Since the last update to UTM9.5, my VPN clients (Windows 10) are being disconnected post successful login. Nothing has changed other than UTM updates.
Log is reporting :
This thread was automatically locked due to age.
Since the last update to UTM9.5, my VPN clients (Windows 10) are being disconnected post successful login. Nothing has changed other than UTM updates.
Log is reporting :
So it would seem to be related to my external DHCP Server configured for administering the remote users IP's, if I change this to VPN pool, the connection completes. Nothing has changed on the DHCP server (other than latest MS patches), it is still servicing the IPs for the LAN, and is on the same LAN/Server IP. Has 9.5 enforced a firewall rule that I'm not aware of?
What would prevent VPN from successfully receiving an DHCP IP address?
Looking at DHCP logs on DHCP server but can't find any smoking gun :(?
Any ideas?
Thanks
I've found a solution but not sure why I've had to make the changes. Using only the default VPN pool (10.242.x) was preventing me from accessing the local LAN (192.168.137.x) through VPN as the default gateway of the remote network (192.168.17.x) which the VPN client is on, was trying to resolve the local LAN ips.
Left the VPN pool as is but assigned static IP to the user, an IP in the same range as the local LAN, now I can access local resources and resolve FQDN. Had to exclude the static IP from the local DHCP server so no conflicts.
Considering I didn't have this issue two weeks ago, I'm surprised at the hacks I've had to do to get back to where I was. Why give an option for DHCP Server if it isn't supposed to work?
Would like to get UTM9.5 to use my local DHCP server rather than assigning static ips, any ideas?
Thanks
See my comment on Dave's thread.
Cheers - Bob
are there any official informations from sophos?
at the moment we're on version 9.413 and don't update cause l2tp is highly used in my company.
for this we have an extra interface with a public ip, autentication via preshared key and RADIUS. The users assigned to an ip by a address pool. Not the default, (10.0.249.0/24)
Guys, This is one of the vagaries of this package. When you use L2TP/IPsec, you cannot count on every Up2Date to be able to deal correctly with "VPN Pool (L2TP)" IPs in the same subnet as a LAN. By the same token, using the internal DHCP server for L2TP/IPsec Remote Access is not a good idea. This is why I called using the default "VPN Pool (L2TP)" a best practice. Over the last 10 years, I've only seen brief periods where what you've been doing doesn't cause routing problems.
Cheers - Bob