1. Home
  2. macOS
  3. How to Configure VPN on macOS using Hexnode MDM?

How to Configure VPN on macOS using Hexnode MDM?

A Virtual Private Network (VPN) improves security by redirecting network traffic via a virtual network. Moreover, VPN can route traffic only to the required apps. Hexnode allows the admin to configure VPN settings on Mac through the MDM console.

Configure VPN settings via policy

To configure VPN settings for your Mac via policy,

  1. Login to your Hexnode MDM portal.
  2. Navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an existing policy.
  3. Go to macOS > Network > VPN. Click Configure.
Settings Description
Connection name A name for the VPN configuration for identification in case multiple VPNs are configured.
Connection type Choose a connection type from the list. Further options will change according to the connection type you’ve chosen. L2TP (default), PPTP, IPSec (Cisco), Cisco AnyConnect, Juniper SSL, F5 SSL, SonicWALL Mobile Connect, Aruba VIA, Check Point Mobile VPN and Open VPN are the available options.
Server The server address of the VPN server.
Account The username required to get connected with the VPN. %name% and %email% wildcards can be used to use the username or email address respectively in this field.

Configuring L2TP

L2TP Connection

Settings Description
User authentication The method which a device can be authenticated with the VPN server. The two available options are Password and RSA SecurID (default).
Password
(If user authentication is selected Password)
Password required to connect to the VPN.
Shared secret A second password required to establish a connection. Also known as pre-shared key, the shared secret is previously known to the device and the VPN server, and no one else. This key is used just to establish a connection and not used for encryption.
Shared secret All network traffic will be sent through the VPN, disabled by default.

Configuring PPTP

PPTP Connection

Settings Description
User authentication Select how the device needs to be authenticated with the VPN server. The available options are Password and RSA SecurID (default).
Password
(If user authentication is selected Password)
The password to connect to the VPN server.
Encryption level Describe how secure the encryption should be. The available values are None (default), Automatic, Automatic (128 bit).
Send all traffic Send all network traffic through the VPN, disabled by default.

Configuring IPSec (Cisco)

IPSEC (Cisco)

Settings Description
Password The password required to connect to the VPN server.
Machine Authentication Two options are available: Certificate and Group Name/ Shared Secret (default).
Certificate
(If machine authentication is selected Certificate)
Select a certificate from the list. If no certificates are listed, upload the same at macOS > Security > Certificates and they’ll be listed here.
Include user PIN
(If machine authentication is selected Certificate)
Prompts the user to enter the PIN while the connection is made, disabled by default.
Group name
(If machine authentication is selected Shared secret/Group name)
The group name of the connection.
Shared secret A key known to the VPN server and the device which is used to establish a connection between the two.
Use hybrid authentication Use the group name, shared secret and a server-side certificate for authentication. disabled by default.
Prompt for password The device asks the user to provide a password to get authenticated to the VPN server, disabled by default.

Configuring Cisco AnyConnect

Cisco AnyConnect

Settings Description
Group The group name of Cisco AnyConnect VPN.
User authentication Select how the device needs to be authenticated with the VPN server. The available options are Password (default) and Certificate.
Password
(If user authentication is selected Password)
The password to authenticate to the VPN server.
Certificate
(If user authentication is selected Certificate)
Select the required certificate from the list if it is uploaded at macOS > Security > Certificates.

Configuring Juniper SSL

Juniper SSL

Settings Description
Realm The realm is the server to which the device needs to be connected.
Role Specify here the resources which the user can access.
User authentication Select how to authenticate with the VPN. The available options are Password (default) and Certificate.
Password
(If user authentication is selected Password)
The password for authenticating with the VPN server.
Certificate
(If user authentication is selected Certificate)
Select a certificate from the list. To have a certificate displayed here, upload it at macOS > Security > Certificates.

Configuring SonicWALL Mobile Connect

SonicWALL Mobile Connect

Settings Description
Login group or domain The name of the login group or domain.
User authentication Choose how to authenticate with the VPN. The available values are Password (default) and Certificate.
Password
(If user authentication is selected Password)
Provide the password associated with the VPN username.
Certificate
(If user authentication is selected Certificate)
Choose a certificate from the list. If no certificates are listed, upload them at macOS > Security > Certificates.

Configuring F5 SSL, Aruba VIA, Check Point Mobile VPN and Open VPN

F5 SSL, Aruba VIA, Check Point Mobile VPN and Open VPN

Settings Description
User authentication Select the method for authenticating with the VPN server. The available options are Password (default) and Certificate.
Password
(If user authentication is selected Password)
The password used for authenticating with the VPN server.
Certificate
(If user authentication is selected Certificate)
All certificates uploaded at macOS > Security > Certificates are displayed here. Select one from the list.

Setting up proxy

A proxy server secures a Mac from harmful external files and websites by acting as an intermediary between the device and the internet. All communication made between the device and the internet are made through the proxy server so harmful websites can be blocked.The available values are None, Manual and Automatic.

  • None: This means no proxy is configured thus making the device vulnerable to threats.
  • Manual: Set up the proxy configurations manually by providing the below details:
    • Server: The server address of the proxy server.
    • Port: The port number.
    • Authentication: The username to get authenticated with the proxy server.
    • Password: The password associated with the username provided above.
  • Automatic: Set up the proxy automatically by providing the proxy server URL and the rest will be handled by Hexnode.

Associate the policy to device/groups

If the policy has not been saved,

  1. Navigate to Policy Targets > +Add Devices.
  2. Choose the target devices and click Ok. Click Save.
  3. You can also associate the policy to device groups, users, user groups or domains from the left pane of Policy Targets tab.

If the policy has been saved,

  1. Go to Policies tab and choose the desired policy.
  2. Click on Manage drop-down and select Associate Targets.
  3. Choose the target entities and click Associate.
  •  
  •  
  •  
  •  
  •  

Was this article helpful?

Related Articles

Leave a Comment