Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945

Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!

Generic ovpn config file

Using the Sophos SSL VPN Client, is it possible to have a generic config file so any authorized user can login via the vpn client?

We have mobile tablets that are used by many different users and to add each individual user config will become a management nightmare.  So, is there a way to just have a user authenticate with their username and password without having a separate config file for each user?

Thank you

 

Mark

  • apijnappels

    I don't think this is possible using remote SSL since it relies on user certificates. You could just create 1 userprofile that everyone uses but that's not recommended for auditing purposes (or even when not everyone needs access to the same resources).

    You might be able to try another remote VPN protocol (ie PPTP).

  • DouglasFoster

    This has been discussed previously on this forum.    The recommended process is:

    • System administrator downloads and installs the VPN client components, which requires privilege.
    • System administrator lowers protection on the configuration folder (only) so that non-privileged users can update it, C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config
    • Users log into the portal and download the key-update program and run it.   This adds their credentials to the configuration folder.
    • System administator removes old credentials when a laptop is turned in, or on another schedule that is acceptable to the organization.
  • apijnappels

    In reply to DouglasFoster:

    I agree on this being the best solution, but TS was specifically saying:

    We have mobile tablets that are used by many different users and to add each individual user config will become a management nightmare

    In my opinion it's either everyone using the same account (which I would never allow) or choose another VPN protocol. I don't think the SSL solution can work without the user certificates.

    • Moderators
    BAlfson

    Hi Mark and welcome to the UTM Community!

    You've received two good answers.  In fact, there is an easy way to load dozens of SSL VPN config files all at once on a device.  Go to the 'Users' tab of 'Definitions & Users >> Users & Groups', check the box to the left of the Edit button for all of the users you want to load and, at the top of the column, select "Download SSL VPN packages" from the 'Action' dropdown list.

    Let us know which solution you chose and why.

    Cheers - Bob

Sophos Footer