Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 22 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 61110 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM SSL VPN and GrandStream Phones

JayMan

 GrandStream phones have an OpenVPN client built in but they only allow the .ca. crt. key to be uploaded to the phone as well as putting inthe VPN server IP, port and protocol. It doesn't allow a login/password field.  Contacting Grandstream support they just tell me not to use a login/password. Is this even possible with the UTM.  Keeping in mine I have about 150 VPN users so making a major change to the SSL VPN isn't an option because those 150 would need to redownload configs.

 

Can you make a local user who is cert based only?

 

all our others users are AD/Radius backend sync



This thread was automatically locked due to age.
Parents
  • 0

    If they don't have a builtin user and password, you're out of luck with the UTM's implementation of OpenVPN.  There's no way to create a blank user with a blank password.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    That is what I was afraid of.  And they are telling me to just turn off the login/pass option on the OpenVPN server and just use certs.

  • 0 in reply to JayMan

    That option doesn't exist in WebAdmin.  I'm no OpenVPN guru (and there is at least one here), but maybe you can achieve that from the command line with

    cc set ssl_vpn user_auth_optional 1

    Set it back to not-optional with

    cc set ssl_vpn user_auth_optional 0

    Did turning optional on allow you to connect from the phone and also from a PC or smart phone using authentication?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Setting it optional wouldn't pass our audits I thought of that.

     

    And now the grandstream devs are saying Sophos isn't openVPN at all because they call it SSL so I sent them screenshots of my openvpn client connected up.

  • 0 in reply to JayMan

    Hi JayMan,

    Wow, been using Grandstream for years and I didn't expect them to be that Obtuse about the OpenVPN that Sophos uses but calls it SSL VPN...

    Are there any other options like L2TP with Radius auth?

    Emile

  • 0 in reply to Emile Belcourt

    only option they have is OpenVPN. via uploading the certs only.

Reply Children
No Data
Unfiltered HTML