Add-on Request: StormShield VPN SSL

Hi,
Are you able to do an integration if you use the Custom VPN and invoke the command line?

Hi,

No, I don't know to do this... For the moment, I use the STORMSHIELD VPN SSL Client v2.1.0.0 in manual mode befor connecting with RDM.

But I think the stormshield client use the openvpn client in background... But I do not know enough to get a run OpenVPN client with StormShield.

:-(

Hi,

You have news for this VPN ???

Thanks

No, no progress on this point.

I am now using version 2.6.0 of the stormshield SSL VPN client in manual mode before each connection. I regret that Devolution does not look into the full integration of this VPN client.

Hello,

Do you know how we can invoke the VPN? Do they offer a command line, API or SDK?

Best regards,

Hi,

No sorry I Don't have the informations. But when I download the Stormshield connection, the page suggest me openVPN element like certificat, connection settings …
This afternoon, I worked to use OpenVPN with this elements but it isn't good for the moment …

I just got in touch with the stormshield support and the Stormshield client is a graphic overlay to the OpenVPN client.

So you have to use the Open VPN client built into RDM and fill in the fields correctly. The location of the certificates is in the following directory:

C: \ Users \% user% \ AppData \ Local \ Stormshield \ Stormshield SSL VPN Client \ config

and the directory contains these files:
CA.cert.pem
default.ca.crt
default.client.crt
default.client.key
openvpn_client.ovpn
openvpnclient.cert.pem
openvpnclient.pkey.pem

With this information Devolution could redo a copy of the openVPN interface adapted to connections on Stormshield (and simplified)?

I specify that in stormshield client SSL VPN, there are not many options, just the name of the server or its IP, the port, the username and the password.

Hello,

I had a chat with our engineering department and they will try to develop an add-on with the information provided in your previous topic.

Since we don't have this type of VPN available internally, we would need your help to test it when the add-on will be available.

As of now, I cannot provide you a timeline for it's delivery.

Best regards,

Dear Jeff,

OpenVPN can not be installed until Stormshield SSL VPN is installed because the OpenSSL Daemon is enabled with the Stormshield Client installation and OpenVPN can not be installed until an OpenVPN instance is active.

The solution is to use OpenVPN binaries built into the StormShield client.

The second advantage of this technique is that it can continue to use the stormshield client address book which can not be used with just the OpenVPN client.

The 3rd advantage of this technique is that in the case of an update or reinstallation of the Stromshield SSL VPN, no setting is lost. The installation of stormshield client is particularly well done, it loses no adjustment and if an old version is present, it uninstalls it properly before settling in turn. These reinstalls (or updates) must be done quite often because of updates of windows 10 that disrupt the proper functioning of the client StormShield (reset some parts of the network layer). It should be noted that the OpenVPN client is in the same case against Windows 10.

The OpenVPN binaries set up by the StormShield SSL VPN client installation are located here:

C: \ Program Files (x86) \ Stormshield \ Stormshield SSL VPN Client \ OpenVPN \ bin

the binaries in this directory are as follows (with v2.7.0.0):
libeay32.dll
liblzo2-2.dll
libpkcs11-helper-1.dll
msvcp110.dll
msvcr110.dll
openvpn.exe
openvpnserv.exe
ssleay32.dll

The last version of the client for your test is available here.

The SHA of the executable is 63270570485282e6229a494accf3446fc40f6b3204ec1f5c62c4d4cb4b679426

I will put you at your disposal a VPN server during your tests when everything will be ready.

Regards.

Hello,

Thank you for the details.

The information's have been transmitted to our engineering department.

Best regards,

Hi guys,
I come back to you to have some news?
Regards,
Gianni

Hello,

This is still on our ToDo list. I have contacted our engineering department to see if it's possible to change the priority of the creation of the add-on.

However, please note that our engineering department is working hard on RDM 14, so we have encounter some delays regarding this delivery.

Sorry about that.

Best regards,

Hello,

I had a chat with the engineering department and we would like to start implementing StormShield VPN SSL. We have not found a possibility to send command line or to use direct integration for it. Our current approach will be to start the client and send the Host, Username and Password.

If you have other information or links that could help us make a direct connection, this could be useful.

Otherwise, as you mentioned is there a way to give us temporary access to connect to a server?

If so please send me an email at support@devolutions.net so I will be able to provide your private information for sending credentials.

Best regards,

Hello,

I have customers who use Stormshield VPN SSL.
I discover Remote Desktop Manager and I want to launch Stormshield VPN SSL as I do for OpenVPN with your ADD-ON but it does not seem to exist for Stormshield.
I came across this 4 year old forum and would like to know if you have been able to investigate a solution?
I have a minimum of 3 customers who use Stormshield so I have an address book.
Since I could not find an ADD-ON, I tried the COMMAND LINE solution as I did for FortiClient but it does not open the address book.

Sincerely
Ögan LEBLANC

Hello Ögan,

As you have mentioned, we unfortunately still do not have an integration for Stormshield VNP SSL. Our engineering team needed additional information on the matter, but David's questions in his last post were never answered. For this reason, we had to close the request.

Regarding the integration through a command line, I would like to verify first if you are able to properly launch the Stormshield VPN SSL via command line and open the address book from outside RDM in the regular command line interface? I want to verify if the issue is that it does not open properly in RDM, or if the issue also occurs outside RDM.

Regarding an actual integration for Stormshield, the point David made a while ago still stands. If you know of a way we could integrate Stormshield VPN SSL through a direct integration, or a command line that allows us to supply Host, Username and Password information, let us know!

Best regards,

Good evening

I can launch Stormshield via an online command:
C:\Program FilesStormshieldStormshield SSL VPN Client.exe

However, I'm still trying to open the address book with the same command style but I haven't figured out how to do it yet.

If I find, I think that RDM for him also manage it by "Command LINE"

There are 2 methods of managing contacts in Stormshield.
the first one by "address book" or the second one by "site".

Either way I can't get a connection to choose.

If it can help you in your research, I know that Sotrmshield is based on a technology identical to OpenVPN.
Unlike OpenVPN, I only fill in the address book with the name of the connection + its address (public IP style) + user account + password. I don't enter any port or authentication certificate.

Sincerely
Ögan LEBLANC

@oganleblanc,

Thank you for your post.

Indeed, most of our VPN's integration are based on command line because this is what it's offer by the vendors. However, to perform a proper integration, we need some functional command lines + documentation if possible. We are not using this type of VPN internally, so it's not possible for us to test the VPN or to contact the vendor for some support since we are not current customer with them.

That being said, is it possible for you to contact them and ask for some documentation on their command line interface?
This would be very helpful for us.

Best regards,

Hello,

I have not yet found the method to open the Stormshield address book by a command line but
there are 2 possible tricks if you are asked.

Knowing that stormshield is based on the same opeVPN technology, we can :
either ask our contact person who provided us with the Stormshield account to generate an
OpenVPN connection
or
follow the attached documentation.

it's a very uncommon trick but one that I've managed to pull off 3 times

Sincerely
Ögan LEBLANC

Hello,

Thank you for this information, we will provide it to our Engineering Department and see what can be done.
We will be in touch when we will have an update to provide.

Best regards,

Hello,
Does this Add On has been developped?

Thank you
Sébastien

Hello,

I will look back with the development team, keep you posted!

Best regards,

Hello,

I will look back with the development team, keep you posted!

Best regards,

Is there any news on this topic? At the moment, a (ZTNA) option has been added to the new version of the Stormshield SSL VPN client.
Client workstation verification (ZTNA) tab

Hello,

What would be helpful is if you were able to use a command line externally to achieve what you need to connect. If you're able to, then we could implement the same command line in RDM. Otherwise, it's difficult for us to implement as we don't have access to an environment that uses Stormshield.

Regards,