Skip Navigation

Android
: VPN profile settings

The following VPN profile settings are supported only on 
Samsung Knox Workspace
 devices.
For more information about the VPN profile settings supported by 
Samsung Knox Workspace
 devices, see 
Samsung Knox
 VPN JSON Parameters
.
Android
: VPN profile setting
Description 
Server address
This setting specifies the FQDN or IP address of a VPN server.
VPN type
This setting specifies whether a device uses IPsec or SSL to connect to the VPN server.
Possible values:
  • IPsec
  • SSL
The default value is "IPsec."
The 
Juniper
 VPN app supports "SSL" only.
User authentication required
This setting specifies whether a device user must provide a username and password to connect to the VPN server. 
Username
This setting specifies the username that a device uses to authenticate with the VPN gateway. If the profile is for multiple users, you can use the %UserName% variable.
This setting is valid only if the “User authentication required” setting is selected.
Password
This setting specifies the password that a device uses to authenticate with the VPN gateway.
This setting is valid only if the “User authentication required” setting is selected.
Split tunnel type
This setting specifies whether a device can use split tunneling to bypass the VPN gateway, if the VPN gateway supports it.
Possible values:
  • Disabled
  • Manual
  • Auto
If the "VPN type" setting is set to "IPsec," this setting must be set to “Disabled."
The default value is "Disabled."
Forward routes
This setting specifies the route or routes that bypass the VPN gateway. You can specify one or more IP addresses.
This setting is valid only if the "VPN type" setting is set to "SSL" and the “Split tunnel type” setting is set to “Manual.”
DPD
This setting specifies whether DPD is enabled.
This setting is valid only if the "VPN type" setting is set to "IPsec."
IKE version
This setting specifies the version of IKE protocol to use with the VPN connection.
Possible values:
  • IKEv1
  • IKEv2
The default value is "IKEv1."
This setting is valid only if the "VPN type" setting is set to "IPsec."
IPsec authentication type
This setting specifies the authentication type for the IPsec VPN connection. The "IKE version" setting determines which IPsec authentication types are supported and the default value for this setting.
Possible values:
  • Certificate
  • Preshared key
  • EAP MD5
  • EAP MSCHAPv2
  • Hybrid 
    RSA
  • CAC-based authentication
This setting is valid only if the "VPN type" setting is set to "IPsec."
IPsec group ID type
This setting specifies the IPsec group ID type for the VPN connection. The "IPsec authentication type" setting determines which IPsec group ID types are supported and the default value for this setting.
Possible values:
  • Default
  • IPv4 address
  • Fully qualified domain name
  • User FQDN
  • IKE key ID
If the setting for “IPsec authentication type” is “Certificate," then this setting is automatically set to “Default."
This setting is valid only if the "VPN type" setting is set to "IPsec."
IPsec group ID
This setting specifies the IPsec group ID for the VPN connection.
This setting is valid only if the "VPN type" setting is set to "IPsec."
IKE phase 1 key exchange mode
This setting specifies the exchange mode for the VPN connection.
Possible values:
  • Main mode
  • Aggressive mode
The default value is "Main mode."
This setting is valid only if the "VPN type" setting is set to "IPsec."
IKE lifetime
This setting specifies the lifetime, in seconds, of the IKE connection. If you set an unsupported value or a null value, the device default value is used.
This setting is valid only if the "VPN type" setting is set to "IPsec."
IKE encryption algorithm
This setting specifies the encryption algorithm used for the IKE connection.
This setting is valid only if the "VPN type" setting is set to "IPsec."
IKE integrity algorithm
This setting specifies the integrity algorithm used for the IKE connection.
This setting is valid only if the "VPN type" setting is set to "IPsec and the "IKE version" is set to "IKEv2."
IPsec DH group
This setting specifies the DH group that a device uses to generate key material.
The possible values are 0, 1, 2, 5, and from 14 to 26.
The default value is 0.
This setting is valid only if the "VPN type" setting is set to "IPsec."
IPsec parameter
This setting specifies the IPsec parameter used for the VPN connection.
This setting is valid only if the "VPN type" setting is set to "IPsec."
Perfect forward secrecy
This setting specifies whether the VPN gateway supports PFS.
This setting is valid only if the "VPN type" setting is set to "IPsec."
Enable MOBIKE
This setting specifies whether the VPN gateway supports MOBIKE.
This setting is valid only if the "VPN type" setting is set to "IPsec."
IPsec lifetime
This setting specifies the lifetime, in seconds, of the IPsec connection. If you set an unsupported value or a null value, the device default value is used.
This setting is valid only if the "VPN type" setting is set to "IPsec."
IPsec encryption algorithm
This setting specifies the IPsec encryption algorithm used for the VPN connection.
This setting is valid only if the "VPN type" setting is set to "IPsec."
IPsec integrity algorithm
This setting specifies the IPsec integrity algorithm used for the VPN connection.
This setting is valid only if the "VPN type" setting is set to "IPsec" and the and the "IKE version" is set to "IKEv2."
Authentication type
This setting specifies the authentication type for the VPN gateway.
Possible values:
  • None
  • Certificate-based authentication
  • CAC-based authentication
The default value is "None."
This setting is valid only if the "VPN type" setting is set to "SSL."
SSL algorithm
This setting specifies the encryption algorithm required for an SSL VPN connection.
This setting is valid only if the "VPN type" setting is set to "SSL."
Append UID/PID information
This setting specifies whether UID and PID information is appended to packets that are sent to the VPN client app. 
This setting must be selected for the 
Cisco AnyConnect
 VPN app.
Support chaining
This setting specifies how VPN chaining is supported.
Possible values:
  • Support chaining
  • Outer tunnel
  • Inner tunnel
The default value is "Support chaining."
Vendor string input type
This setting specifies the key-value pairs or JSON string for the VPN. The configuration information is specific to the vendor's VPN app.
Possible values:
  • Vendor key-value pairs
  • Vendor JSON value
The default value is "Vendor key-value pairs."
Vendor key-value pairs
This setting specifies the keys and associated values for the VPN. The configuration information is specific to the vendor's VPN app.
This setting is valid only if the "Vendor string input type" setting is set to "Vendor key-value pairs."
Vendor JSON value
This setting specifies the configuration information specific to the vendor's VPN app, in .json format.
This setting is valid only if the "Vendor string input type" setting is set to "Vendor JSON value."
VPN client package ID
This setting specifies the package ID of the VPN app. 
Automatically retry connection after error
This setting specifies whether the VPN connection should be automatically restarted after the connection is lost.
Enable FIPS mode
This setting specifies whether FIPS mode is enabled. Enabling FIPS mode makes sure that only FIPS-validated cryptographic algorithms are used for the VPN connection. 
Enterprise connectivity for 
Android
 devices with a work space
This setting specifies whether 
Samsung Knox Workspace
 devices use a VPN connection for all apps in the work space or only for specified apps.
  • "Container wide VPN" uses a VPN connection for all apps in the work space on the device.
  • "Per-app VPN" uses a VPN connection only for specified apps.
Apps allowed to use the VPN connection
This setting specifies the apps in the work space that can use a VPN connection. You can select apps from a list of available apps or specify the app package ID.
This setting is valid only if the "Enterprise connectivity for 
Android
 devices with a work space" setting is set to "Per-app VPN."
Associated proxy profile 
This setting specifies the associated proxy profile that a device uses to connect to a proxy server when the device is connected to the VPN.