Setup and guides

How to configure SmartSecurity Client VPN

Understand SmartSecurity Client VPN. Learn how to configure a Virtual Private Network, how to manage users and how to set it up on Client devices.

Client VPN Configuration

Client VPN service uses L2TP tunneling protocol and can be deployed without any additional software on PCs, Macs, iOS devices, and Android devices, since all of these operating systems natively support L2TP VPN connections.

Meraki uses ports 500 and 4500 for VPN connects. If MX has a port forwarding rule on these ports remote VPN connections will fail.

Meraki Client VPN Server Settings

Client VPN settings can be managed by logging into meraki.com. To enable Client VPN:

  1. Open Meraki Dashboard.
  2. Go to Security Appliance -> Client VPN. Security Appliance Client VPN
  3. Inside 'Client VPN' modify these settings:
    a. Client VPN Server: set to 'Enabled'.
    b. Client VPN subnet: recommend default 192.168.60.0/24 as there's already rules in place for this subnet/VLAN. The subnet that will be used for Client VPN connections. This should be a private subnet that is not in use anywhere else in your network. The MX will be the default gateway on this subnet and will route traffic to and from this subnet.
    c. DNS nameservers: leave as 'Google Public DNS'.
    d. WINS: leave as 'No WINS servers'. We do not offer support for WINS servers.
    e. Secret: Create a password that VPN clients need to enter when connecting.
    f. Authentication: leave as 'Meraki cloud'.

Client VPN Configuration

How to manage users

To add, edit, or remove users

Meraki Dashboard users will show in the Client VPN list, but by default will show "-" under "Authorized for Client VPN" to show that their access is disabled. If any of these users require Client VPN access, double click on the user and enable access. Their Client VPN login credentials will be the exact same username and password as their Meraki Dashboard access and can't be modified separately.

  1. Open Meraki Dashboard.
  2. Go to Security Appliance -> Client VPN. Security Appliance Client VPN
  3. On 'Client VPN', use the 'User Management' section at the bottom.

Add User

  1. Create a VPN user by selecting 'Add new user'. Client VPM User Management
  2. In 'Create user' window:
    a. Description: description for the VPN client.
    b. Email (username): the user's email.
    c. Password: use a secure password. Select 'Generate' to create a random password.
    d. Authorized: Set to 'Yes' to ensure user is authorized to use Client VPN.
    e. Select 'Create user' button to complete
    Client VPM Create User
  3. Follow Client Device Setup instructions to connect their specific device(s).

Edit User

To edit existing user, select user in 'User Management' section. This allows changing description, username, password, and authorized settings.

Delete User

To delete a user, click the X next to user on the right side of the user list.

***VPN credentials can only be used to connect one client device to the VPN at a time.

Setting up Client Devices

Meraki Provides detailed setup instructions for all major systems:

Linux-based OSes can support client VPN connections as well, though third-party packages may be necessary to support L2TP/IP.