Zitat von
mpca am 22. Dezember 2021, 8:59 Uhr
https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/128936/sophos-connect-migration-script-from-utm-sslvpn
Hi all,
This is a very early beta of a script that does the following:
- Takes a backup of the old ovpn config from SG UTM SSLVPN
- Removes old SG UTM client
- Installs Sophos Connect
- Imports the old config into Sophos Connect so user can still connect to UTM
- Installs a provisioning file for the coming Sophos Firewall, so migration should be easier 🙂
Have testet it all, it works so far good, but do not implement in production before thoroughly tested 🙂
vpmmigrate.bat
@echo off
IF NOT EXIST "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\uninstall.exe" goto :eof
REM Remove the old client
REM Kill running programs, preventing uninstall
taskkill /im openvpn* /F
timeout 2
REM Backup the OVPN config file
rem rmdir "c:\!vpn" /s /q
mkdir c:\!vpn
copy "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config\*.ovpn" c:\!vpn\
REM Use uninstaller to remove the client
cd\Program Files (x86)\Sophos\Sophos SSL VPN Client
Uninstall.exe /S
timeout 10
REM Do folder cleanup - if not, Sophos Connect refuse to install
cd\
rmdir "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client" /s /q
SET Sophos_Connect=Sophos\Connect\scvpn
IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG
IF NOT EXIST "%ProgramFiles(x86)%\%Sophos_Connect%" GOTO INSTALL
exit /b 0
:X86_PROG
IF NOT EXIST "%ProgramFiles%\%Sophos_Connect%" GOTO INSTALL
exit /b 0
:INSTALL
msiexec.exe /i "\\server\share\SophosConnect.msi" /QN
timeout 5
REM Deploying SSLVPN provisioning file - user must connect once with the client to fetch their profile when SF is in place.
REM Userportal on SF must be accessible and with a valid certificate!
copy /Y "\\server\share\xgsslvpn.pro" "C:\Program Files (x86)\Sophos\Connect\Import\"
REM Deploying old SSLVPN for UTM
copy /Y "c:\!vpn\*.ovpn" "C:\Program Files (x86)\Sophos\Connect\Import\"
Popd
REM Start Gui - tray icon.
start "" "C:\Program Files (x86)\Sophos\Connect\GUI\scgui.exe"
:eof
END && EXIT
provisioningfile xgsslvpn.pro
[
{
"gateway": "fw01.domain.dk",
"user_portal_port": 4445,
"otp": false,
"auto_connect_host": "",
"can_save_credentials": true,
"check_remote_availability": false,
"run_logon_script": false
}
]
https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/128936/sophos-connect-migration-script-from-utm-sslvpn
Hi all,
This is a very early beta of a script that does the following:
- Takes a backup of the old ovpn config from SG UTM SSLVPN
- Removes old SG UTM client
- Installs Sophos Connect
- Imports the old config into Sophos Connect so user can still connect to UTM
- Installs a provisioning file for the coming Sophos Firewall, so migration should be easier 🙂
Have testet it all, it works so far good, but do not implement in production before thoroughly tested 🙂
vpmmigrate.bat
@echo off
IF NOT EXIST "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\uninstall.exe" goto :eof
REM Remove the old client
REM Kill running programs, preventing uninstall
taskkill /im openvpn* /F
timeout 2
REM Backup the OVPN config file
rem rmdir "c:\!vpn" /s /q
mkdir c:\!vpn
copy "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config\*.ovpn" c:\!vpn\
REM Use uninstaller to remove the client
cd\Program Files (x86)\Sophos\Sophos SSL VPN Client
Uninstall.exe /S
timeout 10
REM Do folder cleanup - if not, Sophos Connect refuse to install
cd\
rmdir "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client" /s /q
SET Sophos_Connect=Sophos\Connect\scvpn
IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG
IF NOT EXIST "%ProgramFiles(x86)%\%Sophos_Connect%" GOTO INSTALL
exit /b 0
:X86_PROG
IF NOT EXIST "%ProgramFiles%\%Sophos_Connect%" GOTO INSTALL
exit /b 0
:INSTALL
msiexec.exe /i "\\server\share\SophosConnect.msi" /QN
timeout 5
REM Deploying SSLVPN provisioning file - user must connect once with the client to fetch their profile when SF is in place.
REM Userportal on SF must be accessible and with a valid certificate!
copy /Y "\\server\share\xgsslvpn.pro" "C:\Program Files (x86)\Sophos\Connect\Import\"
REM Deploying old SSLVPN for UTM
copy /Y "c:\!vpn\*.ovpn" "C:\Program Files (x86)\Sophos\Connect\Import\"
Popd
REM Start Gui - tray icon.
start "" "C:\Program Files (x86)\Sophos\Connect\GUI\scgui.exe"
:eof
END && EXIT
provisioningfile xgsslvpn.pro
[
{
"gateway": "fw01.domain.dk",
"user_portal_port": 4445,
"otp": false,
"auto_connect_host": "",
"can_save_credentials": true,
"check_remote_availability": false,
"run_logon_script": false
}
]
