Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Subscribers 6 subscribers
  • Views 34997 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to download SSL VPN client 2.3.18 or higher

Remuflon

I've been using UTM 9, SSL VPN client on Windows 10, version 2.1 for years.

Now, my employer's security scanners says that is "out of date" and removed it.

They say I have to use version 2.3.18 or greater.  Problem is, I can't find that.  I reinstalled SSL VPN client from the portal and again got version 2.1, which is blocked by security.

 

What is the current version?  How do I download the latest version?  The 2.1 version contains an OpenVPN build that reportedly has vulnerabilities.

Thanks!



This thread was automatically locked due to age.
  • 0 in reply to Mike Hyers

    All of these scanners are duller than butter knives, Mike.  If you're running your own scans, you can certainly get a statement from Sophos Support that this vulnerability has been eliminated.  If you're using a provider that scans with Nessus, that should also satisfy them for now.  After that,  I suggest that you change providers to get one that knows how to manage and keep track of exceptions as most don't.

    Sophos would be foolish to make changes based on this message from Nessus.  The developers can deliver a more-secure tool by patching the modules they know instead of vetting and hardening newer versions all of the time.

    In any case, if you're in the same situation as Remouflon (no exceptions allowed by an OpenVPN service to which you want to connect), I don't see how you can avoid doing the upgrades.  Even if Sophos changed the client to a new version, you would have to distribute that, too.

    Good luck!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I'm sorry Bob but in this case I'm not with you. It might as well be that all underlying vulnerabilities are effectively being handled by Sophos UTM, but OpenVPN 2.1 was in development from October 2005 until November 2010. So the very last version (2.1.4) is almost 8 years old now. 

    As a security company that always preaches to keep software up-to-date this is not practicing what your preach.....

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels

    We'll have to agree to disagree, Arno.  They are keeping patches up-to-date and the client does what it needs to do with the UTM.  They don't advertise that it's a client for OpenVPN.  If folks are going to use other OpenVPN servers, they'll need to decide whether they trust the latest OpenVPN client to be used with UTM SSL VPN remote access or if they want to have both the SSL VPN client and the OpenVPN client.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML