In this page you find:
This page shows two tabs, which allow to manage local Users and Groups.
In this page, all users that have an account on the Endian Hotspot Appliance’s VPN server are displayed in the table, and for each the following information is shown:
Name. The name of the user.
Remark. A comment.
Authentication server. The server used for the user authentication.
Actions. The available operation that can be carried out on the account. They are Enable/Disable, Edit and Delete.
Click on Add new local user above the table to add a new local account. In the form that will show up, the following options can be specified for each user.
The login name of the user
An additional comment.
The password for the user, to be entered twice. The passwords are actually not shown: To see them, tick the two checkboxes on their right.
Select the mode to assign a certificate to the user. The available modes are selectable from the drop-down menu: Generate a new certificate, Upload a certificate, and Upload a Certificate signing request. Upon selection, below the drop-down menu appear the available options for each mode.
The Organisation Unit to which the user belongs to, i.e., the company, enterprise, or institution department identified with the certificate.
The organisation to which the user belongs to.
The city (L) in which the organisation is located.
The state or province (ST) in which the organisation is located.
The Country (C) in which the organisation is located, chosen from those in the selection menu. By typing one or more letters, matching countries are searched for and displayed.
The e-mail address of the user.
In this part of the panel it is possible to assign membership to one or more groups to the user. In the search widget it is possible to filter existing groups to find matching groups. Group membership is added by clicking on the + on the right of the group name. Groups to which the user belongs are show in the textfield below. There are also shortcuts to Add all and to Remove all groups memberships at once.
Tick this checkbox to allow the OpenVPN protocol to be used. This option will reveal a box in which to specify custom option for the account, see below.
Tick the checkbox to enable the user, i.e., to allow her to connect to the OpenVPN server on the Endian Hotspot Appliance.
If this option is checked, all the traffic from the connecting client, regardless of the destination, is routed through the uplink of the Endian Hotspot Appliance. The default is to route all the traffic whose destination is outside any of the internal zones (such as Internet hosts) through the client’s uplink.
For advanced users only. Normally, when a client connects, tunnelled routes to networks that are accessible via VPN are added to the client’s routing table, to allow it to connect to the various local networks reachable from the Endian Hotspot Appliance. This option should be enabled if this behaviour is not wanted, but the client’s routing tables (especially those for the internal zones) should be modified manually.
When this option is active, the client will have access to the GREEN, BLUE, or ORANGE zone. These options have no effect if the corresponding zones are not enabled.
This option is only needed if this account is used as a client in a Gateway-to-Gateway setup. In the box should be written the networks laying behind this client that should be pushed to the other clients. In other words, these networks will be available to the other clients.
Dynamic IP addresses are assigned to clients, but a static IP address provided here will be assigned to the client whenever it connects.
Assign custom nameservers on a per-client basis here. This setting (and the next one) can be defined, but enabled or disabled at will.
Assign custom search domains on a per-client basis here.
Note
When planning to have two or more branch offices connected
through a Gateway-to-Gateway VPN, it is good practice to choose
different subnets for the LANs in the different branches. For
example, one branch might have a GREEN zone with the
192.168.1.0/24 subnet while the other branch uses
192.168.2.0/24. Using this solution, several possible sources
for errors and conflicts will be avoided. Indeed, several
advantages come for free, including: The automatic assignment of
correct routes, without the need for pushing custom routes, no
warning messages about possibly conflicting routes, correct local
name resolution, and easier WAN network setup.
In this page a table is displayed, which shows all the groups that are either defined on the Endian Hotspot Appliance or on an external LDAP server. For each group the following information is shown:
Groupname. The name of the group.
Remark. A comment.
Authentication server. The server used for the user authentication.
Actions. The available operation that can be carried out on the account. They are Edit and Delete.
Click on Add new local groups above the table to add a new local group. In the form that will show up, the following options can be specified for each group.
The name given to the group.
A comment.
In this part of the panel it is possible to assign users to the group. in the search widget it is possible to filter existing local users to find matching users. Users are added to the group by clicking on the + on the right of the username. Users in the Group are shown in the textfield below. There are also shortcuts to Add all and to Remove all users to/from a group.
Tick this checkbox to allow the OpenVPN protocol to be used. This option will reveal a box in which to specify custom option for the account, which are the same as those specified for the local users.
Tick the checkbox to enable the user, i.e., to allow her to connect to the OpenVPN server on the Endian Hotspot Appliance.
Warning
While the same user can be legally part of one or more groups, care must be taken that the groups the user belongs to do not define contrasting override options. As an example, consider a user member of two groups, one allowing access only to the GREEN zone, and one only to the BLUE. In this case, it is not easy to predict whether that user will be granted or not access to the BLUE or GREEN zone. The management of these issues is left to the manager of the OpenVPN server.