Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
We'd love to hear about it! Click here to go to the product suggestion community
...back again with another Connect Client issue
I can establish a connection but there are wrong (external IPV6) DNS server entries on the client.
I configured DNS servers on the XG:But this is what the client shows:Therefore I'm unable to ping hostnames, IPs work fine.
Client Version is 1.2.5.0202XG Version 17.5.4 MR-4
Have you configured a SSL VPN policy on XG? If yes then please check what are the DHCP IP range and DNS servers assigned there. It is possible that the DHCP range for SSL VPN and Sophos Connect is overlapping. It is possible that DNS servers assigned in SSL VPN policy is IPv6.
If your answer is No, then I would need a Technical Support Report (TSR) from Sophos Connect after you establish the connection. You can get the TSR from the Menu->About page on Sophos Connect. You can send it to me in a private message.
In reply to rmk_2018:
and thank you for your answer! I'm not so sure what you mean with SSL VPN policy.
What I have is a additional IPSEC Site2Site connection and the SSL VPN settings, wich are pretty much default I guess (please see screenshot).
So my answer is no I have sent you a PM with the TSR.
In reply to Christian Dittrich:
Yes it is a bug identified in SFOS MR4. So please continue using MR3 until we release a patch for MR4. Will keep you posted when that happens.
I recently upgraded to MR4 because of another bug with the certificates ( link ). If I downgrade to MR3 I can't connect anymore.So that's a really unsatisfying situation Do you know when the bug will be fixed? Our whole migration get's stuck because of this. I'm considering in using openvpn client...
I'm not sure how much you need your DNS, but if you need only few DNS entries - meaning you need DNS to locate only few devices & servers at the other end of your VPN - you could list them on your local desktop, in the "hosts" text file. Do not forget to edit it with notepad.exe and not wordpad.exe or word.exe. I've entered all my offices servers' IP there.
Located here: C:\Windows\System32\drivers\etc
This is what you typicaly get in that file:
# Copyright (c) 1993-2009 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 188.8.131.52 rhino.acme.com # source server# 184.108.40.206 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.# 127.0.0.1 localhost# ::1 localhost10.1.99.10 myfirstserver.local
Sorry you ran into this problem. We will have a fix for it in SFOS early next week.
In reply to Big_Buck:
Thank you for your answer, Paul Jr! Your idea can help in a small environment, but we need several things like AD, WSUS and so on. So editing the hosts file isn't an option.
that's good news - thank you!
For the sake of my curiosity ... Have I understood you do WSUS through a VPN ???
For a small number of clients, yes! Those are stationary clients in homeoffices. Although that's not the best example, perhaps Maybe we won't need this anymore after migration to Win10...
Hey Christian Dittrich
Apologies again for any inconvenience caused by this.
This issue (NC-45246) is resolved in today's re-released MR4-1 version - [SF 17.5 MR4-1 (220.127.116.119)]
In reply to FloSupport:
Thank you very much. I will be testing now and give you a feedback!
Sorry, but I cannot test it because of certificate error again
Remote certificate authentication is successful.
Local certificate authentication isn't workingErrors: no issuer certificate found / no trusted RSA public key found
I tested with the applicance-cert (wich I imported manually on the client) and our domain-cert.I also generated a self-signed cert on the XG - again no luck.
Any update on this please? Please check the Sophos Connect Client policy and make sure the policy is correct in terms of certificates. Then maybe export and reimport the policy on Sophos Connect.
I'm good working on after update.