Managing the Access Gateway support VPN
The support virtual private network (VPN) is enabled by default, but it can be enabled or disabled as required.
To enable or disable the Support VPN:
Sign in to the Access Gateway Admin UI console.
- Select the Support tab.
Before enabling the support VPN you must define a valid identity provider. See Administer Identity Providers for more information.
To enable the support connection:
- Slide the Give access to Okta support toggle to enabled.
- In the Enable Okta support access confirmation dialog, click Confirm.
Attempting to enable the support connection before enabling an Okta IDP will result in an error and a request to define an identity provider. See Administer Identity Providers for more information.
- The Tunnel IP address field will be populated with the current tunnel IP address.
To disable the support connection:
- Slide the Give access to Okta support toggle to disabled.
- In the Disable Okta support access confirmation dialog, click Confirm.
- The Tunnel IP address field will cleared and no tunnel value will be displayed.
Changes to VPN connection occur immediately after a change.
The Support VPN can also be enabled or disabled using the command line interface.
See Support Connection.
incorrect VPN connectivity and proxy error message
Condition: When Allow Support Connection is enabled and a proxy is specified for Access Gateway, the following error message displays:
In addition an error is logged similar to:
2020-11-04T12:00:30.707-06:00 <hostname.domain.tld> CHECK_CONNECTION SCRIPT ERROR NETCAT [USER="spgw"] Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Connection timed out.Action: The VPN is enabled and this error message can be ignored.
Known issue - Delay in displaying VPN enabledCondition: When the support VPN is enabled underlying services must be started and connections validated. In some situations this may take longer than expected and the VPN will continue to erroneously show disabled.
Action: When enabling the VPN, if the VPN still shows disabled, consider refreshing the page.