OpenVPN

Use this setting to configure Samsung “OpenVPN net.openvpn.knox.connect” for Samsung Knox devices. This configuration is available only to limited customers as approved by Samsung. Contact Samsung to get the correct OpenVPN package. It is supported only on devices with the Samsung Knox option selected in the VPN setting.

Note The Following:  

  • Open VPN is NOT supported with a 3rd party Open VPN vendor that is not Samsung.
  • Open VPN config is supported with Samsung Knox without using VPN chaining.

Use the following guidelines to configure OpenVPN:

Table 1. OpenVPN settings

Item

Description

Name

Enter a short phrase that identifies this VPN setting.

Description

Provide a description that clarifies the purpose of these settings.

Channel

For macOS only. Select one of the following distribution options:

  • Device channel - the configuration is effective for all users on a device. This is the typical option.
  • User channel - the configuration is effective only for the currently registered user on a device.

Connection Type

Select OpenVPN.

Only fields relevant to OpenVPN are displayed.

Samsung Knox

Always select this option.

A VPN setting with this option selected cannot be successfully applied to a non-Samsung Android device.

This setting is ignored on non-Android devices.

Deploy inside Knox Workspace

Select this option to deploy the VPN client app inside the Knox Workspace (container). Deploying the app inside the container means that the Knox security platform protects the app and its data.

This option is available only if you select the Samsung Knox option.

See:

Configuring VPN modes when VPN client is outside the Knox container

Package Name

Applies to OpenVPN only.

Provide the Android package name of the OpenVPN client app: net.openvpn.knox.connect

Server

Enter the IP address, hostname or URL for the VPN server.

Username

Specify the user name. The default is $USERID$. You can specify a different variable, for example $EMAIL$.

User Authentication

Click the radio button for Password or Certificate to specify user authentication type.

If you select Password, specify the password to use. The default value is $PASSWORD$. You can specify a custom format, for example, $PASSWORD$_$USERID$. Other password formats available are:

If you select Certificate, specify Password, and then provide the two other settings added to the page:

Identity Certificate (required): Enter the identity certificate number.

CA Certificate (optional): Select the CA Certificate from the list of available certificates.

For more information, refer to the MobileIron Core Admin Guide.

VPN Chaining

Select Enable to set up VPN chaining with MobileIron Tunnel VPN. See "Configuring VPN chaining" in MobileIron Tunnel for Android Guide for Administrators.

Per-app VPN

Click Yes to set up per-app VPN inside the container, per-app VPN outside the container, and per-container VPN.

To use per-app VPN, a Samsung General Policy with a valid Samsung Knox license is required.

NOTE: When multiple labels are assigned to associate the selected VPN configurations in the Per-App VPN section, then VPN prioritization will happen in the order of the selected list.

Port

Applies to OpenVPN only. Enter the port number for the connection. (Required)

Protocol

Applies to OpenVPN only. Select from drop-down.

Cipher

Applies to OpenVPN only. Select from drop-down.

Packet Auth Digest

Applies to OpenVPN only. Select from drop-down.