User configuration

A user represents a client certificate that is generated using the CA certificate from the users organization.


Below is a table of the user settings.

NameThe name of user. When using single sign-on this should not be changed.
EmailEmail address of user. This will be used to set the Gravatar image for the user and for emailing the users configuration. When using single sign-on this should not be changed.
GroupsList of groups to associate with user. Group names are case sensitive.
PinThe user pin. This will be required when connecting to a vpn server. The user can also set this on the profile download page.
Port ForwardingComma separated list of ports to forward. Format can be source_port:dest_port/protocol or start_port:end_port/protocol. The destination port can be left out if it is the same as the source port. If the protocol is not included both tcp and udp will be forwarded.
Network LinkComma separated list of network addresses with cidr subnet. This will provision access to a clients local network to the vpn server.
Client-to-Client OnlyOnly allow this client to communicate with other clients. Access to routed networks will be blocked.
DNS Forwarding ServerThis will forward dns requests that are a sub-domain of the user such as The dns server must be accessible to the server, this can be done by using the clients vpn address or using a network link if the dns server is on the clients network. Multiple dns servers can be comma separated.
DNS Forwarding SuffixSuffix for dns forwarding. A user with a dns of and a dns suffix of node.consul will forward the dns request to search.node.consul via the dns forwarding server.
Bypass Secondary AuthenticationBypass all secondary authentication systems such as two-factor authentication and Duo. This is useful for server users.