1. Home
  2. Android
  3. How to configure VPN Settings on Android Devices using Hexnode MDM

How to configure VPN Settings on Android Devices using Hexnode MDM

A Virtual Private Network (VPN) enhances security by allowing the users to send data through a private network. A private network is created virtually across the public network and the interaction is done via this virtual network. Hexnode MDM allows you to configure VPN for Android Devices.

Notes:

  • This feature is available on all subscription plans except Express plan.
  • VPN can be configured only on Samsung Knox Devices.


Warning:


VPN won’t be configured if the device is not secured with a password. If the password is not set on the device and once the VPN policy has been associated, a prompt appears to set the password. VPN can then be configured after setting a device password.

To Configure VPN

  1. Login to your Hexnode MDM Portal.
  2. Go to Policies.
  3. Select an existing policy or create a new one by clicking on New Policy.
  4. From Android > Networks, select VPN and click on Configure.

You will have the following options to be configured.


configure vpn for android devices using hexnode mdm

Settings Description
Profile Name Provide a name to identify VPN on the device.
Server Provide the domain name of the server or the IP address of the server.
Connection Type Select the connection type to be used. The remaining settings changes in accordance with the selected connection type. The available connection types are PPTP, L2TP/IPSec PSK, IPSec Xauth PSK, IPSec IKEv2 PSK, L2TP/IPSec RSA, IPSec Xauth RSA, IPSec Hybrid RSA and IPSec IKEv2 RSA.
Username Provide the Username for authenticating the VPN Server.
Password Provide the password of the account used for authenticating the VPN Server.

The following options will be enabled when Show advanced options is clicked.

Settings Description
DNS search domains Provide the internal DNS domain to be used, once the connection is made.
DNS servers Provide the internal DNS server to be used, once the connection is made.
Forwarding routes Provide the forwarding route to send the traffic through the VPN interface to the destination. The route can be provided either for your network alone or for all the traffic.

Based on the Connection Type selected, you will have the following options to be configured.

Configuring PPTP Connection

PPTP Connection

PPTP Settings Description
PPP encryption (MPPE) Check this option to enable PPP (Point-to-Point Protocol) encryption on the android devices.

Configuring L2TP/IPSec PSK Connection

L2TP/IPSec PSK Connection

L2TP/IPSec PSK Settings Description
Always-on Check this option to always enable VPN connection.
L2TP secret A second password required to establish a connection. Also known as pre-shared key, the shared secret is previously known to the device and the VPN server, and no one else. This key is used just to establish a connection and not used for encryption.
IPSec pre-shared key Provide the pre-shared key for IPSec connection type. This key is used only for authentication and not for encryption.
IPSec Identifier Provide the IPSec Identifier to establish the VPN authentication.

Configuring IPSec Xauth PSK Connection

IPSec Xauth PSK Connection

IPSec Xauth PSK Settings Description
Always-on Check this option to always enable VPN connection.
IPSec pre-shared key Provide the pre-shared key for IPSec connection type. This key is used only for authentication and not for encryption.
PSec Identifier Provide the IPSec Identifier to establish the VPN authentication.

Configuring IPSec IKEv2 PSK Connection

IPSec IKEv2 PSK Connection

IPSec IKEv2 PSK Settings Description
Always-on Check this option to always enable VPN connection.
IPSec pre-shared key Provide the pre-shared key for IPSec connection type. This key is used only for authentication and not for encryption.
IPSec Identifier Provide the IPSec Identifier to establish the VPN authentication.

Configuring L2TP/IPSec RSA Connection

L2TP/IPSec RSA Connection

L2TP/IPSec RSA Settings Description
Always-on Check this option to always enable VPN connection.
L2TP secret A second password required to establish a connection. Also known as pre-shared key, the shared secret is previously known to the device and the VPN server, and no one else. This key is used just to establish a connection and not used for encryption.
Ca Certificate Select the Certificate Authority (Ca) trusted certificate to be used for establishing L2TP/IPSec RSA connection. This certificate must be previously uploaded under Android > Security > Certificates.
User Certificate Select the User certificate required for establishing L2TP/IPSec RSA connection. This certificate must be previously uploaded under Android > Security > Certificates.

Configuring IPSec Xauth RSA Connection

IPSec Xauth RSA Connection

IPSec Xauth RSA Settings Description
Always-on Check this option to always enable VPN connection.
Ca Certificate Select the Certificate Authority (Ca) trusted certificate to be used for establishing IPSec Xauth RSA connection. This certificate must be previously uploaded under Android > Security > Certificates.
User Certificate Select the User certificate required for establishing IPSec Xauth RSA connection. This certificate must be previously uploaded under Android > Security > Certificates.

Configuring IPSec Hybrid RSA Connection

IPSec Hybrid RSA Connection

IPSec Hybrid RSA Settings Settings
Always-on Check this option to always enable VPN connection.
Ca Certificate Select the Certificate Authority (Ca) trusted certificate to be used for establishing IPSec Hybrid RSA connection. This certificate must be previously uploaded under Android > Security > Certificates.

Configuring IPSec IKEv2 RSA Connection

IPSec IKEv2 RSA Connection

IPSec IKEv2 RSA Settings Description
Always-on Check this option to always enable VPN connection.
User Certificate Select the User certificate required for establishing IPSec IKEv2 RSA connection. This certificate must be previously uploaded under Android > Security > Certificates.

To Associate Policies to Devices / Groups

If the policy has not yet been saved.

  1. Navigate to Policy Targets.
  2. Click on +Add Devices.
  3. Select the devices and click OK.
  4. Click on Save to apply the policies to devices.

Apart from devices, you can also associate the policies to device groups, user and user groups from Policy Targets.

If the policy has been saved, you can associate it by another method.

  1. From Policies, check the policies to be associated.
  2. Click on Manage → Associate Targets and select the device.
  3. Click on Associate to apply policy to the devices.
  •  
  •  
  •  
  •  
  •  

Was this article helpful?

Related Articles

Leave a Comment