Deploying VPN configurations

Integrity of a VPN configuration

Protecting the integrity of a VPN configuration when it is exported and checking its integrity when it is imported is a function that can be enabled using the SIGNFILE property. This property is disabled by default.

Example of a command line to enable signing and checking the integrity of a configuration file:

msiexec /i "[download_directory]/NetworkVpnClientExclusive_Setup.msi" /q SIGNFILE=1

A preconfigured VPN configuration can be included with the installation of the SN VPN Client Exclusive. This configuration will be automatically imported and applied during software installation. It will therefore be immediately operational for the end user, as of the first time the VPN Client is started.

The steps to create such an installation are as follows:

  1. From the SN VPN Client Exclusive’s Configuration Panel, create the VPN configuration for the target workstation.

  2. Export the VPN configuration (Configuration > Export menu item, refer to the SN VPN Client Exclusive “Administrator’s Guide”) and protect it with a password, if desired.

  3. Transfer the installation program and the VPN configuration to the target workstation.

  4. Run the installation of the SN VPN Client Exclusive by specifying the TGBCONF_PATH and TGBCONF_PASSWORD properties (if the configuration is password protected, refer to section VPN Configuration). When the installation is complete, the VPN Client will have been installed with the imported VPN configuration applied.

EXAMPLE
msiexec /i "[download_directory]/NetworkVpnClientExclusive_Setup.msi" /q TGBCONF_PATH=C:\Users\Admin\conf.tgb TGBCONF_PASSWORD=[password]

From a deployment security perspective, this method relies on the integrity check function in VPN configurations, if it is enabled. If this is the case, the function ensures that the configuration imported during installation has not been corrupted.

Deploying a VPN configuration update

Once the SN VPN Client Exclusive is installed, you can update its VPN configuration using the function to import a configuration file from the command line.

To import a configuration from the command line, proceed as follows:

  1. Create the VPN configuration for the target workstation.

  2. Export the configuration (Configuration > Export menu item, refer to the SN VPN Client Exclusive “Administrator Guide”). It can be encrypted with a password.

  3. 3. Transfer the VPN configuration to the workstation to be updated.

  4. On the target workstation, run vpnconf.exe in command line and, where appropriate, specify the password used to protect the exported configuration (refer to the /add, /replace and /pwd options described in detail in section Importing).

  5. If one or several tunnels are open, the following warning window will appear:

NOTE
If you want to perform a silent update of the configuration (without warning window), when one or several tunnels are open, use the command-line options to close and then open them again (see chapter Using command line options).

IMPORTANT
If access to the Configuration Panel is restricted to administrators, the command line interpreter (cmd, PowerShell, etc.) must be run as administrator to be able to use the import or export commands: /import, /importonce, /add, /replace, /export, /exportonce.

For further details on command-line options, refer to chapter Using command line options.