Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
...back again with another Connect Client issue
I can establish a connection but there are wrong (external IPV6) DNS server entries on the client.
I configured DNS servers on the XG:But this is what the client shows:Therefore I'm unable to ping hostnames, IPs work fine.
Client Version is 1.2.5.0202XG Version 17.5.4 MR-4
Have you configured a SSL VPN policy on XG? If yes then please check what are the DHCP IP range and DNS servers assigned there. It is possible that the DHCP range for SSL VPN and Sophos Connect is overlapping. It is possible that DNS servers assigned in SSL VPN policy is IPv6.
If your answer is No, then I would need a Technical Support Report (TSR) from Sophos Connect after you establish the connection. You can get the TSR from the Menu->About page on Sophos Connect. You can send it to me in a private message.
In reply to rmk_2018:
and thank you for your answer! I'm not so sure what you mean with SSL VPN policy.
What I have is a additional IPSEC Site2Site connection and the SSL VPN settings, wich are pretty much default I guess (please see screenshot).
So my answer is no I have sent you a PM with the TSR.
In reply to ChristianD:
Yes it is a bug identified in SFOS MR4. So please continue using MR3 until we release a patch for MR4. Will keep you posted when that happens.
I recently upgraded to MR4 because of another bug with the certificates ( link ). If I downgrade to MR3 I can't connect anymore.So that's a really unsatisfying situation Do you know when the bug will be fixed? Our whole migration get's stuck because of this. I'm considering in using openvpn client...
Sorry you ran into this problem. We will have a fix for it in SFOS early next week.
In reply to Big_Buck:
Thank you for your answer, Paul Jr! Your idea can help in a small environment, but we need several things like AD, WSUS and so on. So editing the hosts file isn't an option.
that's good news - thank you!
For a small number of clients, yes! Those are stationary clients in homeoffices. Although that's not the best example, perhaps Maybe we won't need this anymore after migration to Win10...
Apologies again for any inconvenience caused by this.
This issue (NC-45246) is resolved in today's re-released MR4-1 version - [SF 17.5 MR4-1 (18.104.22.1689)]
In reply to FloSupport:
Thank you very much. I will be testing now and give you a feedback!
Sorry, but I cannot test it because of certificate error again
Remote certificate authentication is successful.
Local certificate authentication isn't workingErrors: no issuer certificate found / no trusted RSA public key found
I tested with the applicance-cert (wich I imported manually on the client) and our domain-cert.I also generated a self-signed cert on the XG - again no luck.
Any update on this please? Please check the Sophos Connect Client policy and make sure the policy is correct in terms of certificates. Then maybe export and reimport the policy on Sophos Connect.
I'm good working on after update.