I’m travelling and can’t access my network drives! 😡
Have you heard this sentence from angry users? Do you still put the infamous ‘mapping.cmd’ or ‘NetworkDrives.bat’ on your users desktops and they seem to forget about it regularly? Do you want to automate everything that can be automated?
Then you came to the right place. I want to show you how I set up an automatic mapping, which obstacles I had to deal with and get you on the right track. You can adapt the steps from this post to all OpenVPN based VPN clients just as the Sophos SSL client.
So if you did some research on this topic and tried to make this work you probably stumbled upon various posts in the Sophos community among other places. Some say it suffices to create a file using the same name as the VPN configuration file in your config folder, followed by the suffix ‘_up.bat’ and the contents of your script.
- Open the Sophos User Portal in your Browser. Login with your username and password. Note: If your browsers notifies you that this connection isn’t trustworthy, that’s because there’s no SSL certificate for your firewall. Look for the option to still open the page (different depending on the browser).
- Some say it suffices to create a file using the same name as the VPN configuration file in your config folder, followed by the suffix ‘up.bat’ and the contents of your script. This is the corresponding path for Sophos: C:Program Files (x86)SophosSophos SSL VPN Clientconfig.
- If you haven’t already set up users on your network, you will need to implement at least.
Battlefield bad company for mac. This is the corresponding path for Sophos: C:Program Files (x86)SophosSophos SSL VPN Clientconfig
That is not enough, by far. In my tests I had several issues, to be exact I experienced:
In this video i will show you how to install the SSL VPN in Sophos XG firewall.#SSL #VPNwith #Sophos #VPN #OpenVPN. Sophos Endpoint. Sophos Intercept X is the world’s best endpoint security, combining ransomware protection, deep learning malware detection, exploit prevention, EDR, and more – all in a single solution.
- Scripts get executed too early in the connection process
- Automatic creation of ‘_up.bat’ files
- Timeout issues
- Script freezes until you press any button in the command prompt
- Issues with PowerShell script execution when users connect via VPN most of the time and establishing VPN connection before Windows logon is not possible
I believe I tackled the above issues – here is how.
Create the startup script
Here, I want to make sure that users see their network drives as soon as possible after they log in to the company’s VPN and not rely on the group policy background processing mechanism of Windows.
So instead of linking all net use commands for the file shares it is easier to just use gpupdate:
Testing
When I first tested the above script, I noticed that the VPN client pauses the connection attempt until it executes the script, so the gpupdate command will never start in the correct network.
That was not the expected behavior since I found out that ‘_up’-scripts are supposed to run only when the connection is up.
So I renamed the above file to init.bat and just let the _up-script call the first script:
Openvpn Sophos Client
Automating the above using PowerShell
The process should be automatic, independent from the number of existing VPN profiles on the system. The following script will do just that:
More issues
While testing I noticed that the mapping was not successful most times and found errors in the log file related to script timeouts. The default timeout is 15 seconds and is changeable. To do that, adjust the value of ‘connectscript_timeout’ here up to a max value of 99: HKEY_LOCAL_MACHINESOFTWAREWow6432NodeOpenVPN-GUI
Almost there…
Capture video on screen for mac. When you have QuickEdit mode enabled, processing of scripts will freeze if you select anything inside the command prompt. This is what I’m talking about:
At first, I tried starting the script minimized (start /MIN init.bat) but learned that curious users will click the opened command prompt to see what’s happening. And if they click in the command prompt, execution will pause: Microsoft office home and business for mac 2011.
To quickly disable this feature for all users, create a user GPO and change the value of ‘QuickEdit’ to 0: HKEY_CURRENT_USERConsole
Openvpn Sophos Mac
I guess there is another way. If the value ‘show_script_window’ does what it says it does, you can set it to 0 (registry screenshot above) and hide the script. If you want to show users what’s happening, this might not be a choice.
As I mentioned earlier, there was still an issue with PowerShell script execution for users who only ever log on using VPN after the cached Windows logon. In those cases, logon script execution does not work.
This solution will be part of a separate blog post which I will link here. Stay tuned. 🧐
Openvpn Sophos Download
Sophos Client Vpn
After installing the client, a small traffic light icon will show in the bottom right of the task bar. Right-click on it and select Connect. Enter your username and password and confirm by clicking ok.
5. Check VPN connection
With correct login data, the little traffic light should switch to green. This shows, that the VPN connection has been established successfully. You can now access the remote desktop server or a company file server.