SSL Vpn public IP

Hi.
I'm trying to setup SSL vpn.
I can connect to the VPN from Android, iPhone, PC etc.
The problem is the public IP doesn't reflect the UTM public IP.
It means if I use 4G connection from my iPhone the public IP on the phone is still the same after connected to VPN. I would like to have same public IP on the phone as define on UTM.

Some ideas?
  • What is assigned in our local networks in the advanced tab under ssl vpn?  If you want all of your traffic on your device (not tethered, it is typically not included), then you should have any in your local networks definition.  That would remove the split tunneling setting.
  • In reply to darrellr_01:

    Hi darrellr_01,

    My current VPN (OPEN VPN) when we connect we get our public which is “aaa,bbb,ccc,ddd” but when we use SOPHOS VPN we get the internal IP “192.168.1.X”

    we should get our public IP when we use SOPHOS VPN.

  • In reply to darrellr_01:

    Actually it's safer not to use "any" but use "Internet (IPv4)" instead, unless you specifically want all potential networks reachable by the UTM to be accessible.

  • In reply to MuhdRabbani:

    Robb, it's not clear to me what you mean when you say that you should get your public IP when you connect with the Sophos SSL VPN Client.  Where are you seeing the “192.168.1.X” IP?

    Cheers - Bob

  • In reply to BAlfson:

    Hi BAlfson,

    When we use ssl vpn at outside and connected to our office using ssl vpn UTM 9, we should get our office PUBLIC IP  right? But  I get a differrent IP. i try change interface n vpn pool. Also same.

    can u guide me?

    Thank You

  • In reply to MuhdRabbani:

    Where are you seeing the “192.168.1.X” IP?  Where do you expect to see your office IP?

    Cheers - Bob

  • In reply to MuhdRabbani:

    Hi Rob (Robb?),

    I just got my VPN going in the last couple weeks, so I am hardly an expert, but let me give it a try:

    Before you connect to your Sophos UTM OpenSSL VPN, your device (e.g., laptop) has a public IP address (as you put it, "aaa,bbb,ccc,ddd"). You can find out your public IP address by going to:

    IPv4 only: http://ipchicken.com 

    IPv4 and IPv6: https://www.whatismyip.com

    NOTE: As I understand it, the Sophos UTM OpenSSL VPN works only with IPv4. 

    When you connect to your VPN, your device will be given an additional IP address from the VPN Pool (SSL) on your UTM. Go to Definitions and Users, Network Definitions, and then scroll down the list on the right side until you see "VPN Pool (SSL)". I suspect that this is the 192.168.1.X address you are finding. That's normal. Communications to devices within your office (or wherever your Sophos UTM is installed) will appear to come from that 192.168.1.X address. 

    If you go to IP Chicken as above, you may find that you still have the same public address that you had before. That is because your VPN is configured for Split Tunneling, which is the default. Split tunneling means that if you connect to devices in the office then the communications use the encrypted VPN tunnel. If you go to a website on the public Internet, then the communications bypass the encrypted VPN tunnel and are not secure. (Well, no more secure than when you are not using the VPN.)

    If you wish to use Mandatory (Full) tunnel, so that all of your communications go through the VPN, even to the Internet, then change "Internal (Network)" to "Any" for your Local Networks definition in the VPN configuration in Remote Access, SSL. (See the warning about using "Any", above.) In that case, if you check IP Chicken, it should show you the the public IP address of the office. Remember to add a new masquerading entry for VPN Pool (SSL) to External (WAN) under Network Protection, NAT.

    People choose split tunnels for performance reasons and to avoid overloading the UTM with encryption/decryption processing and extra network bandwidth usage.

    People choose mandatory (full) tunnels for security. All network traffic is encrypted through the VPN. If you are in a hotel room or an Internet cafe, then a hacker watching the WiFi cannot easily eavesdrop or attack your device.

    WARNING: I noticed that IPv6 communications still bypass the VPN tunnel even if the Local Networks is set to "Any". Remember that "Any" is supposed to force a mandatory (full) VPN tunnel, but obviously it ignores IPv6, even if you use "Any/46". I observed that the "6" is "grayed out" in the VPN setting. I am still working on that issue.

    I hope this helps.

  • In reply to utmadm:

    HI all, 

    Thank you so much. its working rite now... I love u guys. hehehe

  • I have setup like this, but still didn't work. Can someone help me?

     

    Thank you

     

     

  • In reply to Ignatius Rizky:

    Hi and welcome to the UTM Community!

    Please be more precise about what didn't work.

    Cheers - Bob

  • In reply to BAlfson:

    Hi BAlfons,

    Thank you

    Sorry, i mean, once i set the local network with 'Internet IPv4' my vpn client not get the same ip public with ip public vpn server, but they get no internet connection. When i set with my LAN network, vpn client get different ip public with vpn server but get internet connection.

    Thank you again :D

  • In reply to Ignatius Rizky:

    Is this a DNS issue?   Please show a picture of the contents of 'Remote Access >> Advanced'.  What public IPs do you get with InternetIPv4 and with "Internal (Network)" in the SSL VPN Profile.

    Cheers - Bob

  • In reply to BAlfson:

    I'm not sure.

     

    The same IP Public with my 4G IP Public without SSL VPN

     

  • In reply to Ignatius Rizky:

    Do you mean that you get 116.X.Y.172?  Maybe you want Accessing Internal or DMZ Webserver from Internal Network, but I have to admit that I still haven't understood your explanation.

    Cheers - Bob