Skip to main content

VPN IPsec

To connect an entire network with multiple devices to oneclick™, VPN IPsec is the most suitable option. Proceed as follows.

We assume that your VPN end device meets the technical requirements for a connection with oneclick™.

1. Create connection

  1. Click in the menu item Resources on the tab.
  2. Click on the + Icon to open the mask where you can connect your own resources.
  3. Select the VPN IPsec tile under My Devices.
  4. Give the new connection any name and enter the IP address or DNS of the VPN end device. Optionally, make entries in the fields VPN IPsec end device and Device software release.
  5. Select the automatic or manual connection type.
    • In automatic mode, you can choose between Secure (recommended) with IKE version 2 and Compatibility mode with IKE version 1. Here, oneclick™ automatically tries to establish a connection with your VPN end device. You can enter the MTU packet size and the lifetime for phase 1 and 2.
    • In manual mode, you can directly enter and select the appropriate data from your VPN end device:
      •  General information, such as the oneclick™ Peer ID, your Peer ID.
      • Your IKE data: The Key Exchange Version, MTU and optionally the Pre Shared Key.
      • For Phase 1: The lifetime in seconds, the encryption algorithm, the key-length, the hash and the Diffie Hellmann group.
      • For Pase 2: The lifetime in seconds, optionally the Perfect Forward Secret, the encryption algorithm, the key-length and the hash.
  6. Then click Save.
  7. If you have your network data, create a network immediately and take the direct path via the To Networks button. If you do not have any network data yet, you can download the PDF and make the settings already contained in your VPN end device.

2. Create network

  1. Click on the + Icon in the network menu item to create a new network.

  2. Select the VPN IPsec connection you just created and click Next.

  3. Give the network a name of your choice. Optionally, enter a location, for better overview in tables, and the address space (CIDR) and then click Save.

  4. Download the PDF and transfer the values in it to the settings of your VPN end device.

    Proceed according to the following steps on the page of your VPN end device:

    • Store the values from the generated PDF identically in the settings of your VPN end device.
    • If your firewall blocks external access, allow access via the oneclick™ IP address. To establish the VPN connection, UDP ports 500 and 4500 are required for IPsec
    • Ensure that oneclick™ can access the desired local destination networks via VPN

  5. Check in the Connections item if the connection was successful.

3. Create destination

  1. In the Resources menu item, click the Destinations
  2. Click on the + Icon to create a new destination.
  3. Select your created network for VPN IPsec connection and click Next.
  4. Specify a descriptive name, the internal IP address or internal hostname, and the port on your destination system.
  5. Click on the + Icon to create more destinations. Click on Save.

4. Create destination pools

Next, create a destination pool in which you can include one or more destinations that belong together. This step is not necessary if you want to connect an internal website or a private Active Directory.

5. Check connectivity and assign apps in oneclick™

Click on the check status icon in the row to check the connectivity.

For more information on restarting and checking your VPN connection, see Reinitialize and Check Connection.

If you want to access the destination via oneclick™ streaming, then configure app access and create app instances for your oneclick™ users.

Once you have completed all the steps above, you can give your users access to oneclick™ by sending the registration link.