Sophos Connect Client not using internal DNS

Hi all!

...back again with another Connect Client issue Sad

I can establish a connection but there are wrong (external IPV6) DNS server entries on the client.

I configured DNS servers on the XG:

But this is what the client shows:

Therefore I'm unable to ping hostnames, IPs work fine.

Client Version is 1.2.5.0202
XG Version 17.5.4 MR-4

  • Hello Christian,

     

    Have you configured a SSL VPN policy on XG? If yes then please check what are the DHCP IP range and DNS servers assigned there. It is possible that the DHCP range for SSL VPN and Sophos Connect is overlapping. It is possible that DNS servers assigned in SSL VPN policy is IPv6.

    If your answer is No, then I would need a Technical Support Report (TSR) from Sophos Connect after you establish the connection. You can get the TSR from the Menu->About page on Sophos Connect. You can send it to me in a private message.

     

    Thank you,

    Ramesh

  • In reply to rmk_2018:

    Hello Ramesh,

    and thank you for your answer! I'm not so sure what you mean with SSL VPN policy.

    What I have is a additional IPSEC Site2Site connection and the SSL VPN settings, wich are pretty much default I guess (please see screenshot).

    So my answer is no Smile 
    I have sent you a PM with the TSR.

  • In reply to ChristianD:

    Hello Christian,

     

    Yes it is a bug identified in SFOS MR4. So please continue using MR3 until we release a patch for MR4. Will keep you posted when that happens.

     

    Ramesh

  • In reply to rmk_2018:

    Hello Ramesh!

    I recently upgraded to MR4 because of another bug with the certificates ( link ). If I downgrade to MR3 I can't connect anymore.
    So that's a really unsatisfying situation Tongue Tied
    Do you know when the bug will be fixed? Our whole migration get's stuck because of this. I'm considering in using openvpn client...

  • In reply to ChristianD:

    Hello Christian,

     

    Sorry you ran into this problem. We will have a fix for it in SFOS early next week. 

     

    Ramesh

  • In reply to Big_Buck:

    Thank you for your answer, Paul Jr!
    Your idea can help in a small environment, but we need several things like AD, WSUS and so on. So editing the hosts file isn't an option.

  • In reply to rmk_2018:

    Hello Ramesh,

    that's good news - thank you!

  • In reply to Big_Buck:

    For a small number of clients, yes! Those are stationary clients in homeoffices. Although that's not the best example, perhaps Big Smile 
    Maybe we won't need this anymore after migration to Win10...

  • In reply to ChristianD:

    Hey  

    Apologies again for any inconvenience caused by this.

    This issue (NC-45246) is resolved in today's re-released MR4-1 version - [SF 17.5 MR4-1 (17.5.4.429)]

    Regards,

  • In reply to FloSupport:

    Thank you very much. I will be testing now and give you a feedback!

  • In reply to FloSupport:

    Sorry, but I cannot test it because of certificate error again Tongue Tied

    Remote certificate authentication is successful.

    Local certificate authentication isn't working
    Errors: no issuer certificate found / no trusted RSA public key found

    I tested with the applicance-cert (wich I imported manually on the client) and our domain-cert.
    I also generated a self-signed cert on the XG - again no luck.

  • In reply to ChristianD:

    Hello Christian,

     

    Any update on this please? Please check the Sophos Connect Client policy and make sure the policy is correct in terms of certificates. Then maybe export and reimport the policy on Sophos Connect.

     

    Ramesh

  • In reply to FloSupport:

    I'm good working on after update.