This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PPTP VPN configuration

SG115 - FW:  9.510-5


Kind of sorry that I recommended this Sophos UTM to my client, as it's clearly not at all easy to configure and the documentation is terrible.  

I managed to configure a PPTP VPN with that documentation with little problem, but it really doesn't do much.   I can ping inside the network by IP address, but not by hostname.   While I would prefer to know how to just resolve Windows hosts inside in general, that could be a topic for a future posting.  I know Windows networking is kind of goofy, but with a wide-open firewall, even that should work.

Right now, I'd like to create a hostname for a single computer inside the network, a static DNS entry, and allow my users to connect via the Windows PPTP client, RDP into that single hostname, and get their jobs done.    The way I see it, this should be pretty easy.

While I wouldn't call myself a networking guru like many of you, I am also not an inexperienced network tech.   I have done this sort of thing with many devices, including Windows server RRAS.    It really shouldn't be that difficult.

Anyway, if I have to set up RDP icons on everyone's desktop to the actual IP address, I guess I can do that.   But what good is a VPN when you can't even resolve network names through it?


I created a host with the fully qualified name of the server I want to connect to "hostname.dnsdomain.com"
Gave it the LAN IP address.

When I connect via VPN, I can ping the IP address, but not the name.

I have firewall rules allowing ANY service between the LAN and the PPTP Pool (both directions).   
PPTP Pool address is the default  10.242.1.0
Internal LAN adress is 192.168.0.0


I tried looking through the firewall log, but who can read that?   It's a dog's breakfast, and I can't figure out how to put it into a spreadsheet to at least make it a bit more palatable.   Haven't worked too hard at that yet.


So, if anyone can explain what I need to do to resolve a single hostname inside the network I'm connecting to, I'd love to hear it.    Even a link to a document that explains it would be appreciated, but not just how to set up the PPTP VPN.   It gets me as far as I already am, but no further.    If past experience with the device is any indication, there are about 4 or 5 more things I need to know to get this to work.   Trouble is, without a lot of Sophos experience, I have no idea where to look.


Thanks.



This thread was automatically locked due to age.
Parents
  • Well-stated question, Rob.  I agree with all of apijnappels comments and would also urge the use of SSL VPN remote access.  Years ago, I read here that UDP can be problematic in European hotels.  Since you're in North America, I would change the protocol to UDP on port 1443 before loading SSL VPN configs.  This is just a good habit to avoid potential issues with other capabilities and UDP is a bit faster than TCP.

    NOTE 2019-04-26: One reason to stay with the TCP 443 default is that your cellular data provider might block UDP.  My AT&T iPhone XS was unable to establish a working tunnel when using UDP 443 or UDP 1443.  Everything worked perfectly with TCP 443.

    Here are a few links I would recommend to you

    Rulz - especially #2 & #1
    DNS best practice
    Packetfilter logfiles on the Sophos UTM
    How to Run Preconnect/Connect/Disconnect OpenVPN Scripts

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks to both of you.  I was using PPTP because I am more familiar with the client-side setup, but I will switch the the SSL and see what I get.

     

    Not clear on changing the port and protocol - there are likely about a zillion places on this thing where I can do that, so I probably have a lot of reading to do before I do that.

     

    But I will do some reading (the links you provided) before I bug with more questions.

     

    Going to also create a Sophos appliance on my home network, so I can become more accustomed to it.

     

    Thanks again - stay tuned for more amusing anecdotes from this Sophos-newbie

Reply
  • Thanks to both of you.  I was using PPTP because I am more familiar with the client-side setup, but I will switch the the SSL and see what I get.

     

    Not clear on changing the port and protocol - there are likely about a zillion places on this thing where I can do that, so I probably have a lot of reading to do before I do that.

     

    But I will do some reading (the links you provided) before I bug with more questions.

     

    Going to also create a Sophos appliance on my home network, so I can become more accustomed to it.

     

    Thanks again - stay tuned for more amusing anecdotes from this Sophos-newbie

Children
No Data