Hi,
I dont want to enter my login info to ssl vpn client at each time when I connected to vpn. How can I save my login info like fortigate ssl vpn client ?
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hi,
I dont want to enter my login info to ssl vpn client at each time when I connected to vpn. How can I save my login info like fortigate ssl vpn client ?
Sophos uses OpenVPN for SSLVPN.
The OpenVPN Client does not have a secure way to save the password.
https://forums.openvpn.net/viewtopic.php?t=27404
Hashing the Password would require some mechanism at your own to script.
I would recommend to use Sophos Connect (IPsec Client), which can save the password or do not save the password in OpenVPN.
__________________________________________________________________________________________________________________
Hi,
How can I use Sophos Connect Client.,
İs there any doc to use it
Unknown said:...
İs there any doc to use it
You'll find it here.
Be aware that any traffic will be going through the VPN tunnel, you have to create firewall rules to allow traffic from VPN to WAN.
Intrusus
Sophos Certified Engineer | Sophos Certified Technician
private lab:
XG firewall with SFOS 20.X running on Proxmox
If a post solves your question use the 'Verify Answer' link
Hi,
thanks for answer . I have a question , when I click the apply button , Sophos show this message
"This will update the preshared key of all the connections configured between the same local and remote peers. Are you sure you want to continue?"
If I click yes , will be change all old preshared keys ?
İpsec connection preshared key and sophos connect client are same valu or are they different ?
In fact, I have only used Sophos Connect on its own without having configured other IPSec connections. I would have to recreate this in the lab, but I don't have the time to do that right now. Maybe someone has already made his experiences here, in the forum I have already found your question, but no suitable answers.
Try it yourself in a lab environment not in production. I would advise you to configure a Local ID and Remote ID, maybe this message has something to do with it and then affects only clients with the same IDs.
maybe you know how this will behave?
Best regards,
Leon
Intrusus
Sophos Certified Engineer | Sophos Certified Technician
private lab:
XG firewall with SFOS 20.X running on Proxmox
If a post solves your question use the 'Verify Answer' link
It depends.
Remote Access acts like all "Respond only" IPsec Site to Site tunnel with a Wildcard.
XG does not support "PSK Probing". PSK Probing is some sort of technique to try to figure out different PSKs used by different Tunnel in case of Remote Site *.
Lets assume you have a site to site tunnel configured with respond only and remote gateway is "*" (So basically you dont know).
That PSK will be overwritten by Sophos Connect, because XG cannot split this tunnel to all Sophos connect connections coming.
Best practice is always to use a remote gateway (IP or DNS). Not to use "*".
If your other end has a dynamic IP, try to use DDNS.
__________________________________________________________________________________________________________________
Hi intrusus,
It will update all preshared keys with local peer ID (generally public IP of interface bound) and remote peer which is always * (at least it should be). So In order to prevent this I suggest you to have local and remote ID configured on the IPsec connections before saving this connect client configuration.
Thanks,
Hi intrusus,
It will update all preshared keys with local peer ID (generally public IP of interface bound) and remote peer which is always * (at least it should be). So In order to prevent this I suggest you to have local and remote ID configured on the IPsec connections before saving this connect client configuration.
Thanks,