HomeScreen ShotsDownloadPurchaseSupportAbout
K-Secure VPN Server K-Secure VPN Client
Introduction
Installation
Quick Start Tutorial
How It Works
Release Notes
Working with the Server
Server Side Overview
Groups, Rules and Users
Server Status
Peers
IP Assignments
Connections
Express Config
Groups
Rules
Users
History
Proxy Agent
Working with the Wizards
Group Wizard
Rule Wizard
User Wizard
Options
General
Connections
History
Languages
Look and Feel
Server
Virtual Network
Warnings
Command Line Options
How To ...
Install License
Start and Stop
Uninstall
Using Service Control Manager
Using ipconfig
Tech Support
Purchasing and Licensing Agreements
How to Order
License

Groups, Rules and Users

In K-Secure VPN, a group can be understood as a container for rules and users. This is best illustrated with the following diagram.

The following properties apply to groups, rules and users:

  • There can be a finite number of rules inside a group (Group X). These are Rule 1, Rule 2, ... up to Rule M; In K-Secure VPN Server, M is only limited by the amount of virtual memory available;
  • There can be a finite number of users inside a group (Group X). These are User 1, User 2, ... up to User N; In K-Secure VPN Server, N is only limited by the amount of virtual memory available;
  • A given user inside a group can use any rule defined in the group. For example, when user N is connected, K-Secure VPN Server searches sequentially all the rules in the group, from Rule 1 to Rule M until it finds a suitable rule;
  • Because rule searching inside a group is sequential, from top to bottom, the order of rules defined in a group is important.

Hierarchy of Groups

In K-Secure VPN Server, any group can have any number of children. This is illustrated in the following diagram.

When it comes to rule matching, the default search order is bottom-up. In this scenario,

  • When a user from Group X connects, the server searches all the rules defined in Group X for a suitable rule;
  • If the server finds no suitable rule in Group X, it looks to see if Group X has a parent;
  • If Group X does have a parent group, Group Y, the server then searches in Group Y for a suitable rule;
  • If a suitable rule can be found in Group Y, the search stops and the rule is applied;
  • If Group X does not have a parent group, the search stops with no rule found - at this point the connection from the client is dropped;

Starting from version 3, the rule search order can be set to top-down through the General Options page. If Search rules in top-down order is selected in that page,

  • When a user from Group X connects, the server searches all the rules defined in Group X for a suitable rule;
  • If the server finds no suitable rule in Group X, it looks to see if Group X has any children group(s);
  • For each of the children groups of Group X, let's call it Group Y, the server then searches in Group Y for a suitable rule;
  • If a suitable rule can be found in Group Y, the search stops and the rule is applied;
  • Otherwise it keeps searching for a suitable rule in the grand-children group(s) of Group X. This process repeats until all children, grand-children, grand-grand-children group(s) of Group X have been searched;
  • If no suitable rule is found in Group X and all of its children group(s), the search stops with no rule found - at this point the connection from the client is dropped;
See Also