Citrix VPN options

June 11, 2021

Citrix VPN options

	L2TP*	PPTP*	IKEv2**	OpenVPN	SSL (AnyConnect, Juniper, F5, etc.)	App Store
iOS	L	L	L		L	Citrix SSO^†
macOS	L	L	L		L	Citrix SSO^†
Android (non-Samsung)	***	***	***			Citrix SSO^†
Samsung Knox Android			L			L
Windows	L	L	L
Chrome OS	L	L		L	^†^†	^†^†

* Insecure - avoid L2TP, PPTP, and IKEv1 (IPsec/XAuth or "Cisco IPsec")

** IPSec/IKEv2 requires UDP ports 500 and 4500 and ESP numbers 50 and 51. ESP is not supported by some ISPs, cloud providers or packet forwarding tools but IKEv2 may still work without it if you have NAT-T implemented.

*** The only MDM option for Android Enterprise is to use a Play Store app. Manual VPN configuration natively supports L2TP and PPTP, and IKEv1 (IPsec/XAuth or "Cisco IPsec"). Android 11 also introduced IKEv2 support but Meraki doesn't support it on Android yet.

^† Uses a proprietary protocol called HDX Enlightened Data Transport (EDT) to connect to a proprietary Citrix Gateway using a proprietary Rendezvous Protocol ...vendor lock-in

^†^† Citrix defaults to OpenVPN. If configuring manually, the Chrome Store has a few options, including AnyConnect. Alternatively, you can use some apps from the Play Store but you must enable it first in Chrome OS. Not all VPN apps are supported - see here and here.

Ugh. What a mess for IT admins!

Search This Blog

Mr. Blue Coat

Citrix VPN options

Comments

Post a Comment

Popular Posts

Install Linux on the X96 Max & X96 Max+

Install Linux on the T95 Mini