Sophos Connect Migration script from UTM SSLVPN

Disclaimer: This information is posted as-is and the content should be referenced at your own risk


Hi all,

This is a very early beta of a script that does the following:

- Takes a backup of the old ovpn config from SG UTM SSLVPN

- Removes old SG UTM client

- Installs Sophos Connect

- Imports the old config into Sophos Connect so user can still connect to UTM

- Installs a provisioning file for the coming Sophos Firewall, so migration should be easier :-)

Have testet it all, it works so far good, but do not implement in production before thoroughly tested :-)

vpnmigrate.bat.txt
@echo off

IF NOT EXIST "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\uninstall.exe" goto :eof
	REM Remove the old client
	REM Kill running programs, preventing uninstall
	taskkill /im openvpn* /F
	timeout 2
	REM Backup the OVPN config file
	rem rmdir "c:\!vpn" /s /q
	mkdir c:\!vpn
	copy "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config\*.ovpn" c:\!vpn\
	REM Use uninstaller to remove the client
	cd\Program Files (x86)\Sophos\Sophos SSL VPN Client
	Uninstall.exe /S
	timeout 10
	REM Do folder cleanup - if not, Sophos Connect refuse to install
	cd\
	rmdir "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client" /s /q

	SET Sophos_Connect=Sophos\Connect\scvpn
	IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG
	IF NOT EXIST "%ProgramFiles(x86)%\%Sophos_Connect%" GOTO INSTALL
	exit /b 0
	:X86_PROG
	IF NOT EXIST "%ProgramFiles%\%Sophos_Connect%" GOTO INSTALL
	exit /b 0
	:INSTALL
	msiexec.exe /i "\\server\share\SophosConnect.msi" /QN
	timeout 5
	REM Deploying SSLVPN provisioning file - user must connect once with the client to fetch their profile when SF is in place.
	REM Userportal on SF must be accessible and with a valid certificate!
	copy /Y "\\server\share\xgsslvpn.pro" "C:\Program Files (x86)\Sophos\Connect\Import\"
	REM Deploying old SSLVPN for UTM 
	copy /Y "c:\!vpn\*.ovpn" "C:\Program Files (x86)\Sophos\Connect\Import\"
	Popd
	REM Start Gui - tray icon.
	start "" "C:\Program Files (x86)\Sophos\Connect\GUI\scgui.exe"

:eof

END && EXIT

xgsslvpn.pro.txt
[
    {  
        "gateway": "fw01.domain.dk", 
        "user_portal_port": 4445, 
        "otp": false, 
        "auto_connect_host": "", 
        "can_save_credentials": true, 
        "check_remote_availability": false, 
        "run_logon_script": false 
    } 
]

Attached are the bat file and the provisioning file :-)

Let me hear your thoughts :-)



Edited TAGs
[edited by: emmosophos at 12:16 AM (GMT -7) on 7 Sep 2022]
Parents
  • Great script, thanks for sharing. One question though. You probably ran this in the context of an account with administrative permissions. Afterwards, was the .ovpn connection available in the Sophos Connect client of the currently logged in user or the admin one?

Reply
  • Great script, thanks for sharing. One question though. You probably ran this in the context of an account with administrative permissions. Afterwards, was the .ovpn connection available in the Sophos Connect client of the currently logged in user or the admin one?

Children
No Data