Advanced Clientless VPN access with Citrix Gateway
Clientless VPN (CVPN) refers to a way of providing remote access to corporate’s intranet resources through Citrix Gateway without a VPN client application at the client machine. CVPN provides remote access to enterprise web-applications, portals, and other resources using a web browser at the client’s end. Advanced CVPN solution eliminates the following limitations pertaining to CVPN:
Relative URLs cannot be identified at times.
Relative URLs generated dynamically cannot be identified.
Advanced Clientless VPN identifies the absolute URL and hostnames and rewrites them in a new and unique manner instead of trying to rewrite relative URLs present in the HTTP-responses/Web-Pages. SharePoint no longer needs to use the default folder for rewriting URLs and a custom SharePoint access is supported.
The following are the prerequisites to configure Advanced CVPN.
WildCard Server Certificate - VPN virtual server requires a wildcard server certificate. If the server is currently hosted with
https://vpn.comthen the server certificate now should have entries for (
*.vpn.com) as part of certificates CN or SAN (where CN=common name, SAN= Subject Alternative Name). The process of binding this certificate remains the same on Citrix Gateway.
WildCard DNS entry - s The clients (web browsers) would need to resolve the Advanced CVPN app’s FQDN. While setting up the Citrix Gateway server, you would have configured a DNS entry to resolve
vpn.com. You need to configure a subdomain for ‘’ so that ‘.vpn.com’ now resolves to
Configure Advanced Clientless VPN access
To configure Advanced Clientless VPN access using the command line interface, at the command prompt, type:
set vpn parameter -clientlessVpnMode ON set vpn parameter -advancedClientlessVpnMode ENABLED
To configure Advanced Clientless VPN access using the Citrix ADC GUI:
In the NetScaler GUI, navigate to Configuration> Citrix NetScaler> Global Settings.
On the Global Settings page, click Change Global Settings, and then select the Client Experience tab.
On the Client Experience tab, from the Clientless Access drop-down, select On.
On the Client Experience tab, from the Advanced Clientless VPN Mode drop-down, select Enabled.
You can configure the Advanced CVPN feature at a session level as well.