Sophos VPN client - the legacy/old one?

VPN
1

Is anyone here using the “old” Sophos SSL/VPN client? The one with the little stoplight icon?

We use Sophos XGS firewalls here and I’m swearing off the “new” client that I’ve had nothing but issues with.

Unfortunately, the “old” client is EOL and I suspect at some point it’ll get removed from the firewall user portal. When I download it, it downloads with a user file in the .exe so making it as a generic installer doesn’t work.

  1. Can I extract just the generic installer from the .exe for the client alone and no user configuration?

  2. anyone else seeing issues with the “new” Sophos connect client and if so, have any suggestions?

2

Just use OpenVPN client.

What issues are you having with Sophos Connect?

3

Use the 3rd download option, it’s something like for “other clients like android” or similar (actual text is eluding me at the moment). That gives you the .ovpn file you can use with the standard OpenVPN client. Works fine, we dumped the Sophos client years ago and just use the actual OpenVPN one. Never had an issue.

4

What issues are you having with Sophos connect? I’ve deployed many installs no issues.

It does disconnect every eight hours but there is a command to extend it.

5
  1. Yes, you can. If you open the .exe in 7-zip, you can delete the user configuration.
  2. Not seeing any issues at all with the new Sophos Connect client. The user experience for one-time passwords is much better since it provides the user with a separate field for the token.
6

We greatly prefer the new client. Our Powershell guru figured out a way to script the uninstall of the old client, install of the new one, and moving the existing config to the new client, all in one go. It usually works! The generic installer makes laptop deployments much easier.

7
  1. Yes
  2. No

New client works fine so far.

8

Where does one find the OpenVPN Client?

More issues than I can count. The backend service freezes, requires a manual restart with admin creds, users don’t have admin. Randomly doesn’t connect without a restart of the service. Also, overall, it’s just a very slow client as opposed to the old one. I’ve had mostly negative feedback in general, too. It feels like a kid made the program.

9

Sophos Connect is just re-branded OpenVPN Connect. We use both in my organization and haven’t seen issues with either.

10

Where does one find this OpenVPN client?

11

Mainly the backend service randomly not starting and then the client showing “service unavailable.” Execs complained about it and it needs to be fixed, so the decision was made to remove the new program as its obviously too buggy for production.

12

Are you using one-time passwords? If so, I think this is a side effect of that. You can extend the key lifetime to prevent it from disconnecting after 8 hours. I have it set to 12 hours.

13
  1. Thank you
  2. Our users just save their passwords. Another reason I wanna nix this software.
14

Would this script happen to be available for sharing?

15

https://openvpn.net/vpn-client/

I never had issues with it but was using IPsec and not SSL VPN.

16

Not exactly. Sophos Connect for Windows can do both SSL and IPsec connections and Sophos Connect for Mac can only do IPsec.

17

https://openvpn.net/vpn-client/

18

Funny how many people that work in this industry don’t even know how to Google the easiest shit.

19

I’ve only seen this happen once in about 100 users. Re-installing the VPN client resolved it. For what it’s worth, my users are using Windows 10 21H2.

20

You can set your VPN provisioning file to disallow that. To be fair, an intelligent user can just edit the JSON file to allow it before importing it, so there’s not a lot you can do to prevent it.