This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Vpn public IP

Hi.
I'm trying to setup SSL vpn.
I can connect to the VPN from Android, iPhone, PC etc.
The problem is the public IP doesn't reflect the UTM public IP.
It means if I use 4G connection from my iPhone the public IP on the phone is still the same after connected to VPN. I would like to have same public IP on the phone as define on UTM.

Some ideas?


This thread was automatically locked due to age.
  • What is assigned in our local networks in the advanced tab under ssl vpn?  If you want all of your traffic on your device (not tethered, it is typically not included), then you should have any in your local networks definition.  That would remove the split tunneling setting.
  • Hi darrellr_01,

    My current VPN (OPEN VPN) when we connect we get our public which is “aaa,bbb,ccc,ddd” but when we use SOPHOS VPN we get the internal IP “192.168.1.X”

    we should get our public IP when we use SOPHOS VPN.

  • Actually it's safer not to use "any" but use "Internet (IPv4)" instead, unless you specifically want all potential networks reachable by the UTM to be accessible.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Robb, it's not clear to me what you mean when you say that you should get your public IP when you connect with the Sophos SSL VPN Client.  Where are you seeing the “192.168.1.X” IP?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi BAlfson,

    When we use ssl vpn at outside and connected to our office using ssl vpn UTM 9, we should get our office PUBLIC IP  right? But  I get a differrent IP. i try change interface n vpn pool. Also same.

    can u guide me?

    Thank You

  • Where are you seeing the “192.168.1.X” IP?  Where do you expect to see your office IP?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Rob (Robb?),

    I just got my VPN going in the last couple weeks, so I am hardly an expert, but let me give it a try:

    Before you connect to your Sophos UTM OpenSSL VPN, your device (e.g., laptop) has a public IP address (as you put it, "aaa,bbb,ccc,ddd"). You can find out your public IP address by going to:

    IPv4 only: http://ipchicken.com 

    IPv4 and IPv6: https://www.whatismyip.com

    NOTE: As I understand it, the Sophos UTM OpenSSL VPN works only with IPv4. 

    When you connect to your VPN, your device will be given an additional IP address from the VPN Pool (SSL) on your UTM. Go to Definitions and Users, Network Definitions, and then scroll down the list on the right side until you see "VPN Pool (SSL)". I suspect that this is the 192.168.1.X address you are finding. That's normal. Communications to devices within your office (or wherever your Sophos UTM is installed) will appear to come from that 192.168.1.X address. 

    If you go to IP Chicken as above, you may find that you still have the same public address that you had before. That is because your VPN is configured for Split Tunneling, which is the default. Split tunneling means that if you connect to devices in the office then the communications use the encrypted VPN tunnel. If you go to a website on the public Internet, then the communications bypass the encrypted VPN tunnel and are not secure. (Well, no more secure than when you are not using the VPN.)

    If you wish to use Mandatory (Full) tunnel, so that all of your communications go through the VPN, even to the Internet, then change "Internal (Network)" to "Any" for your Local Networks definition in the VPN configuration in Remote Access, SSL. (See the warning about using "Any", above.) In that case, if you check IP Chicken, it should show you the the public IP address of the office. Remember to add a new masquerading entry for VPN Pool (SSL) to External (WAN) under Network Protection, NAT.

    People choose split tunnels for performance reasons and to avoid overloading the UTM with encryption/decryption processing and extra network bandwidth usage.

    People choose mandatory (full) tunnels for security. All network traffic is encrypted through the VPN. If you are in a hotel room or an Internet cafe, then a hacker watching the WiFi cannot easily eavesdrop or attack your device.

    WARNING: I noticed that IPv6 communications still bypass the VPN tunnel even if the Local Networks is set to "Any". Remember that "Any" is supposed to force a mandatory (full) VPN tunnel, but obviously it ignores IPv6, even if you use "Any/46". I observed that the "6" is "grayed out" in the VPN setting. I am still working on that issue.

    I hope this helps.

  • HI all, 

    Thank you so much. its working rite now... I love u guys. hehehe

  • I have setup like this, but still didn't work. Can someone help me?

     

    Thank you

     

     

  • Hi and welcome to the UTM Community!

    Please be more precise about what didn't work.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA