Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 5214 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Private key missing in VPN config file

MichaelSchneider

Hello,

since a long time, the openPVN configuration is no longer spread in 3 files, but in a single file that also contains the certificates. As long as I am SuperAdmin on Sophos, I can also download the configuration files for the VPN users completely. A restricted user on Sophos, who only has read rights due to an assigned role, gets the configuration without the private key in the configuration file. Our PC support should be able to download this data completely but not have full rights on the firewall. As a VPN user, I also get the complete configuration file in the portal. Bug or feature?

Michael



This thread was automatically locked due to age.
Parents
  • 0

    Hallo Michael and welcome to the UTM Community!

    I saw the same question in the German forum that you posted in December, but I didn't have a response then.  After reading Sachin's suggestion, I experimented with that and found that it doesn't work.  This is, as Sachin says, a security feature - only an Administrator with full rights on the UTM can access/change Users and Groups.

    This is an interesting idea though and I think you should propose a feature suggestion at Ideas.  It would make sense that someone that has access as a Remote Access Manager would be able to download the user configuration files, but not have the ability to change User objects.

    Please come back here and supply a link to your suggestion so that others can comment on and vote for it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hallo Michael and welcome to the UTM Community!

    I saw the same question in the German forum that you posted in December, but I didn't have a response then.  After reading Sachin's suggestion, I experimented with that and found that it doesn't work.  This is, as Sachin says, a security feature - only an Administrator with full rights on the UTM can access/change Users and Groups.

    This is an interesting idea though and I think you should propose a feature suggestion at Ideas.  It would make sense that someone that has access as a Remote Access Manager would be able to download the user configuration files, but not have the ability to change User objects.

    Please come back here and supply a link to your suggestion so that others can comment on and vote for it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML