In part 1, I walked through how to setup Offline Domain Join with Workspace ONE but that only covered the “computer” join process. What about logging in for the first time off the network? Well that requires VMware Tunnel and a Unified Access Gateway (UAG). Learn how to setup a UAG and configure pre-logon VPN with VMware Tunnel:
3 thoughts on “How to setup Pre-Logon VPN with VMware Tunnel”
Would Pre-Login work with VPN work with the Tunnel Proxy (MAG) instead of UAG? Or is UAG Required?
Hi mike – yes, UAG is required.
how do you handle the scenario where the the Tunnel app is installed but the Windows Tunnel VPN profile is not installed yet prior to domain join attempt? I know there is the ACC ODJ option that is an alternative to handle this but say an organization prefers the pre-login VPN option with Tunnel, what kind of logic could be included in the unattend.xml script to check for the presence of the VPN tunnel profile being installed? With enrollment being completed, that check is done in the registry but what about the tunnel profile being installed? A REST API command to sync the device would require internet access and is not as accurate as checking for the tunnel profile installed on the device.