Sophos SG/XG Firewalls use OpenVPN to create Site To Site SSL VPN tunnels, but the configuration file is specific to Sophos firewalls. This can be converted to a normal ovpn file though.
Here is how you can manually convert the APC configuration file into an OVPN file.
Take now of these things in your apc file:
Block 1 is the client certificate:
—–BEGIN CERTIFICATE—–
—–BEGIN CERTIFICATE—–
Block 2 is the CA certificate:
—–BEGIN CERTIFICATE—–
—–BEGIN CERTIFICATE—–
Block 3 is the private key:
—–BEGIN PRIVATE KEY—–
—–END PRIVATE KEY—–
Block 4: there is also a username and password:
Just above the private key is the user:
Just below the private key is the password:
So now here is the ovpn file:
client
dev tun
proto tcp
remote insert hostname or IP of the firewall here 443
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
cipher AES-128-CBC
auth SHA256
comp-lzo
route-delay 4
verb 3
reneg-sec 0
<cert>
Insert certificate here from Block 1
</cert>
<ca>
Insert certificate here from Block 2
</ca>
<key>
Insert private key from Block 3
</key>
Here is a short test with OpenVPN client on Windows. The password has to be inserted manually, but normally the tunnel gets initiated from a firewall/network appliance, in that case you should be able to insert username and password in the command line.
