Disclaimer: This information is posted as-is and the content should be referenced at your own risk
Hi all,
This is a very early beta of a script that does the following:
- Takes a backup of the old ovpn config from SG UTM SSLVPN
- Removes old SG UTM client
- Installs Sophos Connect
- Imports the old config into Sophos Connect so user can still connect to UTM
- Installs a provisioning file for the coming Sophos Firewall, so migration should be easier :-)
Have testet it all, it works so far good, but do not implement in production before thoroughly tested :-)
@echo off IF NOT EXIST "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\uninstall.exe" goto :eof REM Remove the old client REM Kill running programs, preventing uninstall taskkill /im openvpn* /F timeout 2 REM Backup the OVPN config file rem rmdir "c:\!vpn" /s /q mkdir c:\!vpn copy "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config\*.ovpn" c:\!vpn\ REM Use uninstaller to remove the client cd\Program Files (x86)\Sophos\Sophos SSL VPN Client Uninstall.exe /S timeout 10 REM Do folder cleanup - if not, Sophos Connect refuse to install cd\ rmdir "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client" /s /q SET Sophos_Connect=Sophos\Connect\scvpn IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG IF NOT EXIST "%ProgramFiles(x86)%\%Sophos_Connect%" GOTO INSTALL exit /b 0 :X86_PROG IF NOT EXIST "%ProgramFiles%\%Sophos_Connect%" GOTO INSTALL exit /b 0 :INSTALL msiexec.exe /i "\\server\share\SophosConnect.msi" /QN timeout 5 REM Deploying SSLVPN provisioning file - user must connect once with the client to fetch their profile when SF is in place. REM Userportal on SF must be accessible and with a valid certificate! copy /Y "\\server\share\xgsslvpn.pro" "C:\Program Files (x86)\Sophos\Connect\Import\" REM Deploying old SSLVPN for UTM copy /Y "c:\!vpn\*.ovpn" "C:\Program Files (x86)\Sophos\Connect\Import\" Popd REM Start Gui - tray icon. start "" "C:\Program Files (x86)\Sophos\Connect\GUI\scgui.exe" :eof END && EXIT
[ { "gateway": "fw01.domain.dk", "user_portal_port": 4445, "otp": false, "auto_connect_host": "", "can_save_credentials": true, "check_remote_availability": false, "run_logon_script": false } ]
Attached are the bat file and the provisioning file :-)
Let me hear your thoughts :-)
Hello Twister!
Thank you for your contribution to the community.
Regards,
Looks fabulous! Any more positive experiences?
Cheers - Bob
Hej Martin,
I tried just importing individual ovpn files in Sophos Connect and that has resulted in "VPN service is not running" messages.
I'll run your script and see if I have better luck when the files are imported that way.
We saw the same issues on some machines. I had an support ticket for this, but due to holiday session i wasn't able to discuss this with the support. Were you able to resolve the issues?
I just saw, that this is also discussed in another topic: Sophos Connect on Windows Server - Discussions - Sophos Firewall - Sophos Community