VPN Config Password Help

[morley86]

I have recently taken over the IT for a company that has an automatic VPN configured on all their laptops to ensure all traffic is forced through the main network when staff are out and about. I am totally new to OpenVPN and, unfortunately, the outgoing IT guy left under bad circumstances and left literally NO documentation on how anything is set up. I have Admin access to things but that's about it. No other passwords or anything.

I am therefore trying to reverse engineer how the VPN connection is set up so I can configure it on any new laptops that need to be rolled out. The problem is, I cannot work out exactly how OpenVPN authenticates to the server (a Sophos XG appliance).

The connection is configured on a schedule that runs on system start-up as a specific local Windows user account dedicated for this task. This runs the following command: "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect "[Redacted_File_Name].ovpn"
I can see from the logs that this runs the config files stored in the local user account's OpenVPN folder.

From what I can see, each laptop looks to authenticate using a unique username that matches the name of the PC, and I can see coresponding user account configured on the Sophos XG. But I can't work out where it gets the password from. If I run OpenVPN GUI as any other user on the laptop and call the same config file, a box pops up with the username pre-populated (the name of the laptop) and prompts for a password which I don't know.

If I change the password on the Sophos XG, I can type this in myself and the connection is successful, but the password change breaks the auto-script which now won't connect. Therefore, the connection clearly relies on this username and password combination and so there must be something about the local account that is automatically providing the password, I just can't work out where it is stored. It's not so much that I want to see what the password is, I just need to know where it is so I can change it. But I can't find anything. No files that I can see, no registry entries (but I really don't know what I am looking for) and nothing in Windows Credential Manager.

Can anyone tell me from the below config file how this connection is obtaining the user password and where it is getting it from please?

Here is a redacted copy of the config file:

------------------------------Config------------------------------
client
dev tun
proto udp
verify-x509-name "C=GB, ST=NA, L=NA, O=[Redacted], OU=OU, CN=SophosApplianceCertificate_[Redacted_Numbers], emailAddress=[Redacted_Email]"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
[Redacted_Cert_Text]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[Redacted_Cert_Text]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
[Redacted_Cert_Text]
-----END RSA PRIVATE KEY-----
</key>
auth-user-pass
cipher AES-256-GCM
auth SHA512
comp-lzo no
;can_save no
;otp no
;run_logon_script no
;auto_connect
route-delay 4
verb 3
reneg-sec 0
remote [Redacted_External_IP] 8443 udp
remote [Redacted_Internal_IP] 8443 udp
remote [Redacted_Internal_IP] 8443 udp
remote [Redacted_Internal_IP] 8443 udp
remote [Redacted_Internal_IP] 8443 udp
remote [Redacted_Internal_IP] 8443 udp
explicit-exit-notify
------------------------------End_Of_Config------------------------------


Many thanks in advance.

[olivia36mcdowell]

It sounds like you're doing a great job piecing things together! From your description and the provided config file, it seems like the OpenVPN setup is using "auth-user-pass" for authentication, which typically requires a username and password.

Given that the password isn't stored in any obvious file or registry entry, it's possible that the password is being securely stored in a Windows Credential Manager or a similar secure storage mechanism. Here are a few steps you can try to locate the stored credentials: MyCenturaHealths

Windows Credential Manager: Open the Control Panel, go to "User Accounts" > "Credential Manager," and look under "Windows Credentials" for any entries related to OpenVPN or the VPN server.

OpenVPN GUI Settings: Check the OpenVPN GUI settings file (usually located in the OpenVPN installation directory) for any references to credential storage.

Sophos XG Configuration: Since the VPN server is a Sophos XG appliance, check the Sophos XG configuration for any user credential settings or scripts that might be handling the authentication.

[morley86]

Thanks for the reply! I eventually worked this out and it was so simple - the config file obviously provided all the details needed to connect except the username and password. The answer was there is a scheduled task that runs as a local user account that has the client set up in it and launched the OVPN client in the background on boot and the password was saved in the OVPN client. Literally the tick box was checked to remember the details! Sometimes the simplest solutions are the best!

Thanks anyway for the response!