Ryan Sebo
asked on
Specific VPN usage (macOS, iOS)
How to make a mac/iOS device connect to a VPN (ExpressVPN) only when not connected to a specific wifi network (our company network)?
As David covered.
Usually, you do not want remote vpns to auto connect to work networks.
Other VPN clients when they see a request to an ip range defined in the VPN client policy that would then trigger the initiation of the connection, commonly prompting the user for credentials.
I'll rely on David's knowledge in regards to the mentioned VPN client.
Usually, you do not want remote vpns to auto connect to work networks.
Other VPN clients when they see a request to an ip range defined in the VPN client policy that would then trigger the initiation of the connection, commonly prompting the user for credentials.
I'll rely on David's knowledge in regards to the mentioned VPN client.
ASKER
Do you know of any VPN services that allow you to set connection rules?
VPN connection is up to the user. with remote VPN is commonly from anywhere, but you can on your resource/FW restrict from where a remote VPN connection can be made, though in this situation you would have to continually update when the users whose WAN IP is randomly changed by their provider.
much depends on the options on the device you manage.
much depends on the options on the device you manage.
ASKER
I'm looking for a way to have the company laptops connect to a VPN service whenever they are not connected to the company access point and disconnect from the VPN service whenever they are connected to the company access point.
The purpose is security, they do not need to remotely connect to the company network.
The purpose is security, they do not need to remotely connect to the company network.
Usually, you would not want to have laptops have automatic credentials to access the corporate VPN.
Usually, you would want the user to authenticate as a second step.
Depending on the Firewall and VPN client in use. A Cisco client includes the policy that defines what traffic should flow over the VPN and when that traffic is seen on the system, it triggers the application that will prompt the user for credentials.
Usually, you would want the user to authenticate as a second step.
Depending on the Firewall and VPN client in use. A Cisco client includes the policy that defines what traffic should flow over the VPN and when that traffic is seen on the system, it triggers the application that will prompt the user for credentials.
I do know that Cisco AnyConnect will automatically disconnect when you're on the internal corporate network as does GlobalConnect for PAN networks. That's because DNS is set to not resolve the external VPN link and the IP is also blocked from internal connections.
You could set the DNS to express VPN to resolve to nothing or to resolve to a dummy link. That way, you force the connection to drop. You could also set a firewall block on expressVPN hosts, although there may be too many to easily list. This would be a work around since you're not using a PAN, or Cisco ASA, or Fortigate, or other local firewall/gateway/VPN/etc..
You could set the DNS to express VPN to resolve to nothing or to resolve to a dummy link. That way, you force the connection to drop. You could also set a firewall block on expressVPN hosts, although there may be too many to easily list. This would be a work around since you're not using a PAN, or Cisco ASA, or Fortigate, or other local firewall/gateway/VPN/etc..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1) Contact ExpressVPN + ask for instructions about how to leave your VPN installed, just completely disable VPN packet flow.
2) When you'd like to connect at a faster speed (usual reason for doing this), run a script which runs the disable command (which can usually be committed to a command line script).
3) If ExpressVPN doesn't provide this feature, you'll likely have to change VPNs.
Note: Most VPNs provide a simple way to do this.