OpenVPN

This VPN connection type is supported on Android devices.

With Samsung Android 10 and above devices, OpenVPN support has been deprecated by Samsung.

Use the OpenVPN connection type to configure Samsung “OpenVPN net.openvpn.knox.connect” for Samsung Knox devices. This configuration is available only to limited customers as approved by Samsung. Contact Samsung to get the correct OpenVPN package. It is supported only on devices with the Samsung Knox option selected in the VPN setting.

Open VPN is NOT supported with a third-party Open VPN vendor that is not Samsung.

Open VPN is supported with Samsung Knox without using VPN chaining.

Use the following guidelines to configure OpenVPN:

**Table 63.** OpenVPN settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: Device channel - the configuration is effective for all users on a device. This is the typical option. User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select OpenVPN. Only fields relevant to OpenVPN are displayed.
Samsung Knox	Always select this option. A Samsung Knox license is required. A VPN setting with this option selected cannot be successfully applied to a non-Samsung Android device. This setting is ignored on non-Android devices.
Deploy inside Knox Workspace	Select this option to deploy the VPN client app inside the Knox Workspace (container). Deploying the app inside the container means that the Knox security platform protects the app and its data. This option is available only if you select the Samsung Knox option. See Configuring VPN modes when VPN client is outside the Knox container
Package Name	Provide the Android package name of the OpenVPN client app: net.openvpn.knox.connect
Server	Enter the IP address, hostname or URL for the VPN server.
Username	Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: •$USERID$:$EMAIL$ •$USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. Some enterprises have a strong preference concerning which identifier is exposed.
User Authentication	Click the radio button for Password or Certificate to specify user authentication type. If you select Password, specify the password to use. The default value is $PASSWORD$. You can specify a custom format, for example, $PASSWORD$_$USERID$. Other password formats available are: If you select Certificate, specify Password, and then provide the two other settings added to the page: •Identity Certificate (required): Enter the identity certificate number. •CA Certificate (optional): Select the CA Certificate from the list of available certificates.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.
VPN Chaining	Select Enable to set up VPN chaining with Tunnel VPN. See "Configuring VPN chaining" in Ivanti Tunnel for Android Guide.
Per-app VPN	When selecting this option, a Samsung Knox license is required.
Proxy Server Port	Enter the port number for the connection. (Required)
Protocol	Select from drop-down.
Cipher	Select from drop-down.
Packet Auth Digest	Select from drop-down.