by Do you want to auto login your Sophos SSL VPN client using Keepass password manager?
A question I get asked a lot since the corona-outbreak is if the VPN credentials can be saved. Sophos uses OpenVPN for the SSL-VPN connections. There is not really a safe option to have the client “remember” the credentials. Therefore I think this is not really an option.
It is however possible to use the Keepass password manager to do exactly what you want; logging in to the VPN with as little typing as possible. Keepass can even type in the one-time password for you!
I think it’s always good for anyone to have a password manager for storing passwords. It is an indispensable piece of software that can even almost auto login the Sophos VPN-client.
To get started you first need to install Keepass version 2.x. To download go the Keepass website. At the time of writing versin 2.47 is the latest and thus the one you should use. I’m not going into detail in how to setup Keepass en create a password database, so that part is up to yourself.
Creating the Keepass entry
Once installed, in Keepass create a new entry and name it whatever you like. Don’t be too specific, since the same credentials you use for the VPN-client are needed for the user portal. A name like Sophos login could be just fine.
In the User name field enter the user name you use to login to the Sophos SSL-VPN. In the password field enter your password.
Next, go to the Advanced tab, and click on the ‘Add’ button next to the String fields box, under name enter: ‘TimeOTP-Secret-Hex’ and under value enter the OTP secret you can find in the Sophos firewall for both UTM and XG
Next navigate to the Auto-Type tab in the Add Entry form and click on the ‘Add’ button to add an Auto-Type entry. Make sure that at this time you also make sure the Sophos VPN-client ‘asks’ you your credentials to login that allows you to pick the Target window from all currently opened windows. Select the option ‘Use custom keystroke sequence’ and enter: {USERNAME}{TAB}PASSWORD}{TIMEOTP}{ENTER}.
By this you tell Keepass that if you want it to auto type in the window named ‘SSL VPN – User Authentication’ that it needs to type your username, hit TAB, enter your password followed by the onetime password value and hit enter.
See auto login in action and let Keepass enter your Sophos SSL credentials
Now save the new entry and choose to connect your Sophos SSL VPN-client. When asked for a username hit Ctrl-Alt-A (the default setting in Keepass unless you changed it to something different) and watch the magic.
If you like this post, you may also like my other posts about Sophos.
Thank you for this post, really saves me time and best of it all, can use it in several other applications too!