1.1.1 Kiosk Mode

Kiosk mode (uses a combination of the stunnel and dante open source projects at http://www.stunnel.org/ and http://www.inet.no/dante/. In the Kiosk mode of SSL VPN, only a limited set of applications are enabled for SSL VPN. A non-admin or a non- root user who does not have the administrator access can connect to SSL VPN in the Kiosk mode. In Kiosk mode, applications that were opened before the SSL VPN connection was established are not SSL-enabled.

The Kiosk mode supports only TCP and UDP applications and not ICMP. This mode is better suited for machines that are not managed by an organization, such as home computers and computers in Web-browsing kiosks. You cannot force Kiosk mode when connected as a user with root or admin privileges.

1.1.2 Enterprise Mode

Enterprise mode uses the OpenVPN open source project at http://openvpn.net/.You can access SSL VPN in the Enterprise mode if you have admin or root user access to the workstation, if you know the admin or root user credentials, or if you have preinstalled the client components on the workstation.

In Enterprise mode, all applications, including those on the desktop and the toolbar are SSL-enabled, regardless of whether they were opened before or after connecting to SSL VPN. In this approach, a thin client is installed on your workstation. This thin client takes care of the administrator activities required for the Enterprise mode of SSL VPN. In the Enterprise mode, the IP Forwarding feature is enabled by default on the server.

The Enterprise mode is recommended for devices that are managed by an organization, such as a laptop provided by the organization for its employees. The Enterprise mode of SSL VPN supports the following applications, which have problems in Kiosk mode: