I have recently taken over the IT for a company that has an automatic VPN configured on all their laptops to ensure all traffic is forced through the main network when staff are out and about. I am totally new to OpenVPN and, unfortunately, the outgoing IT guy left under bad circumstances and left literally NO documentation on how anything is set up. I have Admin access to things but that's about it. No other passwords or anything.
I am therefore trying to reverse engineer how the VPN connection is set up so I can configure it on any new laptops that need to be rolled out. The problem is, I cannot work out exactly how OpenVPN authenticates to the server (a Sophos XG appliance).
The connection is configured on a schedule that runs on system start-up as a specific local Windows user account dedicated for this task. This runs the following command: "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect "[Redacted_File_Name].ovpn"
I can see from the logs that this runs the config files stored in the local user account's OpenVPN folder.
From what I can see, each laptop looks to authenticate using a unique username that matches the name of the PC, and I can see coresponding user account configured on the Sophos XG. But I can't work out where it gets the password from. If I run OpenVPN GUI as any other user on the laptop and call the same config file, a box pops up with the username pre-populated (the name of the laptop) and prompts for a password which I don't know.
If I change the password on the Sophos XG, I can type this in myself and the connection is successful, but the password change breaks the auto-script which now won't connect. Therefore, the connection clearly relies on this username and password combination and so there must be something about the local account that is automatically providing the password, I just can't work out where it is stored. It's not so much that I want to see what the password is, I just need to know where it is so I can change it. But I can't find anything. No files that I can see, no registry entries (but I really don't know what I am looking for) and nothing in Windows Credential Manager.
Can anyone tell me from the below config file how this connection is obtaining the user password and where it is getting it from please?
Here is a redacted copy of the config file:
------------------------------Config------------------------------
client
dev tun
proto udp
verify-x509-name "C=GB, ST=NA, L=NA, O=[Redacted], OU=OU, CN=SophosApplianceCertificate_[Redacted_Numbers], emailAddress=[Redacted_Email]"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
[Redacted_Cert_Text]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[Redacted_Cert_Text]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
[Redacted_Cert_Text]
-----END RSA PRIVATE KEY-----
</key>
auth-user-pass
cipher AES-256-GCM
auth SHA512
comp-lzo no
;can_save no
;otp no
;run_logon_script no
;auto_connect
route-delay 4
verb 3
reneg-sec 0
remote [Redacted_External_IP] 8443 udp
remote [Redacted_Internal_IP] 8443 udp
remote [Redacted_Internal_IP] 8443 udp
remote [Redacted_Internal_IP] 8443 udp
remote [Redacted_Internal_IP] 8443 udp
remote [Redacted_Internal_IP] 8443 udp
explicit-exit-notify
------------------------------End_Of_Config------------------------------
Many thanks in advance.
VPN Config Password Help
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech