Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 4886 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Private key missing in VPN config file

MichaelSchneider

Hello,

since a long time, the openPVN configuration is no longer spread in 3 files, but in a single file that also contains the certificates. As long as I am SuperAdmin on Sophos, I can also download the configuration files for the VPN users completely. A restricted user on Sophos, who only has read rights due to an assigned role, gets the configuration without the private key in the configuration file. Our PC support should be able to download this data completely but not have full rights on the firewall. As a VPN user, I also get the complete configuration file in the portal. Bug or feature?

Michael



This thread was automatically locked due to age.
  • 0

    Hi Michael,

    Not a Bug nor a feature, I see it as a security behavior. I would like to learn why should a ReadOnly User get access to a Private Key for the Users? However, what happens if you create a new custom profile, in Management | Web Admin Settings | Access control | New; create a new Role and select Remote Access Manager rights. Assign this role to the PC support Users and let us know if it works. 

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    Hallo Michael and welcome to the UTM Community!

    I saw the same question in the German forum that you posted in December, but I didn't have a response then.  After reading Sachin's suggestion, I experimented with that and found that it doesn't work.  This is, as Sachin says, a security feature - only an Administrator with full rights on the UTM can access/change Users and Groups.

    This is an interesting idea though and I think you should propose a feature suggestion at Ideas.  It would make sense that someone that has access as a Remote Access Manager would be able to download the user configuration files, but not have the ability to change User objects.

    Please come back here and supply a link to your suggestion so that others can comment on and vote for it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?