VPN inside Samsung Knox only?

Jonny Kansas

Administrator
Staff member
Rescue Squad
Joined
Jan 21, 2010
Messages
16,740
Reaction score
7,355
Location
Michigan's Upper Peninsula
Website
www.google.com
Current Phone Model
Pixel XL
Twitter
jonny_ks
I'm really not sure if anyone actually uses Samsung Knox, but if you do, do you use a vpn and/or rdp?

I currently have my phone setup so that I can connect to work via vpn and remote into my pc through rdp, but having the vpn available requires me to have a pin or password lock at all times and I'd much rather setup a vpn that only runs inside of Knox so that can be password protected and I can be a little more lax on overall phone security from time to time if I so choose.

I'm the IT Director, so you'd think I could figure this out. I've got an account created with knox to manage enterprise devices, which is only mine at this point.

I've got the "Samsung KNOX VPN Admin Guide," dated March 18, 2014, so it should be up-to-date enough.

The guide claims there's a KNOX VPN app, but I don't find it in the secure market on the phone itself or in the web version when I'm logged in to the Samsung Knox site. I don't really want to go through the hassle of setting policies and things through Knox just to make my life a little easier, as there aren't really other employees that would benefit from these abilities at this time. I'd much rather have an app setup for vpn and another setup for rdp and both to be locked up in Knox.

If anyone has any experience in this, I'd sure love your feedback.

Given that I have access to the information needed to setup the vpn and the rdp, I thought it'd be as simple as it was to set it up for the whole phone. I see in the literature I've found that it's supposed to be able to do phone-wide, container(knox only, what I want)-wide, or app-specific vpns, but I can't for the life of me figure out what I'm missing.
 
OP
Jonny Kansas

Jonny Kansas

Administrator
Staff member
Rescue Squad
Joined
Jan 21, 2010
Messages
16,740
Reaction score
7,355
Location
Michigan's Upper Peninsula
Website
www.google.com
Current Phone Model
Pixel XL
Twitter
jonny_ks
I see you did the same Google search I did. Haha!

I'm a little leery of third-party apps just because it's my job to keep things secure, but it looks like that Touchdown has been bought by symantec, so I supposed they might be trustworthy.

As for the second link you gave, I skimmed through that one as well. Again, I hate to go through the trouble of setting something up on the back-end when it's only me that'll be using it. Seems like more work than it should be worth, but maybe not.

Guess I'll do some more playing around.
 
OP
Jonny Kansas

Jonny Kansas

Administrator
Staff member
Rescue Squad
Joined
Jan 21, 2010
Messages
16,740
Reaction score
7,355
Location
Michigan's Upper Peninsula
Website
www.google.com
Current Phone Model
Pixel XL
Twitter
jonny_ks
Also looks like touchdown is for mail. I'm fine with using the mail app within Knox for work email. It's the act of using a vpn and actually remoting into my computer so I can change passwords for people/check on the servers/etc. that I'm more concerned with.

It's a nursing home, so only office staff have email anyway. More often than not, I'm called to fix something, not emailed.

I want a secure connection and a remote desktop session into my work PC from my phone within Knox so that it's segregated and I can turn off the pin lock I'm currently forced to use from time to time.
 

Jeffrey

Premium Member
Premium Member
Joined
Jan 30, 2012
Messages
6,645
Reaction score
3,511
Location
Thailand
Current Phone Model
iPhone 7 Plus JB
Also looks like touchdown is for mail. I'm fine with using the mail app within Knox for work email. It's the act of using a vpn and actually remoting into my computer so I can change passwords for people/check on the servers/etc. that I'm more concerned with.

It's a nursing home, so only office staff have email anyway. More often than not, I'm called to fix something, not emailed.

I want a secure connection and a remote desktop session into my work PC from my phone within Knox so that it's segregated and I can turn off the pin lock I'm currently forced to use from time to time.
What about using a VPN from your phone?
 
OP
Jonny Kansas

Jonny Kansas

Administrator
Staff member
Rescue Squad
Joined
Jan 21, 2010
Messages
16,740
Reaction score
7,355
Location
Michigan's Upper Peninsula
Website
www.google.com
Current Phone Model
Pixel XL
Twitter
jonny_ks
What about using a VPN from your phone?
That's what I currently do, but when you setup a vpn, it requires you to set a password or pin. No pattern or anything else.

I was looking for a way around it. Don't think one exists.

Sent from my SCH-I545 using Tapatalk
 

Jeffrey

Premium Member
Premium Member
Joined
Jan 30, 2012
Messages
6,645
Reaction score
3,511
Location
Thailand
Current Phone Model
iPhone 7 Plus JB
That's what I currently do, but when you setup a vpn, it requires you to set a password or pin. No pattern or anything else.

I was looking for a way around it. Don't think one exists.

Sent from my SCH-I545 using Tapatalk
That's exactly why i don't use my VPN on my phone.
 
OP
Jonny Kansas

Jonny Kansas

Administrator
Staff member
Rescue Squad
Joined
Jan 21, 2010
Messages
16,740
Reaction score
7,355
Location
Michigan's Upper Peninsula
Website
www.google.com
Current Phone Model
Pixel XL
Twitter
jonny_ks
That's exactly why i don't use my VPN on my phone.
I used it a lot more when I first took over IT, more for the novelty value than anything. Haha!

But I figure as soon as I take it off, I'll be out somewhere & get an urgent call & not have the info to set it up again.

Think I'll wait to put it on the note 4 until I feel like it's absolutely necessary...

Sent from my SCH-I545 using Tapatalk
 
OP
Jonny Kansas

Jonny Kansas

Administrator
Staff member
Rescue Squad
Joined
Jan 21, 2010
Messages
16,740
Reaction score
7,355
Location
Michigan's Upper Peninsula
Website
www.google.com
Current Phone Model
Pixel XL
Twitter
jonny_ks
That's exactly why i don't use my VPN on my phone.
Did you delete the rest of this post, or is Tapatalk having issues? I read it in the email.

It's not super hard to flash a router. Might be some guides somewhere. We did it with linksys routers in class. That's the only hands on experience I've had with it.

It's not bad, but make sure, if you find a guide, to read the whole thing & know it well before getting started, because it's very possible to brick a router if it's not done right.

If you can root & etc you shouldn't have a problem though.

Sent from my SCH-I545 using Tapatalk
 

Jeffrey

Premium Member
Premium Member
Joined
Jan 30, 2012
Messages
6,645
Reaction score
3,511
Location
Thailand
Current Phone Model
iPhone 7 Plus JB
Yes, I deleted it after thinking it 's the wrong place for it. I wound up buying a Buffalo AC router for $135.00 with DD-WRT pre installed. All I need to do now is the setup which is a breeze..
 

gangaNN

New Member
Joined
Jul 13, 2016
Messages
1
Reaction score
0
Current Phone Model
Android Nexus5
So do we still need KNOX to be able to develop Per App VPN feature for devices controlled via MDM? I am using a Cisco AnyConnect app on the android device.
 
OP
Jonny Kansas

Jonny Kansas

Administrator
Staff member
Rescue Squad
Joined
Jan 21, 2010
Messages
16,740
Reaction score
7,355
Location
Michigan's Upper Peninsula
Website
www.google.com
Current Phone Model
Pixel XL
Twitter
jonny_ks
No idea. I ended up giving up on this & removed the VPN from my phone. It makes more sense to me to use it on my PC or tablet with keyboard/trackpad & I'm not on an unlimited data plan anymore.

I'm also not using a Samsung phone anymore.

Sent from my Nexus 6P using Tapatalk
 
Top