VPN Client Settings can be found on a page that has the VPN component or under Fleet Manager > Tools > VPN Client. Both have a Details button, which opens the URL https://localhost:9250/ in a new tab. If a user doesn't have access to either one of them, the aforementioned link can also be used directly.
In the VPN Client Settings are configuration options for three specific scenarios:
- VPN traffic is filtered or blocked (use stealth mode)
- Slow VPN connection (VPN connection type)
- A proxy server is used to connect to the internet
VPN traffic is filtered or blocked (use stealth mode)
In some countries, browsing the internet is monitored or regulated for its inhabitants. As a result, using a VPN connection is blocked to enforce this regulation. The same can apply to a company network where using VPN is blocked by its firewall. In both scenarios, Stealth Mode can be used so the VPN Client can still set up a VPN connection. This is achieved by encapsulating the OpenVPN traffic in HTTPS. Instead of using the default HTTPS port 443, port 8443 will be used to connect to the VPN server. The additional settings for the Host (127.0.0.1) and Port (9255) can be left to their defaults.
Configuration
Performance and outgoing port
This option may decrease performance, so it should only be checked when applicable. Stealth mode uses outgoing port 9255 (TCP) on your computer, as mentioned in: How does the VPN client connect to the StrideLinx Cloud? (ports & protocols).
Stealth Mode
Stealth Mode on the VPN Client differs from Stealth Mode on the StrideLinx router. Stealth Mode can be enabled on the VPN Client when it is used in a censored network.
The following steps show you how to activate stealth mode for your VPN client.
- Open a new tab in your browser.
- Enter https://localhost:9250 in your webbrowser and press [Enter].
- Enable stealth mode. You can leave the default settings unchanged, but if the default port (9255) is already used on your computer you can freely change it.
Enabled
Everytime you now set up a VPN connection, the VPN client will use stealth mode. If you already had a VPN connection active, you will need to disconnect first.Stealth Mode can also be enabled on the StrideLinx router, by enabling the option under Fleet Manager > select device > Network > VPN. This option needs to be enabled when the StrideLinx router is located in a censored network. If the VPN Client is used in a censored network and the StrideLinx router isn't, Stealth Mode only needs to be enabled on the VPN Client. And if only the StrideLinx router is in a censored network, there is no need to enable Stealth Mode on the VPN Client.
Notes
- Instead of using Stealth Mode in a company network, it might be better to allow VPN traffic over port 443. However, in some companies, this just isn't allowed.
- Performance might decrease when using Stealth Mode. Therefore, it is advisable to only enable the option if it is really needed.
- Make sure that port 8443 is opened in the company firewall when Stealth Mode is used. For more information on ports and protocols, refer to the article How does the VPN client connect to the StrideLinx Cloud? (ports & protocols).
- Stealth Mode may be required in various countries, including, but not limited to: China, Russia, Iran, United Arab Emirates, Oman, Turkey, Iraq, Turkmenistan, Belarus, North Korea, and Uganda.
- It is legal to use Stealth Mode to access a company's own machine network, as VPN is only blocked to regulate or monitor internet access, which the machine network is no part off.
- In some countries, Stealth Mode won't work either. Instead, the VPN connection may need to be registered before a connection is possible, e.g. Pakistan.
- An active VPN connection needs to be disconnected before the change in Stealth Mode is applied.
- Stealth Mode is not available in the StrideLinx Cloud mobile app.
Slow VPN connection (VPN connection type)
This setting will not impact the stability of the VPN connection itself (i.e. VPN disconnects), but máy positively impact your connection to hardware behind the StrideLinx router (e.g. PLC, HMI, other) in select situations where this connection is either unstable or slow. The only way to determine whether it positively impacts your specific situation is to simply try it out.
Open the VPN Client settings, as explained in the beginning of the article, and change the "Connection type" to UDP.
Notes
- UDP does not work in combination with connection type "stunnel" (Stealth mode).
- Connection type UDP uses a different port (1194) than TCP (443). Make sure the device (StrideLinx router, StrideLinx Agent) can use this port. More information: How does the VPN client connect to the StrideLinx Cloud?
- An active VPN connection needs to be disconnected before the change to UDP is applied.
- UDP is not available in the StrideLinx Cloud mobile app.
A proxy server is used to connect to the internet
In some corporate networks, a proxy server is used to connect to the internet. In such networks, it is not possible to connect to the internet with an application or device without explicitly configuring a proxy server. This also applies to the VPN Client. The following proxy server settings can be entered under Proxy Server:
- Host: IP address of the proxy server
- Port: Port of the proxy server
- Proxy Type: Only HTTP is available
- Authentication Method: None or basic. The latter requires a Username and a Password
The following steps show you how to configure the proxy settings for your VPN client.
- Open a new tab in your browser.
- Enter https://localhost:9250 in your webbrowser and press [Enter].
- Enter the proxy server's host address and port number, and enter your credentials for the proxy server, if applicable.
Note
- An active VPN connection needs to be disconnected before the change in Proxy Server is applied.
- The option Proxy Server is not available in the StrideLinx Cloud mobile app.
- A proxy server can also be configured for the StrideLinx router. This only applies when the network where the StrideLinx router is located is using a proxy server.