GINA mode


The GINA mode allows you to open VPN connections before the Windows logon.

This function can, for example, create a secure connection to an access rights management server so that the user workstation access rights can be obtained before opening a user session.

When a tunnel is configured “in GINA mode”, the following two situations are possible:

  1. If the VPN Client is configured to start up in TrustedConnect mode (refer to section General), then the TrustedConnect Panel will be displayed on the Windows logon screen and the VPN Client tries to automatically connect to the trusted network.

  2. Otherwise, a window allowing you to open a tunnel that is similar to the Connection Panel will be displayed on the Windows logon screen. It allows you to open a VPN tunnel manually or automatically.

Configuring the GINA mode

Configuring the GINA mode for a VPN connection is done on the Automation tab of the relevant tunnel.

Refer to chapter Automation.

Using the GINA mode

When the VPN tunnel is configured in GINA mode, the window used to open GINA tunnels is displayed on the Windows logon screen. The tunnel will open automatically if it is configured accordingly.

A GINA-mode VPN tunnel can perfectly implement an EAP authentication (users must enter their login name and password) or a certificate-based authentication (users must enter the PIN code required to access the smart card).

Security considerations

A tunnel configured in GINA mode can be opened before Windows logon, i.e. by any user of the workstation. We therefore strongly recommend that you set up a strong authentication method that is certificate-based and, if possible, stored on a removable device.

For the Automatically open this tunnel on traffic detection option to be operational after Windows logon, the Enable before Windows logon option must not be checked.

  • Limitation: Scripts and USB mode are not available for VPN tunnels configure in GINA mode.
  • A VPN tunnel configured with a certificate stored in the Windows Certificate Store will not work in GINA mode. The reason for this is that the GINA mode is run before a Windows user is identified (prior to opening any session). Therefore, the software cannot identify the user store to use in the Windows Certificate Store.