User configuration

A user represents a client certificate that is generated using the CA certificate from the users organization.


Below is a table of the user settings.




The name of user. When using single sign-on this should not be changed.


Email address of user. This will be used to set the Gravatar image for the user and for emailing the users configuration. When using single sign-on this should not be changed.


List of groups to associate with user. Group names are case sensitive.


The user pin. This will be required when connecting to a vpn server. The user can also set this on the profile download page.

Port Forwarding

Comma separated list of ports to forward. Format can be source_port:dest_port/protocol or start_port:end_port/protocol. The destination port can be left out if it is the same as the source port. If the protocol is not included both tcp and udp will be forwarded.

Network Link

Comma separated list of network addresses with cidr subnet. This will provision access to a clients local network to the vpn server.

Client-to-Client Only

Only allow this client to communicate with other clients. Access to routed networks will be blocked.

DNS Forwarding Server

This will forward dns requests that are a sub-domain of the user such as The dns server must be accessible to the server, this can be done by using the clients vpn address or using a network link if the dns server is on the clients network. Multiple dns servers can be comma separated.

DNS Forwarding Suffix

Suffix for dns forwarding. A user with a dns of and a dns suffix of node.consul will forward the dns request to search.node.consul via the dns forwarding server.

Bypass Secondary Authentication

Bypass all secondary authentication systems such as two-factor authentication and Duo. This is useful for server users.