Axcient Help Center

Virtual Private Network (VPN) Settings

To configure or edit VPN settings:

  1. On the Configure: Virtual Office page, click the Edit button in the VPN section.

    configure_vpn.png
  2. In the VPN section of the screen, enter a value for one or more of the following fields:

    1. Enable the VPN setting to turn on VPN.

    2. Enable the Split Tunneling setting to route the VPN user’s Internet access through their device. Alternatively, disable to route all Internet traffic through the Virtual Office.

    3. In the VLAN IP field, enter the IP address that gets assigned to the virtual network interface inside the failover network. This address must be an unused IP address.

    4. In the Client IP Range field, enter the range of available IP addresses that are assigned to connecting VPN users. This range must not conflict with any devices in the Virtual Office.

    5. In the User Authentication section of the screen, select the preferred method of VPN authentication.

      configure-vpn.png
  3. Click the Active Directory radio button to integrate with Active Directory, which enables users to connect through VPN using their known Active Directory credentials. If you select this option, you will be prompted to configure the following fields:

    1. In the Active Directory server field, enter the IP address of the Active Directory server.

    2. In the Active Directory Domain field, enter the domain name of the Active Directory server.

    3. In the Domain Administrator Username field, enter the username of the Active Directory administrative user.

    4. In the Domain Administrator Password field, enter the password of the Active Directory administrative user.

    5. In the Connection Type field, use the radio buttons to select your preferred connection type, including: Unencrypted, LDAPS, or Start TLS.

      Please note that if you select LDAPS or the Start TLS method, you must also configure the Active Directory Certificate Services role on the domain controller. For more information, please reference the Configuring Active Directory Certificate Services Settings section below.

      ADIntegration.png
  4. Alternatively, in the User Authentication section of the screen, click the Direct radio button to manually create login credentials for users to connect through VPN. If you select this option, you will be required to configure the following fields:

    1. In the Username field, enter a username needed for users to connect through VPN.

    2. In the Password field, enter a password needed for users to connect through VPN.

      DirectIntegration.png
  5. Click the Save button when you are finished.

Configuring Active Directory Certificate Services Settings

When configuring VPN connection settings, you can optionally integrate with Active Directory for authentication purposes. This option requires that you select a connection type, including Unencrypted, LDAPS (LDAP over SSL/TLS), or Start TLS. LDAPS and Start TLS connection types both require that you set up the Active Directory Certificate Services role on the domain controller.

Please note that LDAPS (LDAP over SSL/TLS) is automatically enabled when you install an Enterprise Root CA on a domain controller.

To set up the Active Directory Certificate Services role on the domain controller:

  1. On the domain controller, start the Service Manager and select Add Roles and Features. The Add Roles and Features Wizard displays.

    ADCS1.png
  2. In the Wizard, click the series of Next buttons until you reach the Select server roles screen. On the Select server roles screen, click the Active Directory Certificate Services checkbox and then click the Next button to continue.

    ADCS4.png
  3. Continue through the Wizard until you reach the Select role services screen. On the Select role services screen, click the Certification Authority checkbox and then click the Next button to continue.

    ADCS5.png
  4. On the Setup Type screen, click the Enterprise CA radio button and then click the Next button to continue.

    ADCS7.png
  5. On the CA Type screen, click the Root CA radio button and then click the Next button to continue.

    ADCS8.png
  6. On the Private Key screen, click the Create a new private key radio button and then click the Next button to continue.

    ADCS9.png
  7. On the Cryptography for CA screen, configure the following settings:

    1. In the Select a cryptographic provider drop-down menu, select RSA #Microsoft Software Key Storage Provider.

    2. In the Key length drop-down menu, select 2048.

    3. In the Select the hash algorithm scroll-down menu, select SHA1.

    Click the Next button to continue.

    ADCS10.png
  8. On the CA Name screen, configure settings for the certificate authority (CA). Click the Next button to continue.

    Continue through the Wizard until you successfully configure the Active Directory Certificate Services role, and then click the Close button when you are finished.

    ADCS11.png

Note

For alternative instructions, please reference the LDAP over SSL (LDAPS) Certificate Microsoft TechNet article.