Authentication of the client bundle
Authentication of SSL-VPN client bundle is accomplished through a username and password together as the authentication token without TLS client certificates. The authentication can be done against a set of vRouter-maintained local service users or against central identity management systems like cooperating directory servers (for example, LDAP).
Management of local service users and authentication against a central identity management system is covered in Service User Management.
The SSL-VPN client authentication configuration only requires to reference to authentication profiles of central identify management systems or by referring local service users or groups of local service users.
The SSL-VPN client authentication configuration references the following:
- Authentication profiles of central identity management systems
- Local service users
- Groups of local service users
Any change to the service-user authentication, such as adding or removing a new local service user, or changing or adding an LDAP authentication profile, does not require a change to existing client bundles.
Because client bundles are independent of users, no such change requires a change to existing client setups. A change to service-user authentication does not require a restart of the SSL-VPN server, nor does it terminate the existing client connection.
Authentication methods can be combined for the same SSL-VPN instance to provide authentication against multiple LDAP servers and local service users. When one of these authentication resources grants access, the authorization of the SSL-VPN connection is granted and access to that SSL-VPN instance is permitted.