- *BASICS*
- The Knox Ecosystem
- White Paper
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- *FOR IT ADMINS*
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Introduction
- How-to videos
- Get started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google device owner support
- MDM compatibility matrices
- Device users
- Activity log
- Enroll and unenroll devices
- Configure devices
- Provide KME feedback
- Use the Knox Deployment App (KDA)
- Recover Google FRP locked devices using KME
- Role-based access control (RBAC)
- Release notes
- FAQs
- Troubleshoot
- KBAs
- On-Premise
- Knox Configure
- Mobile
- Wearables
- Shared Device
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQs
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQs
- KBAs
- Troubleshoot
- Legacy Knox E-FOTA products
- Samsung Care+ for Business
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
This article answers some of the basic questions you may have when trying to use VPNs with Knox.
What VPN encryption does Knox use?
Knox provides a comprehensive IPSec-based VPN solution for the most demanding enterprise requirements. Triple DES (56/168-bit), AES (128/256-bit) encryption with MD5 or SHA.
Can I configure VPN without a VPN client?
No. If you have a Knox Workspace license, download the Knox VPN Client before attempting to configure VPN.
Does the Knox VPN Framework call my service on device restart?
1. Does the Knox VPN framework call our VPN service on every device restart?
A: Yes
2. Can we expect a startConnection call from the Knox VPN framework on device restart even though we did not call the activate profile API?
A: Yes
3. When is the stopConnection called from the Knox VPN framework?
A: Few of the scenarios include:
- When admin calls deactivate profile
- When admin removes all the packages from the VPN profile
Should the VPN client be installed inside or outside the Knox container?
The VPN client can be installed inside and/or outside of the Knox container. If you have two containers created on your device, you can install the VPN client outside the Knox container so that it is available to both containers. On the other hand, if the VPN client is installed inside one container, the VPN client is not available to the other container.
How do I enable Dead Peer Detection (DPD) for VPN?
The Dead Peer Detection (DPD) feature is supported by the VPN gateway. The VPN connection is terminated automatically by DPD ACK from the gateway when no data is communicated through the VPN.
If the Mocana KeyVPN Client is being used, then DPD can be set by going to Advanced Settings >Enable > Dead Peer Detection.
How do I troubleshoot VPN configuration issues?
- After pushing the Knox VPN client via Samsung SDS IAM & EMM, verify that it appears on both the personal space and on the Knox container on users' devices.
- Verify that your VPN credentials are correct by manually setting up VPN in the personal space.
- Verify that you can connect to the Knox VPN gateway.
- If you can't connect to the Knox VPN gateway and:
- you are connected to a firewall, change your access point and try again.
- you aren't connected to a firewall, try to connect to any website using the device browser. If you can't access any of the websites, contact Samsung Knox Support.
- If the issue persists, capture log files and contact Samsung Knox Support.
