Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 1677 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect Client: Preshard key unencrypted in configuration file

jjuergenn

Hi All,

the preshared key in sophos connect client config file is mentioned in clear text.

---

"psk":    {
            "id":    "%any",
            "secret":    "Start1234"
        }
    },

---

Is there a way to encrypt the preshared key?

 

Kind regards, Juergen



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi jjuergenn,

    Please check answer by  on Community thread Sophos Connect Client Policy Deployment - PSK in plain text?

    "Per that KB article the GPO copies the .tgb file (which contains the PSK in plain text) to C:\Program Files... from which the user could browse and view it read-only even as a non-admin."

    Once the Sophos Connect Client imports a connection the connection is encrypted and is no longer accessible for the user to view the configuration file. So if the configuration file is pushed via GPO, the user would not have access to open and view the txt file"

    Thanks,

  • 0 in reply to FormerMember

    Dear Patel,

    thank you for this Suggestion. I am aware of this solution. However this solution is feasible for Domain member only. I have a couple of developer in south america with unmanaged Computers.

     

    Is there a plan to encrypt the preshared key?

     

    Regards,

    Juergen

     

Reply
  • 0 in reply to FormerMember

    Dear Patel,

    thank you for this Suggestion. I am aware of this solution. However this solution is feasible for Domain member only. I have a couple of developer in south america with unmanaged Computers.

     

    Is there a plan to encrypt the preshared key?

     

    Regards,

    Juergen

     

Children
Unfiltered HTML