Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 19996 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN client - Route all traffic through the Utm 9

The Patry

Hi,

I'm using Sophos SSL VPN client with Utm 9 Home Edition for a few days. It works properly, I reach my networks perfectly.

Is it possible to direct all the traffic generated by the client through the UTM to be protected by it when you are away from home?

Thank you

Bye

Patrizio

 


This thread was automatically locked due to age.
  • 0

    Are you already accessing your network from another location?

    To browse the internet remotely through the VPN you need to add the  VPN pool (SSL) to the allowed networks in Network Services>DNS.

     

    I do this all the time and am amazed by how easy it is. As far as I remember, the remote access configuration will create an automatic firewall rule, but if it doesn't work, you can create a firewall rule to allow the internal network using any service to access the internet. Once connected to the VPN you become part of the internal network.

     

    Do you have a dynamic DNS account so that you can access your network if the IP address changes?

  • 0 in reply to alan weir

    Hi Alan,

    Yes, I've already used  Sophos VPN Client to access to my network from another location, it works fine.

    I did what you suggested but it doesn't work, I can access to my network but i dont't browse through the firewall, the website www.whatismyip.com detects the ip of my mobile connection.

    I have a connection with one static IP at home, i don't need a dynamic DNS account.

     

    Thank you for your help

     

    Patrizio

     

  • +1 in reply to The Patry

    Theoretically - yes, practically - not everything (local network traffic isn't tunneled).

    To send all your client's traffic into the tunnel you first have to change your SSL Remote Access config on your UTM.
    What you define as "Local Networks" is exactly what the SSL-client has to send to the tunnel gateway. If you select "Any" here theoretically all traffic should be tunneled. That this isn't so can be checked via "route print". In my test it was (german windows 10):

    Aktive Routen:
         Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
              0.0.0.0          0.0.0.0   192.168.52.100   192.168.52.144     25
              0.0.0.0        128.0.0.0         10.0.2.1         10.0.2.2    291

    192.168.52.0/24 is the network I am phyically connected to (at work), 10.0.2.0/24 is my SSL VPN network at my home UTM.

    To be able to use the UTM as DNS server  I had to add it under "Advanced" in Remote Access config (LAN IP since SSL VPN has no real "interface IP").
    Aditionally I had to add the SSL VPN network definiton under "Allowed Networks" in DNS server config.

    If you do not use "automatic firewall rules" you have to allow the traffic from SSL VPN clients to Any IPv4.

    MASQ didn't work so I added a SNAT for the SSL-VPN network definition using Any service to Internet IPv4 with changing source IP to my UTM's WAN IP address.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • 0 in reply to The Patry

    The only thing I'd add to the above prescriptions, Patrizio, would be to add "VPN Pool (SSL)" to 'Allowed Networks' in Web Filtering.

    Kevin, instead of "Any" in the SSL VPN Profile, I like to use, for example, "Internal (Network)" and "Internet v4" as there once was an issue with "Any."

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML