Customizing a Connect Tunnel Initialization File vs. Installing from WorkPlace

03/26/2020 29 14142

DESCRIPTION:

Instructions in Chapter 10 of the Administration Guide explain how to customize an .ini file for installing Connect tunnel, but the file is incomplete: it cannot include certain items—such as authentication type and custom prompts—until a connection has been made to the VPN appliance. This means that first-time users are presented with dimmed authentication prompts unless they install from WorkPlace. There is a workaround explaining how to get the complete configuration file so that the user authentication prompts will not be dimmed. This article describes the differences between the two .ini files.

RESOLUTION:

Connect tunnel initialization file: ngsetup.ini

By editing a file named ngsetup.ini, you can customize the Connect tunnel client setup package and preconfigure certain settings, such as the host name or IP address of the appliance, and the realm you want your users to log in to. (If you don't include an .ini file, users are guided through the configuration process by the Setup Wizard.)

1. When the user runs ngsetup_<xx>.exe with the following .ini file, for example, he or she is presented with "Accounting" as the default realm:
[Connectoid 1]
ConnectionName=Aventail VPN Connection
VpnServer=192.168.200.120
StartMenuIcon=1
DesktopIcon=1
UserRealm=Accounting
StatusDlg=1
Taskbar=1
RunAtStartup=0

[InstallSettings]
ProductCode={A2A78788-2792-49BF-AF22-5E9296E568F3}
PackageCode={2D1C06E9-91C7-4BE0-9388-2291D7918D36}
InstallFile=ngclient.msi
UILevel=BASIC
FileSize=963072
ProductVersion=8.90.157
Language=en-US

Installation of the Connect Tunnel client will succeed, but the authentication prompts in the client will be dimmed the first time the user runs the program, as explained above.
 
2. The client is interrogated and placed in the community that corresponds to its device profile.

3. After a successful login, settings are recorded in the registry on the user's computer: the name of the community into which the device is categorized, for example, and the wording for any customized authentication server prompts.

Installing Connect tunnel from WorkPlace

When Connect tunnel is installed from WorkPlace, its settings are written to the registry using information that the user provides during login. For example, the ngsetup.ini file described above offers a default realm, but it's possible that the user could choose a different realm. When installing from WorkPlace, on the other hand, the realm the user selected is already known, as are any customized login prompts.

During the install process, the following .ini file is temporarily created on the user's device. Its settings are written to the registry and the .ini file is deleted when the browser session is closed. Here are the contents of a sample file—note the addition of the authentication server type (Active Directory), community name, and authentication prompts (all in bold)

-note change "activeDirectoryAuth" with the name of you Active Directory Authentication server :

[Connectoid 1]
ConnectionName="Aventail VPN Connection"
VpnServer="193.169.100.130"
DesktopIcon=1
RunAtStartup=0
CommunityName="Trusted"
UserRealm="Employees"
UserAuth="activeDirectoryAuth"
AuthVersion=2
AuthTitle="IDS_AUTHENTICATION_DIALOG_TITLE",16384
AuthMessage1="IDS_AUTHENTICATION_DIALOG_MESSAGE",16384
AuthField1="IDS_AUTHENTICATION_PROMPT_USERNAME",81921
AuthField2="IDS_AUTHENTICATION_PROMPT_PASSWORD",147458
AuthButtons=35

[InstallSettings]
ProductCode={A2A78788-2792-49BF-AF22-5E9296E568F3}
PackageCode={370755A8-8634-42EF-8C39-D5D835BF92F1}
InstallFile=ngclient.msi
UILevel=BASIC
FileSize=768000
ProductVersion=8.80.191
Language=en-US

The bolded lines above represent the variables that are missing from the ngsetup.ini file in 8.8.0 and 8.8.1.

ISSUE ID:

34423