Setting up an SSL VPN connection
This section explains how to set up SSL VPN connections with the Stormshield SSL VPN client.
NOTE
Only one SSL VPN connection can be set up at a time.
Logging in to a connection with saved information
- You can log in to a connection with saved information from the following menus:
From the drop-down list in the Quick connection menu, select the connection to which you wish to log in, then click on the connection button
. You can select the last connection used or a favorite connection.
In the Saved connections menu, in the section of the saved connection to which you wish to log in, click on Connect.
In the pop-up menu of the Stormshield SSL VPN client icon
, select VPNSSL, then click on the connection to which you wish to log in. You can select the last connection used or a favorite connection.
-
If additional information is required in order to log (such as an OTP), enter it. If single sign-on is used, authenticate on the portal, which will open automatically in your web browser, allowing you to connect.
-
Wait while the Stormshield SSL VPN client connects.
Once it is connected, the icon of the Stormshield SSL VPN client and the connection button
in the Quick connection menu both turn green. If the connection is unsuccessful, refer to the section When an SSL VPN connection fails to set up.
You can log out by clicking out on Disconnect or on the connection button.
Quick connection menu |
Saved connections menu |
|
|
|
|
Pop-up menu |
||
|
Logging in without saving connection information (Direct connection)
You can log in through the Direct connection menu. Any information entered will not be saved.
NOTE
To save connection information, you need to create a saved connection. To do so, refer to the section Adding, editing or deleting saved connections.
-
Choose from either of 2 available modes:
Connection mode Description Stormshield mode This mode has to be used with an SNS firewall. In this mode, the Stormshield SSL VPN client automatically retrieves the SSL VPN configuration, and sends information that enables the SNS firewall to verify the client workstation's compliance (ZTNA).
Import OVPN file This mode makes it possible to import an OpenVPN configuration file (OVPN format), and to connect to the OpenVPN gateway that provided the file. - Fill in the required fields based on the selected mode.
- Click on Connect.
-
If single sign-on is used, authenticate on the portal, which will open automatically in your web browser, allowing you to connect.
-
Wait while the Stormshield SSL VPN client connects.
Stormshield mode
Field/checkbox | Description |
---|---|
Server | IPv4 address or FQDN of the SNS firewall to contact in order to set up the connection. |
Port | Server port (443 by default). If the port of the SNS firewall’s captive portal is different from the default port (TCP/443), enter the port used in this field. |
Connect with single sign-on |
Select this checkbox to connect with single sign-on. With single sign-on, after the connection has been initiated, authenticate on an authentication portal that opens in your web browser, for example the SNS firewall's captive portal or the portal of the Identity as a Service (IDaaS) platform chosen on the SNS firewall, such as Microsoft Entra ID. If this option is selected, the User name, Password and Use an OTP fields will be hidden. |
Username |
User name. |
Password |
User’s password. |
Use an OTP |
Select the checkbox if you are using multifactor authentication (such as the Stormshield TOTP solution), and an OTP (one-time password) is required in order to connect. If this option is selected, the OTP field appears. |
OTP |
OTP to be entered in order to connect. |
Importing OVPN files
Field | Description |
---|---|
Drag & drop/Browse | OVPN file that you wish to import. |
Username | User name. |
Password | User’s password. |
Once it is connected, the icon of the Stormshield SSL VPN client and the connection button
in the Quick connection menu both turn green. If the connection is unsuccessful, refer to the section When an SSL VPN connection fails to set up.
You can log out by clicking out on Disconnect or on the connection button.
When an SSL VPN connection fails to set up
-
Read the error message that appears. If necessary, you can find it in the Connection logs menu.
-
Check the connection information that has been entered, either in the Direct connection menu, or in the settings of the saved connection.
-
If the Use an OTP checkbox has been selected, check the validity of the OTP entered. The Stormshield SSL VPN client will make several attempts to connect if no response is received, but the OTP may expire in the meantime.
-
If a warning message appears regarding a probable security risk, this means that the certificate presented to the Stormshield SSL VPN client cannot be automatically validated. For more information, refer to the section SSL VPN connection - Manually validating the certificate presented by the server.