(v13.0.9464.36550 started 2025-11-29 19:31:01 on VM2)
Password Handling/Management for ApplicGate VPN Clients:
Motivation: - In case of RSP the handling/management of passwords (necessary to access remote systems) is inconveniant. - Therefore ApplicGate implements a central Username/Password store. - On request passwords are downloaded to the VPN Clients. - When shortcuts are used username/password will be inserted automatically or the user can paste username/password to the clipboard.
The username is stored in the field Username of the Routing table When the VPN server downloads the routing table to the VPN Client the password defined in the password list (see below) will be transmitted.
The username may be a list of special groups (separated by |, the names of the groups must start with "U_") with following entries (separated by,): email>username ... map logged on user with email to username email>* ... use the email of logged on user as username email>*@domain ... uses the email of logged on user as username but replace the domain with the specified domain email may contain one or more * as wildcard. Examples: Admin*@company.com>admin *>user Note: "U_" groups support expiration.
Password exchange must be agreed between the ApplicGate VPN Server and the ApplicGate VPN Client: VPN Server "reverselogon" entry: add "pwh" to field DestinationIP, e.g. client|mgmt|pwh VPN Client "autologon" entry: add "pwh" to field GatewayIP, e.g. client|mgmt|pwh
In the VPN Client this function ist activated by specification of the parameter pwh (ClickOnce parameter or in ApplicGateClient.ini).
Additionally this feature is configured using two keywords: PWH ... for manage and status routing entries: Display Username when listing Routes and activate password handling (load the password list, additional menu items) - Additionally for VPN Clients, when keyword SCST is specified: Display Password and allow copying of Username and Password to clipboard and insertion to shortcuts. - Placeholders in shortcuts: %suser% to insert saved username, %spw% to insert saved password. - Example for Username/Password insertion for shortcuts: -- cmd:putty -pw %spw% -P %port% %suser%@%ip% ... Start ssh using putty -- cmd:psftp -pw %spw% -P %port% %suser%@%ip% ... Start ftp using putty -- share:%sharename% %suser% %spw% ... Map network share: Prompts for name of network share -- pss:filezilla sftp://%suser%:%spw%@%ip%:%port% ... Start ftp using filezilla - Note: When using "cmdb", "cmds", "psb", "pss" and the username and/or the password is not available: ApplicGate prompts for username and/or password.
PWUPD ... for manage and status routing entries: Allow update of the password list - Username and password are stored in the file PWlist.csv with following fields: -- UID ... main part of UID or full UID. --- For password insertion first a password defined for full UID will be searched. If not found a password defined for main UID will be searched. --- This schema allows usage of a specific username for all destinations within a UID (remote site) and explicite definition for a specific destination. -- Username ... Username or Domain\Username -- Password ... Password -- responsibleEmail ... E-mail address of the user who is responsible for this account (optional) -- Comment ... Any comment (optional) - This file can be modified by an editor or updated via the web interface: - See: Configuration/Password List/Load, Show, Download, New User/Password entry
Password Encryption: To store the passwords encrypted use the keyword ENCC. - If during load of PWlist.csv a password in clear text is detected, the file will be written with all passwords encrypted. - If the encryption certificate has been removed: Password will be written in clear text. When the server sends a password to the client: The password will be encrypted using a public key received from the client.
