Citrix VPN options

For reference...

 L2TP*PPTP*IKEv2**OpenVPNSSL (AnyConnect, Juniper, F5, etc.)App Store
iOSLLL LCitrix SSO
macOSLLL LCitrix SSO
Android (non-Samsung)*********  Citrix SSO
Samsung Knox Android  L  L
WindowsLLL   
Chrome OSLL L

* Insecure - avoid L2TP, PPTP, and IKEv1 (IPsec/XAuth or "Cisco IPsec")

** IPSec/IKEv2 requires UDP ports 500 and 4500 and ESP numbers 50 and 51. ESP is not supported by some ISPs, cloud providers or packet forwarding tools but IKEv2 may still work without it if you have NAT-T implemented.

*** The only MDM option for Android Enterprise is to use a Play Store app. Manual VPN configuration natively supports L2TP and PPTP, and IKEv1 (IPsec/XAuth or "Cisco IPsec"). Android 11 also introduced IKEv2 support but Meraki doesn't support it on Android yet.

Uses a proprietary protocol called HDX Enlightened Data Transport (EDT) to connect to a proprietary Citrix Gateway using a proprietary Rendezvous Protocol  ...vendor lock-in

Citrix defaults to OpenVPN. If configuring manually, the Chrome Store has a few options, including AnyConnect. Alternatively, you can use some apps from the Play Store but you must enable it first in Chrome OS. Not all VPN apps are supported - see here and here.


Ugh. What a mess for IT admins!

Comments

Popular Posts