We'd love to hear about it! Click here to go to the product suggestion community
i set up a PPTP VPN by following this guide: https://community.sophos.com/kb/en-us/116036
The VPN connection works. However, i can't reach the local network, neither via RDP, ping or whatever.
A traceroute from an internal server to the vpn client stops at the gateway. Same happens from the client.
The firewall log shows that the rule is executed (green, when trying from both sites) but it doesn't seem to get through.
I also deactivated the local firewall but the issue is still the same.
Hi Peter and welcome to the UTM Community!
What insights do you get from doing #1 in Rulz?
Cheers - Bob
In reply to BAlfson:
- Firewall log shows it's being forwarded
- Intrusion prevention log doesn't show anything
- Application control is disabled
- Advanced Threat Protection is zero
In reply to Peter Cosworth:
The .43.2 IP is the one assigned by the UTM from "VPN Pool (PPTP)" or ???
Does #3.1 in Rulz help?
Unfortunately not :(
Devices in the LAN must have the IP of "Internal (Address)" as their default gateway.
--> All devices use the utm as default gateway
Never connect two NICs into the same, physical Ethernet segment unless bridging or creating a LAG.
--> This isn't the case
When adding an interface, don't forget the Masquerading rule for the new network behind the UTM.
--> Done, no effect
Would you be able to check the configuration with me? We could use teamviewer.
Next week would work for me.
I might add that i also can't ping an external host from the network (i.e. google.com) even though this is allowed in the icmp rules :/.
Have you checked the Firewall Advanced section Connection Tracking helpers? is PPTP ticked?
and for one of the application we use internally (very old RDP outbound route) I had to create a DNAT rule.
for traffic From RDP Server
Using Service Microsoft Remote Desktop (RDP)
Going to Ext/Int Interface (IP not network)
Change Destination to Int/Ext Interface (IP not network, again)
took me w while to work this one out with help from Sophos Support (on the phone for over 2 hours - very helpful - can't thank them enough)
Hope this helps Peter
In reply to Argo:
I don't understand, Jason - how about pictures? Where's the RDP server? Where are the clients?
Yes, it's ticked.
I would bet it's a routing issue. 192.168.43.0/24 is not the default for PPTP Pool on UTM, so I take it you have changed to accommodate it into some existing LAN. I would start by looking where the reply from your server to the packet coming from 192.168.43.2 if going. You might find out it's not going back to the UTM at all.
In reply to giomoda:
I also tried different networks and used the default for L2TP. Nothing works.
Anyone able to help me?
You should try a tcpdump on the internal interface while testing the communication and see if packets are getting through and back. This kind of issues normally lies on the fact that the destination server does not know how to reply to the packets it receives.