This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to create site to site ipsec vpn from command line

Hello,

I would like to use command line to create Remote Gateway and Site to Site VPN connections. Is it possible?

 

Thank you



This thread was automatically locked due to age.
Parents
  • Why do you want to do this?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Because I need to create lots of Remote Gateways and IPsec in a project. If there is an option to do it by command line, I can create set of commands/ script from an ip list so that I can reduce the possibible mistakes/typos. Isn't it a reasonable willing?

  • That depends, how many is "lots" of tunnels, Emre?

    WebAdmin is a GUI that manipulates databases of objects and settings.  A single change there can cause the Configuration Daemon to rewrite hundreds of lines of the code used to run the UTM.  You would need scripts to create objects for IPsec Connections, Remote Gateways, Local networks, Remote Networks, Firewall rules, etc.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I have 2 set of sophos and 60 ipsec vpn connection on each, totally 120 vpn tunnels. All have similar settings except ip and names.

    At least it would be good to have export import tool for definitions.

  • For that many, you may be able to justify the time needed to learn and apply a command line approach. Try the following Google:

    site:community.sophos.com/products/unified-threat-management/f "cc set_object"

    To get an idea of what structures you will need, create a working tunnel and then query the object database:

    cc get_objects ipsec_connection
    cc get_objects ipsec remote_gateway

    In any case, you will want to have Sophos Support "bless" your scripts.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • For that many, you may be able to justify the time needed to learn and apply a command line approach. Try the following Google:

    site:community.sophos.com/products/unified-threat-management/f "cc set_object"

    To get an idea of what structures you will need, create a working tunnel and then query the object database:

    cc get_objects ipsec_connection
    cc get_objects ipsec remote_gateway

    In any case, you will want to have Sophos Support "bless" your scripts.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data