Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 4632 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I need to add VPN clients that are certificate only

Remuflon

I am adding some offsite voip phones that have openvpn built into them.

I have a working SSL VPN on Sophos UTM that works great with our computers, but I ran into a problem when I tried to join the phones.

The phones have the certificates installed correctly, but when they go to connect, UTM is also demanding a userid and password.  There is no provision for that on the phones.  They just have user certificates for authentication.

The log shows them connect and fail because of invalid password and the certificate is parsed correctly.

I tried to create users in UTM that had certificates but no authentication, but it didn't help.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    If you can edit the configuration file for OpenVPN and add it to the phone then, we can define the username and password in the SSL VPN configuration file which will mandate an autologin and manual login will be excluded. As far as I know this is not possible with only certificates but, I would like to learn if that is.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    True, but that would mean I would have to have the root password from the phone's factory, and that is 100% impossible.

    I can SSH into it, but I only get a very restricted shell that let's me do things like change the IP address and reboot.

  • 0 in reply to Remuflon

    I bet the phone manufacturer has a guide that lets you configure what you need.  I know the config file on a Windows machine can specify the use of a file that has username and password in it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Remuflon

    I bet the phone manufacturer has a guide that lets you configure what you need.  I know the config file on a Windows machine can specify the use of a file that has username and password in it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML