PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
We'd love to hear about it! Click here to go to the product suggestion community
i set up a PPTP VPN by following this guide: https://community.sophos.com/kb/en-us/116036
The VPN connection works. However, i can't reach the local network, neither via RDP, ping or whatever.
A traceroute from an internal server to the vpn client stops at the gateway. Same happens from the client.
The firewall log shows that the rule is executed (green, when trying from both sites) but it doesn't seem to get through.
I also deactivated the local firewall but the issue is still the same.
Hi Peter and welcome to the UTM Community!
What insights do you get from doing #1 in Rulz?
Cheers - Bob
In reply to BAlfson:
- Firewall log shows it's being forwarded
- Intrusion prevention log doesn't show anything
- Application control is disabled
- Advanced Threat Protection is zero
In reply to Peter Cosworth:
The .43.2 IP is the one assigned by the UTM from "VPN Pool (PPTP)" or ???
Does #3.1 in Rulz help?
Unfortunately not :(
Devices in the LAN must have the IP of "Internal (Address)" as their default gateway.
--> All devices use the utm as default gateway
Never connect two NICs into the same, physical Ethernet segment unless bridging or creating a LAG.
--> This isn't the case
When adding an interface, don't forget the Masquerading rule for the new network behind the UTM.
--> Done, no effect
Would you be able to check the configuration with me? We could use teamviewer.
Next week would work for me.
I might add that i also can't ping an external host from the network (i.e. google.com) even though this is allowed in the icmp rules :/.
Have you checked the Firewall Advanced section Connection Tracking helpers? is PPTP ticked?
and for one of the application we use internally (very old RDP outbound route) I had to create a DNAT rule.
for traffic From RDP Server
Using Service Microsoft Remote Desktop (RDP)
Going to Ext/Int Interface (IP not network)
Change Destination to Int/Ext Interface (IP not network, again)
took me w while to work this one out with help from Sophos Support (on the phone for over 2 hours - very helpful - can't thank them enough)
Hope this helps Peter
In reply to JasonFell:
I don't understand, Jason - how about pictures? Where's the RDP server? Where are the clients?