Sophos Connect auto connecting on 'remote' local lan

We started using Connect and like it so far. We have a number of office locations all connected via IPSEC VPN and they all talk perfectly for normal LAN traffic. 

When outside the LAN the Connect auto connect works great. And when we are on the main office LAN Connect sees we are on the LAN and doesnt connect. Perfect!

Main office 192.168.1.x (LAN)  50.x.x.x (WAN) 

 

The problem is when you are in another office ex: 192.168.5.x (LAN) auto connect doesn't think you are on the LAN and tries to start the tunnel. We set up the Auto Connect tunnel option in Connect admin to an accessible spot on 192.168.1.x and you can ping that resource perfectly from the remote offices, but Connect decides you are not on the LAN network and tries to connect via the VPN. 

The only thing i noticed was that when you are on the "home office" LAN the autoconnect resource takes <1 ms to ping. When you are at a remote office it takes 20-30 ms to ping

We have all employees regardless of remote office location connecting to the main office (thats where all the servers are)

 

Any ideas? 

  • Hi  

    It is obvious for the connection latency when traffic is sent directly as a part of LAN against the VPN connection.

    Would you check into the events to see if there is anything mentioned over there? That will give us some idea why Sophos connect does establish a VPN connection even when it can ping target host.

  • In reply to Jaydeep:

    Hi Jaydeep! 

    Which events are you talking about? I see there are numerous logs in the Connect folder

  • In reply to davepetrangelo:

    I am talking about the events before the connection is established. You should be able to track it by timestamp. Does it specify anything about not able to connect the target host?

  • In reply to Jaydeep:

    Im feeling silly here... Where do I find this info?? 

    Windows Event viewer? VPN Log in Connect ? One of the many logs in the connect folder? 

  • In reply to davepetrangelo:

    Apologies for not clarifying in detail. You should find enough details in Sophos Connect Client event viewer. However, if you don't find enough details there, you should click the About page on Sophos connect Client which contains a ‘Generate TSR’ button which is used to generate the following client log files: charon, sa_events, scvpn and SophosConnectGui_log”.

    At this point, it would be worth a Support case to identify the issue.

  • In reply to Jaydeep:

    I think I found it - there was an extra "-"  in the auto connect target name

    I also added set client DNS suffix to the Domain

    So far no issues - fingers crossed

  • In reply to Jaydeep:

    Thanks for the help Jaydeep

  • In reply to davepetrangelo:

    Hi  

    I'm glad that it worked out.