Understand SmartSecurity Client VPN. Learn how to configure a Virtual Private Network, how to manage users and how to set it up on Client devices.
Client VPN Configuration
Client VPN service uses L2TP tunneling protocol and can be deployed without any additional software on PCs, Macs, iOS devices, and Android devices, since all of these operating systems natively support L2TP VPN connections.
Meraki uses ports 500 and 4500 for VPN connects. If MX has a port forwarding rule on these ports remote VPN connections will fail.
Meraki Client VPN Server Settings
Client VPN settings can be managed by logging into meraki.com. To enable Client VPN:
- Open Meraki Dashboard.
- Go to Security & SD WAN -> Client VPN.
- Inside 'Client VPN' modify these settings: a. Client VPN Server: set to 'Enabled'. b. Subnet: recommend default 192.168.60.0/24 as there's already rules in place for this subnet/VLAN. The subnet that will be used for Client VPN connections. This should be a private subnet that is not in use anywhere else in your network. The MX will be the default gateway on this subnet and will route traffic to and from this subnet. c. DNS server: leave as 'Use Google Public DNS'. d. WINS server: leave as 'No WINS servers'. We do not offer support for WINS servers. e. Share Secret: Create a password that VPN clients need to enter when connecting. f. Authentication: leave as 'Meraki Cloud Authentication'.
How to manage users
To add, edit, or remove users
Meraki Dashboard users will show in the Client VPN list, but by default will show "-" under "Authorized for Client VPN" to show that their access is disabled. If any of these users require Client VPN access, double click on the user and enable access. Their Client VPN login credentials will be the exact same username and password as their Meraki Dashboard access and can't be modified separately.
Start by scrolling down to the User Management section under Client VPN.
To Add User
Create a VPN user by selecting Add new user.
In Create user window: a. Description: Enter a description for the new user like their full name b. Email (username): the user's email. c. Password: Enter in a secure password or select Generate to create a random password.” d. Authorized: Select Yes to authorize this user for Client VPN e. Select Create user button.
To set up a specific device for a user see Setting up Client Devices below.”
To edit an existing user, go to the User Management section and select the user you need to update. You can change the user’s description, username, password and authorized settings.
To delete a user call Shaw Business Technical Support.
***VPN credentials can only be used to connect one client device to the VPN at a time.
Setting up Client Devices
Meraki Provides detailed setup instructions for all major systems:
Linux-based OSes can support client VPN connections as well, though third-party packages may be necessary to support L2TP/IP.