name	Description
Geo Gateway Name	Name of the Geo VPN gateway.
VPC/VNet	VPC or VNet where the Geo VPN gateway is deployed.
VPN CIDR	CIDR block assigned for Geo VPN clients.
Subnet CIDR	CIDR block of the subnet hosting the Geo VPN gateway.
Public IP	Public IP address assigned to the Geo VPN gateway.

Create Geo VPN Gateway

To create a Geo VPN gateway:

Go to Cloud Fabric > UserVPN > VPN Gateways.
Select the Geo VPN tab.
Click + Geo VPN Gateway.
The Create Geo VPN Gateway dialog appears.
Provide Name, Account, Region, VPC/VNet, Instance Size, and configure Instances. Configure ELB, VPN Protocol, Max Connections, and Authentication.
Click Save.

A notification appears when the Geo VPN gateway is created. Geo VPN uses latency-based routing to connect users to the nearest gateway.

Edit Geo VPN Gateway

To edit a Geo VPN gateway:

Go to Cloud Fabric > UserVPN > VPN Gateways.
Select the Geo VPN tab.
Locate the Geo VPN gateway and click the Edit icon on the row.
The Edit Geo VPN Gateway dialog appears.
Make the configuration changes needed.
Click Save.

A notification appears confirming the changes to the Geo VPN gateway.

Delete Geo VPN Gateway

To delete a Geo VPN Gateway:

Go to Cloud Fabric > UserVPN > VPN Gateways.
Select the Geo VPN tab.
Locate the Geo VPN gateway and click the Delete icon on the row.
Confirm the deletion in the dialog.

A notification appears when the Geo VPN Gateway is deleted.

Run Diagnostics

To troubleshoot Geo VPN Gateway issues:

Go to Cloud Fabric > UserVPN > VPN Gateways.
Select the Geo VPN tab.
Click Diagnostics.
The diagnostics tools open.
Follow the diagnostic workflow to troubleshoot Geo VPN Gateway issues.

The diagnostics tools help identify and resolve Geo VPN Gateway connectivity issues.

Reload DHCP Configuration

Go to Cloud Fabric > UserVPN > VPN Gateways > Geo VPN.
Locate the Geo VPN Gateway and click the Actions menu (three dots).
Select Reload DHCP Configuration.

A notification appears when the DHCP Configuration is reloaded.

Change Geo VPN Gateways to Default VPN

To change Geo VPN Gateways to Default VPN:

Go to Cloud Fabric > UserVPN > VPN Gateways.
Keep VPN Gateways selected.
Select the Geo VPN tab.
Locate the Geo VPN Gateway group. Click the Actions menu (three dots) on the row and select Move to Default VPN.
Click Save.

A notification appears when the Geo VPN Gateways are changed to Default VPN.

Purpose

The Users page creates and manages VPN users to connect to the VPN gateways.

Elements

+ VPN User button: Starts workflow to create a new VPN user.
Actions button: Additional options to Attach to VPN Gateway, Detach from VPN Gateway, Detach and Revoke Client Certificate, Reissue Client Certificate, and Delete.
Users table: Displays VPN user Name, Email, Profile, VPN Gateway, SAML Endpoint, Issue Date, and actions.
Edit button: Modify existing VPN user settings.
Delete button: Remove an existing VPN user.

Actions

View VPN Users

To view the list of VPN users:

Go to Cloud Fabric > UserVPN > Users.
The Users page appears with a table of VPN users.
Review Name, Email, Profile, VPN Gateway, SAML Endpoint, and Issue Date for each user.

The table displays all VPN users and their configurations.

Parameter Details

CoPilot Parameter Name	Description
Name	Name of the VPN user.
Email	Email address of the VPN user.
Profile	VPN profile assigned to the user.
VPN Gateway	VPN gateway the user is connected to.
SAML Endpoint	SAML endpoint URL for the user.
Issue Date	Date when the VPN user was created.

Create VPN User

To create a new VPN user:

Go to Cloud Fabric > UserVPN > Users.
The Users page appears.
Click + VPN User.
The Create VPN User dialog appears.
Provide Name, Email, and Profile. Optionally configure SAML endpoint and other settings.
Click Save.

A notification appears when the VPN user is created.

Edit VPN User

To edit a VPN user:

Go to Cloud Fabric > UserVPN > Users.
The Users page appears.
Locate the VPN user and click the Edit icon on the row.
The Edit VPN User dialog appears.
Make the configuration changes needed.
Click Save.

A notification appears confirming the changes to the VPN user.

Attach User to VPN Gateway

To attach VPN users to a VPN gateway:

Go to Cloud Fabric > UserVPN > Users.
The Users page appears.
Select one or more VPN users.
Click Actions > Attach to VPN Gateway.
Select the VPN gateway and complete the attachment.
Click Save.

The selected users are attached to the VPN gateway and can connect.

Detach User from VPN Gateway

To detach VPN users from a VPN gateway:

Go to Cloud Fabric > UserVPN > Users.
The Users page appears.
Select one or more VPN users.
Click Actions > Detach from VPN Gateway.
Confirm the detachment.
Click Save.

The selected users are detached from the VPN gateway.

Reissue Client Certificate

To reissue a client certificate for a VPN user:

Go to Cloud Fabric > UserVPN > Users.
The Users page appears.
Select one or more VPN users.
Click Actions > Reissue Client Certificate.
Confirm the action.

A new client certificate is issued for the selected users.

Delete VPN User

To delete VPN users:

Go to Cloud Fabric > UserVPN > Users.
The Users page appears.
Select one or more VPN users.
Click Actions > Delete, or click the Delete icon on a user row.
Confirm the deletion in the dialog.

A notification appears when the VPN users are deleted.

Purpose

The Profiles page defines VPN profiles that control user access policies and gateway assignments.

Elements

+ Profile button: Starts workflow to create a new VPN profile.
Profiles table: Displays UserVPN profile Name, Base Policy, Rules, Users, and actions.
Edit button: Modify existing VPN profile settings.
Delete button: Remove an existing VPN profile.

Actions

View VPN Profiles

To view the list of VPN profiles:

Go to Cloud Fabric > UserVPN > Profiles.
The Profiles page appears with a table of VPN profiles.
Review Name, Base Policy, Rules, and Users for each profile.

The table displays all VPN profiles and their configurations.

Parameter Details

CoPilot Parameter Name	Description
Name	Name of the VPN profile.
Base Policy	Base access policy assigned to the profile.
Rules	Number of access rules defined in the profile.
Users	Number of users associated with the profile.

Create VPN Profile

To create a new VPN profile:

Go to Cloud Fabric > UserVPN > Profiles.
The Profiles page appears.
Click + Profile.
The Create Profile dialog appears.
Provide Name, Base Policy, and configure access rules.
Click Save.

A notification appears when the VPN profile is created.

Edit VPN Profile

To edit a VPN profile:

Go to Cloud Fabric > UserVPN > Profiles.
The Profiles page appears.
Locate the VPN profile and click the Edit icon on the row.
The Edit Profile dialog appears.
Make the configuration changes needed.
Click Save.

A notification appears confirming the changes to the VPN profile.

Delete VPN Profile

To delete a VPN profile:

Go to Cloud Fabric > UserVPN > Profiles.
The Profiles page appears.
Locate the VPN profile and click the Delete icon on the row.
Confirm the deletion in the dialog.

A notification appears when the VPN profile is deleted.

Authentication
Advanced

Purpose

The Authentication tab configures VPN user authentication methods, including SAML endpoints and options for downloading the SAML VPN client and client certificate.

Elements

SAML card: Configure SAML authentication settings.
+ SAML Endpoint button: Starts workflow to add a new SAML endpoint.
Download SAML VPN Client and Client Certificate button: Enables or disables downloading of SAML VPN client and certificate.

Actions

View Authentication Settings

To view VPN authentication settings:

Go to Cloud Fabric > UserVPN > Settings.
Select the Authentication tab.
The Authentication page appears with SAML configuration and Download SAML VPN Client options.
Review configured SAML endpoints and the Download SAML VPN Client and Client Certificate setting.

The page displays all authentication-related settings for UserVPN.

Parameter Details

CoPilot Parameter Name	Description
SAML Endpoint	URL of the SAML identity provider for VPN authentication.
Download SAML VPN Client and Client Certificate	Option to enable or disable downloading of SAML VPN client and certificate.

Add SAML Endpoint

To add a new SAML endpoint for VPN authentication:

Go to Cloud Fabric > UserVPN > Settings.
Select the Authentication tab.
In the SAML card, click + SAML Endpoint.
The Add SAML Endpoint dialog appears.
Provide the SAML identity provider URL and required configuration.
Click Save.

The SAML endpoint is configured for VPN user authentication. Users authenticate via the SAML identity provider before connecting.

Configure Download SAML VPN Client and Certificate

To enable or disable self-service download of the SAML VPN client and client certificate:

Go to Cloud Fabric > UserVPN > Settings.
Select the Authentication tab.
Click Enable or Disable for the Download SAML VPN Client and Client Certificate option.
Select the SAML Endpoint and click Save.

When enabled, users can access the Download URL to obtain the VPN client and certificate after SAML authentication. Client Certificate Sharing must be configured first.

Purpose

The Advanced tab configures additional VPN settings for enhanced functionality, including User Accelerator, customized email and pop-up messages, and minimum client version requirements.

Elements

User Accelerator dropdown: Selects the VPN Gateways to use for User Accelerator.
Customized Email For Issuing User Certificate toggle: Enables or disables customized email for issuing user certificates.
Edit Customized Email button: Opens workflow to edit the customized email content.
Customized Pop-up Message When User Being Connected toggle: Enables or disables customized pop-up message when users connect.
Minimum Aviatrix VPN Client Version dropdown: Sets the minimum required Aviatrix VPN client version for users.

Actions

View Advanced Settings

To view advanced VPN settings:

Go to Cloud Fabric > UserVPN > Settings.
Select the Advanced tab.
The Advanced page appears with User Accelerator, Customized Email, Pop-up Message, and Minimum Client Version options.
Review the current configuration for each setting.

The page displays all advanced UserVPN settings.

Parameter Details

CoPilot Parameter Name	Description
User Accelerator	VPN Gateways selected for User Accelerator functionality.
Customized Email For Issuing User Certificate	Option to enable or disable customized email for issuing user certificates.
Customized Pop-up Message When User Being Connected	Option to enable or disable customized pop-up message when users connect.
Minimum Aviatrix VPN Client Version	Minimum required Aviatrix VPN client version for users.

Configure User Accelerator

To configure User Accelerator VPN Gateways:

Go to Cloud Fabric > UserVPN > Settings.
Select the Advanced tab.
In the User Accelerator dropdown, select the VPN Gateways to use for User Accelerator.
Click Save.

The selected VPN Gateways are used for User Accelerator functionality.

Configure Customized Email

To enable and customize the email for issuing user certificates:

Go to Cloud Fabric > UserVPN > Settings.
Select the Advanced tab.
Turn Customized Email For Issuing User Certificate to On.
Click Edit Customized Email to modify the email content.
The Edit Customized Email dialog appears.
Make the changes and click Save.

The customized email is used when issuing user certificates to VPN users.

Configure Customized Pop-up Message

To enable or disable the customized pop-up message when users connect:

Go to Cloud Fabric > UserVPN > Settings.
Select the Advanced tab.
Turn Customized Pop-up Message When User Being Connected to On or Off.
If On, configure the pop-up message content.
Click Save.

When enabled, users see the customized message when connecting to the VPN.

Set Minimum VPN Client Version

To set the minimum required Aviatrix VPN client version:

Go to Cloud Fabric > UserVPN > Settings.
Select the Advanced tab.
In the Minimum Aviatrix VPN Client Version dropdown, select the minimum version required for users.
Click Save.

Users must have the selected minimum client version or later to connect to the VPN.

Concepts & Architecture

Guides

Reference

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Concepts & Architecture

Guides

Reference

​Purpose

​Elements

​Actions

​Parameter Details

​Purpose

​Elements

​Actions

​Parameter Details

​Purpose

​Elements

​Actions

​Parameter Details

​Purpose

​Elements

​Actions

​Parameter Details

​Purpose

​Elements

​Actions

​Parameter Details

​Purpose

​Elements

​Actions

​Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details