Forum Discussion

Antonio_Macia_R's avatar
Antonio_Macia_R
Icon for Nimbostratus rankNimbostratus
Jan 15, 2018

Always connected VPN based on user type

Hello,

 

If the computer running the "always connected" VPN has two different users, one local and another user belonging to the corporate domain. Is it possible to trigger the "always connected" VPN only when the domain user is logged and not when the local user is logged in?

 

Thanks.

 

1 Reply

  • I'm not aware of a way to do so with built-in F5 functions... but thinking creatively, you could use a combination of logon/logoff scripts in Active Directory (think GPO) and DNS resolution.

     

    Create a logon script for the domain user(s) that adds an entry to the local hosts file ( and resolve it to whatever - 127.0.0.99). When the user logs off, have the logoff script remove that local hosts file entry.

     

    Then on the F5, create a Connectivity Profile that builds the tunnel when resolves to the IP you specified above. In theory, when a domain user logs in, the VPN will be established. When a local user logs in, it will not. This is due to the availability of the name resolution.

     

    Access -> Connectivity / VPN -> Connectivity -> Profiles -> [vpn profile name] -> Edit Profile _> Win/Mac Edge Client -> Location DNS List

     

    There are other concerns here (such as if the user doesn't log off properly - but if it's not a security concern, it's just user training in all likelihood).