Configuration
User configuration
A user represents a client certificate that is generated using the CA certificate from the users organization.
Settings
Below is a table of the user settings.
| Setting | Description |
|---|---|
| Name | The name of user. When using single sign-on this should not be changed. |
| Email address of user. This will be used to set the Gravatar image for the user and for emailing the users configuration. When using single sign-on this should not be changed. | |
| Groups | List of groups to associate with user. Group names are case sensitive. |
| Pin | The user pin. This will be required when connecting to a vpn server. The user can also set this on the profile download page. |
| Port Forwarding | Comma separated list of ports to forward. Format can be source_port:dest_port/protocol or start_port:end_port/protocol. The destination port can be left out if it is the same as the source port. If the protocol is not included both tcp and udp will be forwarded. |
| Network Link | Comma separated list of network addresses with cidr subnet. This will provision access to a clients local network to the vpn server. |
| Client-to-Client Only | Only allow this client to communicate with other clients. Access to routed networks will be blocked. |
| DNS Forwarding Server | This will forward dns requests that are a sub-domain of the user such as search.user.org.vpn. The dns server must be accessible to the server, this can be done by using the clients vpn address or using a network link if the dns server is on the clients network. Multiple dns servers can be comma separated. |
| DNS Forwarding Suffix | Suffix for dns forwarding. A user with a dns of user.org.vpn and a dns suffix of node.consul will forward the dns request search.user.org.vpn to search.node.consul via the dns forwarding server. |
| Bypass Secondary Authentication | Bypass all secondary authentication systems such as two-factor authentication and Duo. This is useful for server users. |
Updated about 5 years ago