This article outlines instructions to configure a client VPN connection on commonly-used operating systems. For more information about client VPN, please refer to our documentation.
Android
To configure an Android device to connect to the Client VPN, follow these steps:
- Navigate to Settings -> Wireless & Networks -> VPN
- Click the Plus Icon to add an additional VPN profile
-
Enter a VPN Name for the connection.
-
For the Type drop-down select L2TP/IPSEC PSK VPN
-
Enter the public IP (found in Dashboard, under Security appliance > Monitor > Appliance status > Uplink) of the MX device under Server address.
-
Enter the pre-shared key under IPSec pre-shared key.
You will be prompted for credentials when you connect.
The instructions below are tested on Mac OS 10.7.3 (Lion).
Open System Preferences > Network from Mac applications menu. Click the "+" button to create a new service, then select VPN as the interface type, and choose L2TP over IPsec from the pull-down menu.
- Server Address: Enter the public IP address (found in Dashboard, under Security appliance > Monitor > Appliance status > Uplink ).
- Account Name: Enter the account name of the user (based on AD, RADIUS or Meraki Hosted authentication).
Click Authentication Settings and provide the following information:
- User Authentication > Password: User password (based on AD, RADIUS or Meraki Hosted authentication).
- Machine Authentication > Shared Secret: The preshared key that you've created in Configure > Client VPN settings for the MX.
Click OK to go back to the main VPN settings page, then click Advanced and enable the Send all traffic over VPN connection option.
Open Start Menu > Control Panel, click on Network and Internet, click on View network status and tasks.
In the Set up a connection or network pop-up window, choose Connect to a workplace (Set up a dial-up or VPN connection to your workplace).
Choose Use my Internet connection (VPN), in the Connect to a workspace dialog window.
In the Connect to a Workplace dialog box, enter:
- Internet address: Enter the public IP address (found in Dashboard, under Security appliance > Monitor > Appliance status > Uplink ) for the MX appliance.
- Destination name: Optionally enter a name for the VPN connection.
Click Next. In the next dialog window, enter the user credentials, and click Create.
Close the VPN connection wizard.
Go to Networking and Sharing Center and click Change Adapter Settings
In Network Connections window, right click on the new VPN connection settings and choose Properties
In the General tab, verify that the public IP address or the URL of the MX appliance.
In the Options tab, make sure "Include Windows logon domain" is unchecked
In the "Security" tab, choose "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)".
Then, check "Unencrypted password (PAP)", and uncheck all other options.
Click on "Advanced settings".
In Advanced Properties dialog box, choose "Use preshared key for authentication" and enter the same key you used for the client VPN settings in the Dashboard. Note: if you are enabling client VPN for your employees, you will need to distribute this key.
Click OK.
Back at the Network Connections window, right-click on the VPN connection and click Connect
Verify your user name and click Connect.
Open Start Menu > Network and Sharing Center and click Settings.
In the Network and Sharing Center, click Set up a new connection or network.
In the Set Up a Connection or Network pop-up window, choose Connect to a workplace.
(Set up a dial-up or VPN connection to your workplace).
Choose Use my Internet connection (VPN), in the Connect to a Workspace dialog window.
In the Connect to a Workplace dialog box, enter:
- Internet address: Enter the public IP address (found in Dashboard, under Security appliance > Monitor > Appliance status > Uplink ) for the MX appliance.
- Destination name: Optionally enter a name for the VPN connection.
Click Create.
Go back to Network and Sharing Center and click Change Adapter Settings.
In the Networks Connections window, right click on the VPN connection icon and choose Properties.
In the General tab, verify that the public IP address or the URL of the MX appliance.
In the "Security" tab, choose "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)".
Then, check "Unencrypted password (PAP)", and uncheck all other options.
Click on "Advanced settings".
In Advanced Properties dialog box, choose "Use preshared key for authentication" and enter the same key you used for the client VPN settings in the Dashboard. Note: if you are enabling client VPN for your employees, you will need to distribute this key.
Click OK.
Back at the Network Connections window, right-click on the VPN connection and click Connect / Disconnect.
Find your VPN profile and click Connect.
Enter your user name and password.
Click OK.
Windows 10
Open Start Menu > Search "VPN" > Click Change virtual private networks (VPN)
From the VPN settings page, click Add a VPN connection.
In the Add a VPN connection dialog:
- Set the VPN provider to Windows (built-in)
- Provide a Connection name for the VPN connection
- Specify a public IP address (found in Dashboard, under Security appliance > Monitor > Appliance status > Uplink ) or hostname for the Server name or address
- Select L2TP/IPsec with pre-shared key for the VPN type
- Provide a User name and Password (optional)
After the VPN connection has been created, click Change adapter options under Related settings.
Right click on the VPN Connection from the list of adapters and click Properties.
In the Security tab, select "Require encryption (disconnect if sever declines)" under Data encryption.
Then, select Allow these protocols under Authentication. From the list of protocols, check "Unencrypted password (PAP)", and uncheck all other options.
Click on "Advanced settings"
In Advanced Properties dialog box, choose "Use preshared key for authentication" and enter the same key you used for the client VPN settings in the Dashboard. Note: if you are enabling client VPN for your employees, you will need to distribute this key.
Back at the Network Connections window, right-click on the VPN connection and click Connect / Disconnect.
Find your VPN profile and click Connect.
Enter your user name and password.
Click OK.
Open Start Menu > Control Panel, click on Network Connections.
In the Network Tasks section, click on Create a new connection.
Choose Connect to the network at my workplace, in the New Connection Wizard window.
Choose Virtual Private Network connection in the next section.
Then, give a name for this connection:
Enter the public IP address for the MX appliance (found in Dashboard, under Security appliance > Monitor > Appliance status > Uplink ):
In the Connect <Connection Name> box, click on Properties
In the General tab, verify that the public IP address or the URL of the MX appliance.
In the Options tab, make sure "Include Windows logon domain" is unchecked
In the Security tab, choose Advanced (custom settings).
Click Settings
In Advanced Security Settings page, select Optional encryptionfrom the Data encryption pull-down menu.
Choose Unencrypted password (PAP) from the Allow these protocols options and uncheck everything else.
Back on the Security tab, click IPSec Settings...
Check "Use pre-shared key for authentication" and enter the same key you used for the client VPN settings in the Dashboard. Note: if you are enabling client VPN for your employees, you will need to distribute this key.
Click OK.
In Networking tab, choose L2TP IPSec VPN from the Type of VPN options.
Back at the Network Connections window, right-click on the VPN connection and click Connect
Verify your user name and click Connect
Linux
Note: Depending on the Linux distribution and version used by the client, these exact steps may not apply. Since Client VPN uses the L2TP over IPsec standard, any Linux client that properly supports this standard should suffice. This article details specific configuration steps for Ubuntu Linux 12.04. Please note that newer versions of Ubuntu do not ship with a VPN client that supports L2TP/IP, and will therefore require a 3rd party VPN client that supports the protocol.
Note: The xl2tp package does not send user credentials properly to the MX when using Meraki Cloud Controller authentication, and this causes the authentication request to fail. Active Directory or RADIUS authentication can be used instead for successful authentication.
Configuring Ubuntu 12.04
Multiple packages exist that allow Linux devices to connect to L2TP/IP VPN. Ubuntu 12.04 supports openswan, the following example configuration uses this software as a reference.
Under the VPN Connections options, create a new VPN connection by clicking add:
In this example the connection is called Meraki_MX. In the IPsec configuration tab, the remote server field is the Internet Port 1 IP address of the MX. A FQDN that resolves to this IP address can also be used. The pre-shared key is the secret key that was defined on the dashboard:
On the PPP configuration tab you will need to deselect everything but PAP authentication and define the username/password of the connecting user:
Note: Despite the "Unencrypted password" label, the client's password is sent encrypted over an IPsec tunnel between the client device and the MX. The password is fully secure and never sent in clear text over either the WAN or the LAN.
