Using Evolphin Managed VPN with Evolphin Managed Cloud based Zoom Servers

Context

Evolphin Managed Cloud-based Zoom Servers can technically be accessed from anywhere in the world. Without strict firewall settings, a user from any IP address can run the Zoom desktop apps or Web Client and access the cloud-based Zoom or Preview Servers. To protect against malicious users, by default, Evolphin locks down the Zoom server access to know IP addresses in its cloud firewall settings. These know IP addresses are typically within the customer’s corporate network or Evolphin’s corporate networks. But this can limit collaboration for desktop users trying to access the Zoom Server from outside the firewalls. In order to open up access, Evolphin can set up a managed VPN service on the cloud with multi-factor authentication (MFA) that allows external users to first create a VPN connection with the cloud-based Zoom servers and then tunnel all Zoom and Preview server traffic over the VPN.

Target Audience

The sections below are meant for end-users and their IT admins to configure the VPN clients on their desktop in order to access the Evolphin cloud servers securely over the VPN.

Configuring VPN Client

  1. Please check the Evolphin Support Portal ticket that was opened for the VPN configuration. It would have listed the URL to the user web portal to the OpenVPN Access Server. That URL is often https://(customer)-vpn.evolphin.com:943.
  2. In addition, you should have received a secure email with the initial user name/password for each desktop VPN user that needs external VPN access. 
  3. Each VPN user will need to authenticate at the OpenVPN Access Server’s web portal by using the above login information:

  4. The first time setup will also prompt the user to scan the QR code for Google Authenticator, The users must set up Google Authenticator on their computer or mobile phone first before trying to scan the QR code.

    Using the Google Authenticator supplied 6-digit code, the user can login into the web portal of the OpenVPN Access Server.

  5. Once they login, they can change their default password and download an OpenVPN client for their desktop (Mac or Windows). Please note if they already have an OpenVPN client installed, there is no need to download the client. In that case, they can skip this step.

    Download an OpenVPN client build. For macOS, you can also use a stable released version of open source desktop client TunnelBrick. There are commercial macOS OpenVPN clients, like Viscosity, that also work very well. Note the OpenVPN Mac client is in beta right now, if it proves to be temperamental, please try another OpenVPN client for macOS. 

  6. Once an OpenVPN desktop client is installed, please click on the “Yourself (user-locked profile)” to download your OpenVPN client configuration. This can not be shared with other users as it contains your OpenVPN private certificate/key.
  7. Use your OpenVPN client to connect to the Evolphin VPN service, once you see a connection is established the desktop clients like VAB will be able to access the Zoom server behind the VPN. The Evolphin desktop clients will access the Zoom server with the same hostname/URL as they do inside the company’s corporate network. The default VPN configuration will split the Internet traffic and Zoom traffic and just send the Zoom traffic through the VPN tunnel.