SSL VPN Remote Access - General Setup basic questions (Auth setup & OVPN File)

Question

Hello 
 I am running the Home FW service - version 19.5.1 Build 278. In a prior release / different machine I had successfully done this but I have forgotten or am just getting stuck. I have been through the setup video and text but here are a couple of roadblocks I have. 
 Everything is established including FW rules, SSL general parameters, etc. But at least two stumbling blocks: 
 1. User Authentication. I setup a single user ID, we will call johnsmith. I can get to the user portal ok, which I set up using port 8443 instead of 443. From within my network, behind the FW, I can access the User Portal and my ID/ Passwork work. It takes me to a screen with the OTP setup screen where I need to scan the QR code with the Sophos Authenticator App. Done - so I have a revolving code. The only other option here is to click the LOGIN screen at the left - and then try to login with my Password+MFA six digit code. THAT login always fails. I can access the User Portal remotely using my port number, but same issue - cannot get to a point where I can get the provisioning file nor even login with Authenticator Code behind password from User Portal. 
 
 2. What I cannot get to is a .ovpn file which I believe I should be able to download from the user portal. 
 I cannot find an OVPN file anywhere else in the menus / instructions. IP SEC has a place to download credentials. 
 I believe I have a simple error in following directions or something that is not obvious to me. 
 Many thanks 
 Chris

Sophos User5937 · Accepted Answer

Well, I broke through my own landmines today. Since this is not a clean install and I had some of this working prior, I think there were some settings that conflicted with my goals. 
 
 1. Inability to get through the MFA problem - 
 In the Authentication section, there is a "tab" called Multi Factor Auth - and there were a few things here. One was the OTP requirement turned on. But also I believe that the MFA option had different settings that may or may not have been an issue. While the OTP was on, I could ONLY get to the OTP page with the QR code. Once I turned tihs off, the full portal was available to me and i could download the OVPN files. 
 2. OVPN file 
 Again - once I solved the "why can I not get in" - I was good. 
 I thought it would be wise to close this thread down, since it might only confuse others. And if i had a clean new fresh install of the FW - or did a factory reset, likely I would have not run into this roadblock. But I learned more than I would have otherwise. 
 THANK YOU PRISM for the quick response. I think it pushed me in a direction to start thinking through logically what was happening. 
 
 Chris

Prism · Answer

Hello! 
 Sophos User5937 said: I believe I have a simple error in following directions or something that is not obvious to me. 
 Starting with the basics, did you allow the user at the "Policy members" section on the SSL VPN default (first) page? 
 
 Sophos User5937 said: I cannot find an OVPN file anywhere else in the menus / instructions. IP SEC has a place to download credentials 
 The configuration file will only be shown at the User Portal if the user has the necessary permission. (Have been added to an SSL VPN Policy.) 
 Thanks!

SSL VPN Remote Access - General Setup basic questions (Auth setup & OVPN File)

Top Replies