Managing the Access Gateway support VPN

The support virtual private network (VPN) is enabled by default, but it can be enabled or disabled as required.

Topics

Manage the support VPN

To enable or disable the Support VPN:

  1. Sign in to the Access Gateway Admin UI console.

  2. Select the Support tab.
  3. Note

    Before enabling the support VPN you must define a valid identity provider. See Administer Identity Providers for more information.

Enable

To enable the support connection:

  1. Slide the Give access to Okta support toggle to enabled.
  2. In the Enable Okta support access confirmation dialog, click Confirm.
    Attempting to enable the support connection before enabling an Okta IDP will result in an error and a request to define an identity provider. See Administer Identity Providers for more information.
  3. The Tunnel IP address field will be populated with the current tunnel IP address.

Disable

To disable the support connection:

  1. Slide the Give access to Okta support toggle to disabled.
  2. In the Disable Okta support access confirmation dialog, click Confirm.
  3. The Tunnel IP address field will cleared and no tunnel value will be displayed.

 

Note

Changes to VPN connection occur immediately after a change.
The Support VPN can also be enabled or disabled using the command line interface.
See Support Connection.

Known issues

incorrect VPN connectivity and proxy error message


Condition: When Allow Support Connection is enabled and a proxy is specified for Access Gateway, the following error message displays:

In addition an error is logged similar to:

2020-11-04T12:00:30.707-06:00 <hostname.domain.tld> CHECK_CONNECTION  SCRIPT ERROR NETCAT [USER="spgw"] Ncat: Version 7.70 ( https://nmap.org/ncat )
				Ncat: Connection timed out.
Action: The VPN is enabled and this error message can be ignored.

Known issue - Delay in displaying VPN enabled

Condition: When the support VPN is enabled underlying services must be started and connections validated. In some situations this may take longer than expected and the VPN will continue to erroneously show disabled.
Action: When enabling the VPN, if the VPN still shows disabled, consider refreshing the page.