Advanced use and configuration of the Stormshield SSL VPN client
This section explains several advanced scenarios in the use and configuration of the Stormshield SSL VPN client.
Advanced use case
SSL VPN connection - Manually validating the certificate presented by the server
When a certificate that is presented to the Stormshield SSL VPN client cannot be automatically validated, the message "Probable security risk" appears. You will then need to indicate whether to trust the certificate and connect, or cancel the connection.
To help you with the process, you can view information on the certificate and its trust chain by clicking on Advanced. > Show certificate.
When you choose to trust the certificate and connect, the information (certificate hash) is saved for the connection used. The choice to trust the certificate is specific to that connection, and not to the server to which you are connecting. This message will appear again if you are connecting to the same server over another connection (saved or from the Direct connection menu).
Single sign-on - canceling authentication
With single sign-on, after a connection has been initiated, authenticate on an authentication portal that opens in your web browser, for example the SNS firewall's captive portal or the portal of the Identity as a Service (IDaaS) platform chosen on the SNS firewall, such as Microsoft Entra ID.
Once the Stormshield SSL VPN client has authenticated over this portal, it can set up the SSL VPN connection.
In the Saved connections and Direct connection menus, you will see the remaining time until your authentication expires. As long as the time has not run out, and you are still authenticated on the SNS firewall, you can set up SSL VPN connections.
|
Saved connections menu |
Direct connection menu |
|
|
|
|
You can manually cancel your authentication before it expires, by submitting a request to your organization's administrator. If an SSL VPN is currently connected, simply canceling authentication will not disconnect it.
To cancel authentication:
- In Saved connections, click on the
button to the right of the remaining time before your authentication expires. - Click on OK.
Advanced configuration case
If you misplace your password to access saved connections
You will not be able to reset the access password, and Stormshield is not in a position to recover it. As a last resort, if you cannot remember the password, you will need to delete the folder containing the file of saved connections.
To access this folder and delete it, you must hold the required privileges on the workstation.
This folder can be found in the following locations:
-
In Windows:
C:\ProgramData\Stormshield\SSL VPN Client\Addressbooks\
-
In Linux:
/var/lib/stormshield/sslvpnclient/addressbooks/
-
In macOS:
/Library/Application Support/Stormshield/SSL VPN Client/Addressbooks/
In this folder, each sub-folder corresponds to a user's saved connections. If only one sub-folder exists, this means that only one user has added saved connections. If there are several sub-folders, you need to identify the right sub-folder to delete, for example by checking when they were last modified.
When you are ready, quit the Stormshield SSL VPN client, delete the folder, and start the Stormshield SSL VPN client again.
Enabling debug logs
- Go to the Advanced settings menu in the graphical interface, General tab.
- Enable the setting Enable debug logs
.
These logs are found at the following locations. To access the service's logs, you must hold the required privileges on the workstation.
- In Windows:
Service logs:
C:\ProgramData\Stormshield\SSL VPN Client\Logs\
User logs:
C:\Users\<user>\AppData\Local\Stormshield\SSL VPN Client\Logs\
- In Linux:
Service logs:
/var/log/stormshield/sslvpnclient/
User logs:
$HOME/.local/share/stormshield/sslvpnclient/logs/
- In macOS:
Service logs:
/Library/Application Support/Stormshield/SSL VPN Client/Logs/
User logs:
/Users/<user>/Library/Application Support/Stormshield/SSL VPN Client/Logs/