Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 3618 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN strange problem

Zombie8u

I've been having a strange problem with being able to browse the internet when connect trough my UTM with SSL VPN only on my mobile device when connected through the mobile data connection 5.0Mbps down 1.0 Mbps UP speeds, I can make a successful connection to the VPN but all pages timeout and doing a google search says I'm offlilne, I'm able to connect to the VPN from my WIFI at my home with the same mobile device and everything works as expected. Has anybody had similar issue when connected via mobile data? At&t is my carrier.

 

UTM

Firmware Version: 9.601-5



This thread was automatically locked due to age.
Parents
  • 0

    I just tested this.  I'm experiencing the same thing with my iPhone XS here in Oklahoma City (as a mod, I can see by your IP that we're in the same town).  I see the same thing as you when connecting to our UTM in AWS in Virginia - in the Web Filtering log connections time out after 60 seconds. 

    When connecting to my home lab, I see nothing in the Web Filtering log for any 10.242.2 IPs.  The SSL VPN log fills with "IP packet with unknown IP version=15 seen" and there's no connection with the internet at all.

    I'll be in Tulsa this evening and tomorrow where my iPhone gets 5G instead of just LTE as we have here in OKC.  I'll see if these phenomena change.

    If this is a persistent problem even outside of OKC, I will open a case with Sophos Support.  I'll be surprised if it is as I haven't seen others complain about this in this Community recently.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob,

     

    Thanks for the confirmation that it's not just me, this was driving me insane the other day when trying  to connect. I'm actually in Elk City so I can confirm it doesn't work here either, I was going to try next time I'm in OKC, guess I don't have to now.

    Please let me how it works in Tulsa.

     

    Thanks

    David

Reply
  • 0 in reply to BAlfson

    Bob,

     

    Thanks for the confirmation that it's not just me, this was driving me insane the other day when trying  to connect. I'm actually in Elk City so I can confirm it doesn't work here either, I was going to try next time I'm in OKC, guess I don't have to now.

    Please let me how it works in Tulsa.

     

    Thanks

    David

Children
  • +1 in reply to Zombie8u

    Well, guys, the problem is not OpenVPN, my iPhone nor the UTM.  It's AT&T.  I suspect most cellular providers will do the same, so I hope others will share their experience with other providers.

    I tested UDP 443 and UDP 1443 over 5G in Tulsa with the same results as in my post above.  Using tcpdump, I confirmed that no traffic reached the UTM after the initial authentication and establishment of the connection.

    A call to AT&T data support confirmed that their internal documentation says that VPNs can only be established over WiFi.

    Thinking about what they might be blocking, I decided to try TCP 443, the default for the SSL VPN in the UTM.  This worked perfectly!  What happens for you, David?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    That was the problem, after I changed the default protocol from UDP to TCP on the server "UTM" and the client "mobile device" it does work as expected. Hopefully this thread will help someone in the future.

    Bob thanks for help on this issue.

     

    David

Unfiltered HTML