Sophos Connect Client checks Internet Connection

Hello,

 

im wondering why scvpn.exe trying to contact some IP Adresses which are belonging to Facebook / Twitter etc.

Seems its checking Internet Connection by contacting them. But first : some Companies have restricted access to FB/Twitter, means our users cant use VPN Client in those cases.

Because Sophos Connect says "No internet Connectivity"

and second : WHY?

Could you Guys please fix it?

 

 

 

  • I do not have such Session open on my Sophos Connect Client. 

    Do you have any modifications on the TGB / SCX File? 

    Do you use auto connect? 

  • In reply to LuCar Toni:

    Hi Toni,

     

    i modified the TGB File First then saved it to SCX.

    Thats my config.

     

  • In reply to vitali wagner:

    If you disable Auto-Connect, is there still a HTTP Connection to this host? 

    Checked another system, still no connection to such a host like in your screenshots.

    Can you check the netstat -b output on the client? 

  • In reply to LuCar Toni:

    tried without autoconnect now.

     

    netstat shows the same

  • In reply to vitali wagner:

    Hello Vitali,

     

    Currently as part of pre-connectivity check the Sophos Connect Client will try to connect to google.com to check for internet connectivity when a connection is enabled.  We will look into it and come up with a better way to  implement the check for internet connectivity.

     

    Ramesh

  • In reply to rmk_2018:

    Hi Ramesh,

     

    thank you for the confirmation. How about to take this function completely out of code? its kind of wierd and useless in my eyes.

    to say more : i dont want my VPN Client to connect to google, facebook and co.

    Please if you have a new Beta version (without pre-connectivity check) of the Sophos Connect Client please let me know. We really need a solution quick.

     

     

  • In reply to vitali wagner:

    Hello Vitali,

     

    You can disable the pre-connectivity checks using the CLI. You need to run this command and disable it. Also it has to be done per connection. Here is the command you run from the install folder. On Windows cd to this folder, c:\program files (x86)\Sophos\connect and on Mac cd to this folder, /Library/Sophos Connect/ 

     

    Suppose your connect name is: MyCompanyVPN

    Run this command. sccli update -n MyCompanyVPN -l

     

    That will permanently disable the pre-connectivity checks. Hope that will help.

    Ramesh

     

    PS: On Mac you will have to run the command with sudo. You can run it as follows. sudo sccli -n MyCompanyVPN -l

  • In reply to rmk_2018:

    Hello Ramesh,

     

    thank you very much for the workaround. Its worked for me now.

    Another question: is there a possibility to run a login script after connection is established?

    maybe a cli command too? :)

  • In reply to vitali wagner:

    Hello Vitali,

    Sorry not with this release. We will add the feature request for future.

    Ramesh

  • In reply to vitali wagner:

    You will need to have the scripts as a batch file on the client machine and teach the operator to run them.

     

    Or move to another IPSec VPN client which has MS-Gina support

  • In reply to GavinDaniels:

    I hope there will be a possibility in the upcomming version for that.

     

    Teach CEO to run some batch script is not the state of the art way. Its 2019 now. We are able to land on Mars actually.

  • In reply to vitali wagner:

    Look at the green bow VPN client

    Ticks all the boxes except that its not free

  • In reply to GavinDaniels:

    When i look at SonicWall VPN Client i dont even need to copy batch file to client. Its executes login automatilcy after connect.

  • In reply to vitali wagner:

    Hello Vitali,

    Will add your request for future roadmap. Thank you for the feedback.

    Ramesh