How to remotely configure Barracuda/ CudaLaunch VPN using MDM?

Description

A Virtual Private Network (VPN) ensures only authorized users can access confidential corporate data, from any public network by transmitting all device-web communication on a secure channel. VPN also boosts productivity as it ensures employees can work from anywhere, without worrying about lack of access to specific resource/data. With remote work being adopted extensively, it has become mandatory for IT admins to configure VPN on mobile devices. Configuring VPN can be easily and efficiently done using MDM.

Steps

Follow the steps given below, to configure VPN plug-ins:

  • On the MDM console, click on Device Mgmt tab and select Profiles.
  • Choose the platform for which you want to configure VPN and click Continue.
  • Select the VPN tab and fill the requisite parameters for iOS/iPadOS devices or Samsung devices as explained below:

Policy Description

For iOS/iPadOS devices

PARAMETER DESCRIPTION
Connection type

Select IPSec (Cisco) as the connection type.

Connection name

Provide a name for the VPN connection to be configured

Server name/IP address Enter the Fully Qualified Domain Name or IP address of your VPN server
Account Specify the account that needs access to this VPN. Type %username% to get the appropriate user name, mapped to the device
Machine authentication Specify the authentication type as Shared secret or Certificate
Password Specify the password to be used for machine authentication
Group Name (If Shared secret is selected for authentication) Specify the group name to be used for identifying the group. The group must end with [hybrid] if Hybrid Authentication is enabled
Shared Key (If Shared secret is selected for authentication) Specify the pre-shared secret
Use Hybrid Authentication (If Shared secret is selected for authentication) Enable Hybrid Authentication, a secure alternative to the regular authentication used
Prompt for password (If Shared secret is selected for authentication) Enable/Disable prompting password from the user
Identity Certificate (If Certificate is selected for authentication) Specify the identity certificate to be used for certificate-based authentication. You can also use SCEP for this.
Include user PIN (If Certificate is selected for authentication) Specify whether the User PIN must be included or not.
Enable On-Demand VPN

Enabling On-Demand VPN ensures that a device not present in the corporate network, will be automatically connected to VPN whenever the specified list of server/domains are accessed. If you specify multiple domain names, they should be comma separated.

Proxy  Configure the proxy settings to be used for this VPN connection

For more information, refer here

For Samsung devices

PARAMETER DESCRIPTION
Connection type

Select IPSec Xauth PSK as the connection type.

Connection name

Provide a name for the VPN connection to be configured

Server name/IP address Enter the Fully Qualified Domain Name or IP address of your VPN server
User Name Enter the dynamic variable %username% to get the user name, mapped to the device
Password Specify the password to be used for user authentication
Shared Secret Specify the pre-shared secret
IPSec Identifier Specify the name of the group of the VPN server, to which the user is assigned.
Always on VPN Enable this option to maintain a persistent connection between the managed devices and your organizational network, without the need to manually initiate VPN connection everytime. Applicable only for Device Owner devices.
VPN Lockdown When the configured VPN is disconnected/unavailable, enabling this restricts access to other networks, including mobile data. VPN Lockdown can be configured only when Always On VPN is enabled.
DNS Server(s) Specify the Fully Qualified Domain Name or IP Address of your internal DNS server to be used, once the VPN connection is established. You can specify several DNS servers, separating them with comma.
Forwarding Route(s) Specify the forwarding route if you want to send the traffic through the VPN interface to the destination addresses. If the route is not specified, all network traffic will pass through the VPN connection.