Sophos Connect with multiple users on the same PC

That is currently not supported. Sophos Connect has one store of configuration. SSLVPN requires one certificate per user. So you cannot use the certificate (config) of User A and authenticate yourself with User B. 

It looks like it can store multiple configs, just not for the same host. I can import multiple ovpn files as long as each one is for a different remote host. Is the connect client allowing multiple ovpn files, but only storing or using one of those configurations?

I tried importing two ovpn files, one with the remote value set to the fqdn of the host and the other with the remote value set to the IP of the same host, each for a different user and the client allowed this. But this is not a good workaround as I would have to create a different fqdn for the ip address for each user.

Example:

OVPN 1:

ip-win32 dynamic
client
dev tun
proto tcp
remote vpnhost.mycompany.com 443

OVPN 2:

ip-win32 dynamic
client
dev tun
proto tcp
remote 1.2.3.4 443

Connect was not build for this kind of scenario in the first place. It checks for the destination and replaces configs to have a better user experience. 

From a security perspective is a multi client host trouble anyway... But that is a different story. 

OK.

What would be the suggested solution for a common laptop used by multiple people to connect to an XG using a software VPN? The old client works in this scenario but is being dropped.

Am I forced to create a single account used by all users of this laptop for VPN authentication?

Hi,

Why not to create one Windows profile per user?

Each user has its own profile with its own .ovpn file imported to Sophos Connect.

Best regards.

Hi,

Why not to create one Windows profile per user?

Each user has its own profile with its own .ovpn file imported to Sophos Connect.

Best regards.

Sophos Connect will only allow you to import 1 user per unique 'remote' value in the ovpn file. When I try to import the 2nd user with the same remote host address, it will say it can't import duplicate entries. When I put the ovpn files in import folder, it appears they are imported, but only one item per unique remote value will show.

It sounds like that is by design or at least a limitation of the design for Sophos Connect, unlike the old client.

Connect uses C://Programs Folder. Which means, its the same folder for all Clients locally installed. 

We are having the same issue, with Devices which will be used by different users. I would say, that's not a "Feature" it's a bug and should be fixed by sophos. I can't think about a case where this should be usefull...

I can see that it would help to replace Configuration-Files (updates) but in this case, there should be a match with Remote-Gateway AND username...

Maybe that's just another try to force UTM users to SFOS.

A bug would indicate a unexpected behavior. This is by design how it works. 

username is, as far as i know, not shown in the configuration file due several reasons. So we are not saving this. We could check for the footprint of the certificate. That would be a feature request.

Just wondering, as SC is deployed millions of times, how nobody came up with this yet. 

That's because Sophos UTM has it's own Client which would work with multiple connections. I think this problem is coming up now because of the retirement of the old UTM SSL-VPN Client, with us at least.

You could also migrate to OpenVPN, which is the core agent as well. It should support all of the SSLVPN Client Features and more. If you do not utilize the features of Sophos Connect (IPsec, Autoprovisioning), it could be a viable solution. 

Thanks for that suggestion, we already do this because of the Sophos Connect limitation.