SSL VPN Client Configuration

Welcome to Ecessa Support, we have a variety of technical information and tools for a variety of solutions. If you aren't finding a solution, or would like to talk to a technical support team member, please call 800-669-6242.

See Ecessa's full line of products and solutions

The following section describes how to set up a client to communicate with an Ecessa SSL VPN server.  The Ecessa device can also generate the appropriate OpenVPN configuration file and export a zip or tar+gzipped file containing the configuration file and PKCS12 certificate.

Exporting a Client Configuration

  1. Navigate to ‘VPN’ under the ‘Advanced Setup’ section on the left hand menu.
  2. Click the link ‘SSL VPN Clients’.
  3. Next click on ‘Export Client Configurations’.
  4. Select the desired SSL VPN SA from the dropdown ‘SSL Connection Name’.
  5. ‘Export Format’ can be chosen from the dropdown.
    1. This is used for compression of the files. ZIP is common for Windows, though TAR-GZIP is suitable for Linux or MAC clients.
  6. Click the ‘Add’ button under ‘ShieldLink/ClariLink Clients’.
  7. Type the client name under ‘Custom Name’ or select a configured client (*) from the dropdown ‘Client Name’.
  8. Select the certificate to be used from the dropdown ‘Certificate’
    1. A configuration file alone can be exported if ‘Custom Certificate’ is used.
  9. Click the button ‘Export Configuration(s)’
    1. A dialog box will prompt for a location to save the zip/tgz file.

Creating a Client Specific Configuration

Creating a specific client configuration is optional but gives the added benefit of making additional subnets available to the client. This can be done on a per-client basis. Optionally, if the client is capable of IP forwarding, LAN subnets can be opened on the client side to be made accessible to the server.

  1. Navigate to ‘VPN’ under the ‘Advanced Setup’ section on the left hand menu.
  2. Click the link ‘ SSL VPN Clients’.
  3. Click the button ‘Add’.
  4. The ‘Name’ field should match that of the Common Name of the client certificate.
  5. Under ‘Private Networks’ click ‘Add’.
    1. Enter the subnet in CIDR notation to be made available to the client.
  6. If IP forwarding is available on the client and exposure to their local LAN is desirable ‘Add’ subnet information in CIDR notation.
  7. Click the ‘Activate’ button at the bottom of the page.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.