-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
111 additions
and
0 deletions.
There are no files selected for viewing
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
Adding Devices | ||
============== | ||
|
||
Adding devices within UH VPN can be done by clicking the "Add New Device" button | ||
at the bottom of a person's page within a UH VPN group. After clicking, one will then | ||
be presented with a list of fields to fill in as follows: | ||
|
||
* **Name** : Name for the device in question, e.g. macOS, iOS, Android or Windows. | ||
* **Expiry Date** : If device expiry is desired, one can specify an expiry date here. | ||
If a date is not specified, the device will never expire until manual revocation | ||
occurs via deletion. | ||
* **Expiry Time** : If an expiry date is specified, the time can also be specified | ||
to provide an increased granularity with respect to expiry. All times should be entered | ||
in 24 hour format and will be taken as GMT. | ||
|
||
Upon device submission, the above fields will be validated and submitted. If submission | ||
succeeds, the person in question will be sent an email containing a one-time-passcode (OTP) | ||
for entry into a UH VPN client application. Once this code is entered, all relevant configurations | ||
such as server information, cryptography and app branding information is securely sent to the device. | ||
Secure dynamic updates will occur automatically for UH VPN clients allowing administrators to change | ||
server settings, group parameters and more without any impact to end clients, thus simplifying VPN | ||
deployments hugely. | ||
|
||
Once a user has redeemed their OTP code, the OTP field for the device in question on the person's page | ||
will change from |pending_otp| to |ok_otp|. If redemption fails to occur within the time period | ||
set by the group's "device registration timeout", the OTP icon will change to |failed_otp| and the device | ||
will need to be deleted and a new one created. | ||
|
||
.. note:: | ||
If using custom branding on premium groups, UH VPN device enrollment emails are custom branded | ||
to your specification. | ||
|
||
.. |pending_otp| image:: /_static/icons/primitive-dot-orange.svg | ||
:alt: Pending OTP | ||
|
||
.. |ok_otp| image:: /_static/icons/check_green.svg | ||
:alt: Redeemed OTP | ||
|
||
.. |failed_otp| image:: /_static/icons/x_red.svg | ||
:alt: Failed OTP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
Revoking Devices | ||
================ | ||
|
||
UH VPN supports instant device revocation to aid situations where devices need to be revoked prior | ||
to their expiry date. To do so, administrators simply need to click the |delete_icon| icon next | ||
to the device in question. Once a device is deleted it cannot be undone and all authentications | ||
for the device in question will immediately fail. Moreover, dynamic configuration updates for the | ||
device profile will also fail and the end user will be informed of revocation by their UH VPN | ||
client application. | ||
|
||
.. |delete_icon| image:: /_static/icons/trashcan.svg | ||
:alt: Delete Icon |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
Static Profile Export | ||
===================== | ||
|
||
UH VPN has the ability to export UH VPN device profiles in an OpenVPN compatible format to allow | ||
administrators to cater for users running more exotic operating systems where UH VPN client | ||
applications don't exist. | ||
|
||
To export an OpenVPN profile click the |export_icon| icon next to the device in question. One will | ||
then be presented with a modal prompt with two fields: | ||
|
||
* **Server** : The server to link the static VPN profile to. Static profiles can't utilise multi-server | ||
selection and thus have to be bound to a single server. Select the appropriate one from the list. | ||
* **Auto Add Credentials** : Certain OpenVPN applications permit credentials being auto-filled by | ||
the configuration profile, select this option if the client application supports this. | ||
|
||
When the download button is pressed, a compressed zip file will be downloaded. Once extracted the file | ||
structure is as follows: | ||
|
||
* **README.txt** : Details instructions on how to import the VPN profile. | ||
* **OpenVPN Profile** : OpenVPN config file to be utilised by an OpenVPN application. It is named to | ||
indicate the group, server, person and device in question. | ||
* **credentials.txt** : File containing the username (first line) and password (second line) to use | ||
when prompted by OpenVPN for credentials. | ||
|
||
.. |export_icon| image:: /_static/icons/cloud-download.svg | ||
:alt: Export Icon | ||
|
||
.. warning:: | ||
Only use this feature if absolutely necessary! Clients using these profiles will not benefit | ||
from dynamic secure updates, custom branding or enhanced performance. Use this feature at | ||
your own risk! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,27 @@ | ||
******* | ||
Devices | ||
******* | ||
|
||
As the name suggests, UH VPN Devices represent devices that people own. This could be a mobile phone, | ||
laptop, tablet and so on. Devices authenticate directly onto UH VPN servers and a VPN connection is then | ||
established between a device (UH VPN client application) and a server (UH VPN Server software). | ||
|
||
Devices are managed through the `website`_ and are contained within people to facilitate easy association | ||
between people and their hardware. | ||
|
||
Devices are immutable objects (cannot be modified once instantiated). This improves security by ensuring | ||
that there is a one-to-one mapping between UH VPN devices and physical devices a person owns. The OTP field | ||
on the person's device page indicates whether the OTP code has been redeemed by a client application. | ||
|
||
.. toctree:: | ||
:maxdepth: 1 | ||
|
||
creating | ||
deleting | ||
export | ||
|
||
.. note:: | ||
Billing for UH VPN is based solely on device usage. Free groups are granted usage for up to two devices | ||
whilst premium groups are allowed an unlimited number of devices billed at £1 +VAT per device per month. | ||
|
||
.. _website: https://uh-vpn.com |