17.4. WebVPN

WebVPN uses Apache Guacamole and is a clientless web remote desktop gateway.

You can find the WebVPN Settings at VPN → WebVPN.

Before you can use the WebVPN it has to be installed. You can install it at System → Addons.

17.4.1. WebVPN Settings

Enabled is false by default.

Hostname is vtair by default.

Web HTTPS Port is 443 by default.

Certificate can be configured which certificate will be used for the WebVPN Page.

2FA Enable Two Factor Authentication if the user has a TOTP Token enabled in VT AIR. If a user has not TOTP Token the 2FA won’t be inforced for them.

Logo is a file that can be uploaded and has to be in the PNG format. Users will see it on the WebVPN Page.

You can export the settings in the top right corner as an Excel spreadsheet.

You also need to make sure to add a Firewall Rule to allow access to the VT AIR on that Port. The Webserver is listening to the hostname for connections. The WebVPN is using HTTPS and a WebGUI to connect to all Servers.

WebVPN Settings

17.4.2. WebVPN Server Settings

To connect to a Server via the WebVPN you need to create it and assign to users.

Type can be RDP, SSH, Telnet or VNC. It is RDP by default.

Name can be configured and has to be unique.

Description is a description of the server.

Hostname has to be an IP Address or hostname of a server in your network that should be accessible through the WebVPN.

Port defaults to 3389 for RDP, 5900 for VNC, 22 for SSH and 23 for Telnet.

Username is optional. It will be asked on connection time if not set.

Password is the password for the username and is also optional. It will be asked on connection time if not set.

Domain is the domain to use when attempting authentication (RDP only).

Security can be Any, NLA, Extended NLA, TLS, VM Connect or RDP. It is Any by default.

Keyboard Layout is the default keyboard layout and is English (US) by default (RDP only).

Keepalive Interval allows you to configure the the interval in seconds at which the client connection sends keepalive packets to the server. The default is 0, which disables sending the packets. The minimum value is 2.

WebVPN Server

17.4.3. WebVPN User Settings

A WebVPN User connects a VTAIR user to a WebVPN server. Each user can have multiple servers. This is required for authentication.

WebVPN User

17.4.4. WebVPN Group Settings

A WebVPN Group connects a VTAIR user to a WebVPN server. Each group can have multiple servers. In case a user is already connected to a server via the WebVPN user settings, the config will be merged together.

WebVPN Group

17.4.5. WebVPN Usage

When you connect to the WebVPN you first need to login with the Users credential that was set in WebVPN. A User is either from VT AIR or an LDAP Authentication Server.

WebVPN Login

After the login you can see all available Servers for this User.

WebVPN GUI Server

If you select one of the servers, your browser will connect to it and you can login and interact with the server through the browser.

WebVPN SSH