Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
We'd love to hear about it! Click here to go to the product suggestion community
I like the new feature of a free IPSEC client introduced with 17.5. As far as In know the CPU load of IPSEC-VPN on the gateway is much lower. I have just tested it and I experienced one issue which somebody else might have discovered.
Sophos connect client without OTP for local user authentication: Working fine, connection establised quickly and network behind XG reachable.
Then I activated OTP for the user on the XG and re-configured the connection with Sophos connect admin, simply activated "Prompt for 2FA": Unfortunately it does not connect, an authentication error occurs. Checking the VPN log I found all entries comperable until an authenication is logged:
[IKE] <IPSEC_VPN | 10> Xauth authetication of 'user' (myself) failed.
Of course without OTP the authenication at that point is successful. Anyone who has successfully used Sophos Connect client with OTP?
BTW: Use of OTP with SSL VPN was succesful, the OTP has to be added directly to the password. So can't be a problem with OTP in general.
In reply to Johan de Stigter:
I fixed the issue, my bad :)
I missed the option to enalbe OTP for IPsec Remote Access
Something with RTFM :)