UserVPN Settings

This document describes the settings you can configure on the Cloud Fabric > UserVPN > Settings tab.

SAML Endpoint

You configure the SAML Endpoint as part of authenticating VPN users.

Download SAML VPN Client and Client Certificate

This feature only applies to a VPN client using SAML authentication.

It allows users to download the .ovpn VPN connection cert file and the VPN client installer in a self-service manner.

Before enabling the option, you must configure Client Certificate Sharing.

Click Enable to copy the Download URL link and send the link to your VPN users. You must select the SAML Endpoint and then click Save.

When accessing the URL link, a VPN user is redirected to SAML IDP for authentication. Only after authentication, a user is allowed to access for VPN software download.

Two files, the Aviatrix VPN client software and the UserVPN certificate (.ovpn file), are downloaded. Install the client package to start the VPN client software and then load the client certificate to connect to the cloud network.

Only one load balancer is supported on a given Aviatrix Platform, implying that the system supports a fleet of UserVPN gateways behind one load balancer.
Client Certificate Sharing must be enabled for the UserVPN solution, implying you must first configure the VPN user on SAML IDP and on the Aviatrix Platform you need to configure only one VPN user.

User Accelerator

The VPN User Accelerator leverages the AWS Global Accelerator to connect VPN users to the nearest AWS Edge location access point and traverse the AWS backbone to the VPN Gateway. You can enable this option to reduce VPN user access latency.

When this feature is enabled, the VPN user source address is masked out by AWS.
User Accelerator is only available for AWS VPN Gateways that use ELB (Elastic Load Balancers).

To configure:

First launch a VPN Gateway by following the instructions.
Go to Aviatrix CoPilot > Cloud Fabric > UserVPN > select the Settings tab.
Scroll down to User Accelerator. Click on the VPN Gateway(s) field and select the name of AWS VPN gateways that will use the accelerator.

The new User Accelerator will reflect on the ovpn file’s remote field.
For pre-existing users, the ovpn file has to be re-downloaded in order for AWS Global Accelerator to be reflected as the new remote endpoint.

Customizing Email for Issuing User Certificate

The Customized Email for Issuing User Certificate feature allows users to customize the email sent to new VPN users after their accounts are created. This feature enables you to write your own email messages for compliance reasons.

To configure this feature:

Go to Aviatrix CoPilot > CloudFabric > UserVPN > select the Settings tab.
Scroll down to Customized Email for Issuing User Certificate and turn the setting on.
Click Edit Customized Email.
Enter an Attachment File Name and Email Content. Click Save.

Your customized email is saved.

Customized Pop-Up Message When User Being Connected

The Customized Pop-Up Message When User Being Connected feature allows users to customize pop-up messages after a VPN user is connected. This feature enables you to write your own messages for compliance reasons.

To configure this feature:

Go to Aviatrix CoPilot > CloudFabric > UserVPN > select the Settings tab.
Scroll down to Customized Pop-Up Message When User Being Connected and turn it on.
Enter a custom message and click Save.

The custom pop-up message is saved.

To view the usage notification, ensure that you are running Aviatrix VPN Client version 2.9 or higher.

Minimum Aviatrix VPN Client Version

The Minimum Aviatrix VPN Client Version feature allows users to set a minimum Aviatrix VPN client software version that is allowed to connect successfully.

To configure:

Go to Aviatrix CoPilot > CloudFabric > UserVPN > select the Settings tab.
Scroll down to Minimum Aviatrix VPN Client Version and click on the dropdown menu. Select the minimum version and click Save.

The minimum client version is saved.